diff --git a/CHANGES b/CHANGES index a4350e8508..cc9a00d594 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,7 @@ +3725. [contrib] Updated zkt and nslint to newest versions, + cleaned up and rearranged the contrib + directory, and added a README. + --- 9.10.0a2 released --- 3724. [bug] win32: Fixed a bug that prevented dig and diff --git a/configure b/configure index 07f0f77f29..d33faf6127 100755 --- a/configure +++ b/configure @@ -20760,7 +20760,7 @@ ac_config_commands="$ac_config_commands chmod" # elsewhere if there's a good reason for doing so. # -ac_config_files="$ac_config_files make/Makefile make/mkdep Makefile bin/Makefile bin/check/Makefile bin/confgen/Makefile bin/confgen/unix/Makefile bin/dig/Makefile bin/dnssec/Makefile bin/named/Makefile bin/named/unix/Makefile bin/nsupdate/Makefile bin/pkcs11/Makefile bin/python/Makefile bin/python/dnssec-checkds.py bin/python/dnssec-coverage.py bin/rndc/Makefile bin/tests/Makefile bin/tests/atomic/Makefile bin/tests/db/Makefile bin/tests/dst/Makefile bin/tests/dst/Kdh.+002+18602.key bin/tests/dst/Kdh.+002+18602.private bin/tests/dst/Kdh.+002+48957.key bin/tests/dst/Kdh.+002+48957.private bin/tests/dst/Ktest.+001+00002.key bin/tests/dst/Ktest.+001+54622.key bin/tests/dst/Ktest.+001+54622.private bin/tests/dst/Ktest.+003+23616.key bin/tests/dst/Ktest.+003+23616.private bin/tests/dst/Ktest.+003+49667.key bin/tests/dst/dst_2_data bin/tests/dst/t2_data_1 bin/tests/dst/t2_data_2 bin/tests/dst/t2_dsasig bin/tests/dst/t2_rsasig bin/tests/hashes/Makefile bin/tests/headerdep_test.sh bin/tests/master/Makefile bin/tests/mem/Makefile bin/tests/names/Makefile bin/tests/net/Makefile bin/tests/pkcs11/Makefile bin/tests/pkcs11/benchmarks/Makefile bin/tests/rbt/Makefile bin/tests/resolver/Makefile bin/tests/sockaddr/Makefile bin/tests/system/Makefile bin/tests/system/conf.sh bin/tests/system/dlz/prereq.sh bin/tests/system/dlzexternal/Makefile bin/tests/system/dlzexternal/ns1/named.conf bin/tests/system/dlzredir/prereq.sh bin/tests/system/filter-aaaa/Makefile bin/tests/system/geoip/Makefile bin/tests/system/inline/checkdsa.sh bin/tests/system/lwresd/Makefile bin/tests/system/rpz/Makefile bin/tests/system/rsabigexponent/Makefile bin/tests/system/tkey/Makefile bin/tests/system/tsiggss/Makefile bin/tests/tasks/Makefile bin/tests/timers/Makefile bin/tests/virtual-time/Makefile bin/tests/virtual-time/conf.sh bin/tools/Makefile contrib/check-secure-delegation.pl contrib/zone-edit.sh doc/Makefile doc/arm/Makefile doc/doxygen/Doxyfile doc/doxygen/Makefile doc/doxygen/doxygen-input-filter doc/misc/Makefile doc/xsl/Makefile doc/xsl/isc-docbook-chunk.xsl doc/xsl/isc-docbook-html.xsl doc/xsl/isc-docbook-latex.xsl doc/xsl/isc-manpage.xsl isc-config.sh lib/Makefile lib/bind9/Makefile lib/bind9/include/Makefile lib/bind9/include/bind9/Makefile lib/dns/Makefile lib/dns/include/Makefile lib/dns/include/dns/Makefile lib/dns/include/dst/Makefile lib/dns/tests/Makefile lib/irs/Makefile lib/irs/include/Makefile lib/irs/include/irs/Makefile lib/irs/include/irs/netdb.h lib/irs/include/irs/platform.h lib/isc/$arch/Makefile lib/isc/$arch/include/Makefile lib/isc/$arch/include/isc/Makefile lib/isc/$thread_dir/Makefile lib/isc/$thread_dir/include/Makefile lib/isc/$thread_dir/include/isc/Makefile lib/isc/Makefile lib/isc/include/Makefile lib/isc/include/isc/Makefile lib/isc/include/isc/platform.h lib/isc/tests/Makefile lib/isc/nls/Makefile lib/isc/unix/Makefile lib/isc/unix/include/Makefile lib/isc/unix/include/isc/Makefile lib/isccc/Makefile lib/isccc/include/Makefile lib/isccc/include/isccc/Makefile lib/isccfg/Makefile lib/isccfg/include/Makefile lib/isccfg/include/isccfg/Makefile lib/iscpk11/Makefile lib/iscpk11/include/Makefile lib/iscpk11/include/iscpk11/Makefile lib/iscpk11/include/pkcs11/Makefile lib/iscpk11/unix/Makefile lib/iscpk11/unix/include/Makefile lib/iscpk11/unix/include/pkcs11/Makefile lib/lwres/Makefile lib/lwres/include/Makefile lib/lwres/include/lwres/Makefile lib/lwres/include/lwres/netdb.h lib/lwres/include/lwres/platform.h lib/lwres/man/Makefile lib/lwres/unix/Makefile lib/lwres/unix/include/Makefile lib/lwres/unix/include/lwres/Makefile lib/tests/Makefile lib/tests/include/Makefile lib/tests/include/tests/Makefile lib/samples/Makefile lib/samples/Makefile-postinstall unit/Makefile unit/unittest.sh" +ac_config_files="$ac_config_files make/Makefile make/mkdep Makefile bin/Makefile bin/check/Makefile bin/confgen/Makefile bin/confgen/unix/Makefile bin/dig/Makefile bin/dnssec/Makefile bin/named/Makefile bin/named/unix/Makefile bin/nsupdate/Makefile bin/pkcs11/Makefile bin/python/Makefile bin/python/dnssec-checkds.py bin/python/dnssec-coverage.py bin/rndc/Makefile bin/tests/Makefile bin/tests/atomic/Makefile bin/tests/db/Makefile bin/tests/dst/Makefile bin/tests/dst/Kdh.+002+18602.key bin/tests/dst/Kdh.+002+18602.private bin/tests/dst/Kdh.+002+48957.key bin/tests/dst/Kdh.+002+48957.private bin/tests/dst/Ktest.+001+00002.key bin/tests/dst/Ktest.+001+54622.key bin/tests/dst/Ktest.+001+54622.private bin/tests/dst/Ktest.+003+23616.key bin/tests/dst/Ktest.+003+23616.private bin/tests/dst/Ktest.+003+49667.key bin/tests/dst/dst_2_data bin/tests/dst/t2_data_1 bin/tests/dst/t2_data_2 bin/tests/dst/t2_dsasig bin/tests/dst/t2_rsasig bin/tests/hashes/Makefile bin/tests/headerdep_test.sh bin/tests/master/Makefile bin/tests/mem/Makefile bin/tests/names/Makefile bin/tests/net/Makefile bin/tests/pkcs11/Makefile bin/tests/pkcs11/benchmarks/Makefile bin/tests/rbt/Makefile bin/tests/resolver/Makefile bin/tests/sockaddr/Makefile bin/tests/system/Makefile bin/tests/system/conf.sh bin/tests/system/dlz/prereq.sh bin/tests/system/dlzexternal/Makefile bin/tests/system/dlzexternal/ns1/named.conf bin/tests/system/dlzredir/prereq.sh bin/tests/system/filter-aaaa/Makefile bin/tests/system/geoip/Makefile bin/tests/system/inline/checkdsa.sh bin/tests/system/lwresd/Makefile bin/tests/system/rpz/Makefile bin/tests/system/rsabigexponent/Makefile bin/tests/system/tkey/Makefile bin/tests/system/tsiggss/Makefile bin/tests/tasks/Makefile bin/tests/timers/Makefile bin/tests/virtual-time/Makefile bin/tests/virtual-time/conf.sh bin/tools/Makefile contrib/scripts/check-secure-delegation.pl contrib/scripts/zone-edit.sh doc/Makefile doc/arm/Makefile doc/doxygen/Doxyfile doc/doxygen/Makefile doc/doxygen/doxygen-input-filter doc/misc/Makefile doc/xsl/Makefile doc/xsl/isc-docbook-chunk.xsl doc/xsl/isc-docbook-html.xsl doc/xsl/isc-docbook-latex.xsl doc/xsl/isc-manpage.xsl isc-config.sh lib/Makefile lib/bind9/Makefile lib/bind9/include/Makefile lib/bind9/include/bind9/Makefile lib/dns/Makefile lib/dns/include/Makefile lib/dns/include/dns/Makefile lib/dns/include/dst/Makefile lib/dns/tests/Makefile lib/irs/Makefile lib/irs/include/Makefile lib/irs/include/irs/Makefile lib/irs/include/irs/netdb.h lib/irs/include/irs/platform.h lib/isc/$arch/Makefile lib/isc/$arch/include/Makefile lib/isc/$arch/include/isc/Makefile lib/isc/$thread_dir/Makefile lib/isc/$thread_dir/include/Makefile lib/isc/$thread_dir/include/isc/Makefile lib/isc/Makefile lib/isc/include/Makefile lib/isc/include/isc/Makefile lib/isc/include/isc/platform.h lib/isc/tests/Makefile lib/isc/nls/Makefile lib/isc/unix/Makefile lib/isc/unix/include/Makefile lib/isc/unix/include/isc/Makefile lib/isccc/Makefile lib/isccc/include/Makefile lib/isccc/include/isccc/Makefile lib/isccfg/Makefile lib/isccfg/include/Makefile lib/isccfg/include/isccfg/Makefile lib/iscpk11/Makefile lib/iscpk11/include/Makefile lib/iscpk11/include/iscpk11/Makefile lib/iscpk11/include/pkcs11/Makefile lib/iscpk11/unix/Makefile lib/iscpk11/unix/include/Makefile lib/iscpk11/unix/include/pkcs11/Makefile lib/lwres/Makefile lib/lwres/include/Makefile lib/lwres/include/lwres/Makefile lib/lwres/include/lwres/netdb.h lib/lwres/include/lwres/platform.h lib/lwres/man/Makefile lib/lwres/unix/Makefile lib/lwres/unix/include/Makefile lib/lwres/unix/include/lwres/Makefile lib/tests/Makefile lib/tests/include/Makefile lib/tests/include/tests/Makefile lib/samples/Makefile lib/samples/Makefile-postinstall unit/Makefile unit/unittest.sh" # @@ -21819,8 +21819,8 @@ do "bin/tests/virtual-time/Makefile") CONFIG_FILES="$CONFIG_FILES bin/tests/virtual-time/Makefile" ;; "bin/tests/virtual-time/conf.sh") CONFIG_FILES="$CONFIG_FILES bin/tests/virtual-time/conf.sh" ;; "bin/tools/Makefile") CONFIG_FILES="$CONFIG_FILES bin/tools/Makefile" ;; - "contrib/check-secure-delegation.pl") CONFIG_FILES="$CONFIG_FILES contrib/check-secure-delegation.pl" ;; - "contrib/zone-edit.sh") CONFIG_FILES="$CONFIG_FILES contrib/zone-edit.sh" ;; + "contrib/scripts/check-secure-delegation.pl") CONFIG_FILES="$CONFIG_FILES contrib/scripts/check-secure-delegation.pl" ;; + "contrib/scripts/zone-edit.sh") CONFIG_FILES="$CONFIG_FILES contrib/scripts/zone-edit.sh" ;; "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;; "doc/arm/Makefile") CONFIG_FILES="$CONFIG_FILES doc/arm/Makefile" ;; "doc/doxygen/Doxyfile") CONFIG_FILES="$CONFIG_FILES doc/doxygen/Doxyfile" ;; diff --git a/configure.in b/configure.in index ed69c6a8aa..3f878cbd17 100644 --- a/configure.in +++ b/configure.in @@ -4030,8 +4030,8 @@ AC_CONFIG_FILES([ bin/tests/virtual-time/Makefile bin/tests/virtual-time/conf.sh bin/tools/Makefile - contrib/check-secure-delegation.pl - contrib/zone-edit.sh + contrib/scripts/check-secure-delegation.pl + contrib/scripts/zone-edit.sh doc/Makefile doc/arm/Makefile doc/doxygen/Doxyfile diff --git a/contrib/README b/contrib/README new file mode 100644 index 0000000000..b6f1b3e21b --- /dev/null +++ b/contrib/README @@ -0,0 +1,53 @@ +This directory contains contributed scripts, tools, libraries, +and other useful additions to BIND 9. It includes: + + - scripts/ + + Assorted useful scripts, including 'nanny' which monitors + named and restarts it in the event of a crash, 'zone-edit' + which enables editing of a dynamic zone, and others + + - queryperf/ + + A DNS query performance testing tool + + - dane/ + + mkdane.sh generates TLSA records for use with DNS-based + Authentication of Named Entities (DANE) + + - dlz/modules + + Dynamically linkable DLZ modules that can be configured into + named at runtime, enabling access to external data sources including + LDAP, MySQL, Berkeley DB, perl scripts, etc + + - dlz/drivers + + Old-style DLZ drivers that can be linked into named at compile + time. (These are no longer actively maintained and are expected + to be deprecated eventually.) + + - sdb/ + + SDB drivers: another mechanism for accessing external data + sources + + - idn/ + + Contains source for 'idnkit', which provides support for + Internationalized Domain Name processing. + + - nslint-3.0a2 + + A lint-like tool for checking DNS files + + - query-loc-0.4.0 + + A tool for retrieving location information stored in the DNS + + - zkt-1.1.2 + + DNSSEC Zone Key Tools, an alternate method for managing keys + and signatures + diff --git a/contrib/linux/coredump-patch b/contrib/linux/coredump-patch deleted file mode 100644 index d1792901ad..0000000000 --- a/contrib/linux/coredump-patch +++ /dev/null @@ -1,12 +0,0 @@ ---- binfmt_elf.c.old Mon Dec 11 10:49:57 2000 -+++ binfmt_elf.c Wed Nov 1 13:05:23 2000 -@@ -1091,7 +1091,8 @@ - - if (!current->dumpable || - limit < ELF_EXEC_PAGESIZE || -- atomic_read(¤t->mm->count) != 1) -+/* atomic_read(¤t->mm->count) != 1) */ -+ test_and_set_bit(31, ¤t->mm->def_flags) != 0) - return 0; - current->dumpable = 0; - diff --git a/contrib/nslint-2.1a3/VERSION b/contrib/nslint-2.1a3/VERSION deleted file mode 100644 index 375279c6d6..0000000000 --- a/contrib/nslint-2.1a3/VERSION +++ /dev/null @@ -1 +0,0 @@ -2.1a3 diff --git a/contrib/nslint-2.1a3/config.guess b/contrib/nslint-2.1a3/config.guess deleted file mode 100644 index e9e44559f8..0000000000 --- a/contrib/nslint-2.1a3/config.guess +++ /dev/null @@ -1,693 +0,0 @@ -#! /bin/sh -# Attempt to guess a canonical system name. -# Copyright (C) 1992, 93, 94, 95, 1996 Free Software Foundation, Inc. -# -# This file is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -# -# As a special exception to the GNU General Public License, if you -# distribute this file as part of a program that contains a -# configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that program. - -# Written by Per Bothner . -# The master version of this file is at the FSF in /home/gd/gnu/lib. -# -# This script attempts to guess a canonical system name similar to -# config.sub. If it succeeds, it prints the system name on stdout, and -# exits with 0. Otherwise, it exits with 1. -# -# The plan is that this can be called by configure scripts if you -# don't specify an explicit system type (host/target name). -# -# Only a few systems have been added to this list; please add others -# (but try to keep the structure clean). -# - -# This is needed to find uname on a Pyramid OSx when run in the BSD universe. -# (ghazi@noc.rutgers.edu 8/24/94.) -if (test -f /.attbin/uname) >/dev/null 2>&1 ; then - PATH=$PATH:/.attbin ; export PATH -fi - -UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown -UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown -UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown -UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown - -trap 'rm -f dummy.c dummy.o dummy; exit 1' 1 2 15 - -# Note: order is significant - the case branches are not exclusive. - -case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in - alpha:OSF1:*:*) - # A Vn.n version is a released version. - # A Tn.n version is a released field test version. - # A Xn.n version is an unreleased experimental baselevel. - # 1.2 uses "1.2" for uname -r. - echo alpha-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//'` - exit 0 ;; - 21064:Windows_NT:50:3) - echo alpha-dec-winnt3.5 - exit 0 ;; - Amiga*:UNIX_System_V:4.0:*) - echo m68k-cbm-sysv4 - exit 0;; - amiga:NetBSD:*:*) - echo m68k-cbm-netbsd${UNAME_RELEASE} - exit 0 ;; - amiga:OpenBSD:*:*) - echo m68k-cbm-openbsd${UNAME_RELEASE} - exit 0 ;; - arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) - echo arm-acorn-riscix${UNAME_RELEASE} - exit 0;; - Pyramid*:OSx*:*:*|MIS*:OSx*:*:*) - # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. - if test "`(/bin/universe) 2>/dev/null`" = att ; then - echo pyramid-pyramid-sysv3 - else - echo pyramid-pyramid-bsd - fi - exit 0 ;; - NILE:*:*:dcosx) - echo pyramid-pyramid-svr4 - exit 0 ;; - sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) - echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit 0 ;; - i86pc:SunOS:5.*:*) - echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit 0 ;; - sun4*:SunOS:6*:*) - # According to config.sub, this is the proper way to canonicalize - # SunOS6. Hard to guess exactly what SunOS6 will be like, but - # it's likely to be more like Solaris than SunOS4. - echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit 0 ;; - sun4*:SunOS:*:*) - case "`/usr/bin/arch -k`" in - Series*|S4*) - UNAME_RELEASE=`uname -v` - ;; - esac - # Japanese Language versions have a version number like `4.1.3-JL'. - echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` - exit 0 ;; - sun3*:SunOS:*:*) - echo m68k-sun-sunos${UNAME_RELEASE} - exit 0 ;; - aushp:SunOS:*:*) - echo sparc-auspex-sunos${UNAME_RELEASE} - exit 0 ;; - atari*:NetBSD:*:*) - echo m68k-atari-netbsd${UNAME_RELEASE} - exit 0 ;; - atari*:OpenBSD:*:*) - echo m68k-atari-openbsd${UNAME_RELEASE} - exit 0 ;; - sun3*:NetBSD:*:*) - echo m68k-sun-netbsd${UNAME_RELEASE} - exit 0 ;; - sun3*:OpenBSD:*:*) - echo m68k-sun-openbsd${UNAME_RELEASE} - exit 0 ;; - mac68k:NetBSD:*:*) - echo m68k-apple-netbsd${UNAME_RELEASE} - exit 0 ;; - mac68k:OpenBSD:*:*) - echo m68k-apple-openbsd${UNAME_RELEASE} - exit 0 ;; - powerpc:machten:*:*) - echo powerpc-apple-machten${UNAME_RELEASE} - exit 0 ;; - RISC*:Mach:*:*) - echo mips-dec-mach_bsd4.3 - exit 0 ;; - RISC*:ULTRIX:*:*) - echo mips-dec-ultrix${UNAME_RELEASE} - exit 0 ;; - VAX*:ULTRIX*:*:*) - echo vax-dec-ultrix${UNAME_RELEASE} - exit 0 ;; - mips:*:*:UMIPS | mips:*:*:RISCos) - sed 's/^ //' << EOF >dummy.c - int main (argc, argv) int argc; char **argv; { - #if defined (host_mips) && defined (MIPSEB) - #if defined (SYSTYPE_SYSV) - printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); - #endif - #if defined (SYSTYPE_SVR4) - printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); - #endif - #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) - printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); - #endif - #endif - exit (-1); - } -EOF - ${CC-cc} dummy.c -o dummy \ - && ./dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \ - && rm dummy.c dummy && exit 0 - rm -f dummy.c dummy - echo mips-mips-riscos${UNAME_RELEASE} - exit 0 ;; - Night_Hawk:Power_UNIX:*:*) - echo powerpc-harris-powerunix - exit 0 ;; - m88k:CX/UX:7*:*) - echo m88k-harris-cxux7 - exit 0 ;; - m88k:*:4*:R4*) - echo m88k-motorola-sysv4 - exit 0 ;; - m88k:*:3*:R3*) - echo m88k-motorola-sysv3 - exit 0 ;; - AViiON:dgux:*:*) - # DG/UX returns AViiON for all architectures - UNAME_PROCESSOR=`/usr/bin/uname -p` - if [ $UNAME_PROCESSOR = mc88100 -o $UNAME_PROCESSOR = mc88110 ] ; then - if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx \ - -o ${TARGET_BINARY_INTERFACE}x = x ] ; then - echo m88k-dg-dgux${UNAME_RELEASE} - else - echo m88k-dg-dguxbcs${UNAME_RELEASE} - fi - else echo i586-dg-dgux${UNAME_RELEASE} - fi - exit 0 ;; - M88*:DolphinOS:*:*) # DolphinOS (SVR3) - echo m88k-dolphin-sysv3 - exit 0 ;; - M88*:*:R3*:*) - # Delta 88k system running SVR3 - echo m88k-motorola-sysv3 - exit 0 ;; - XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) - echo m88k-tektronix-sysv3 - exit 0 ;; - Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) - echo m68k-tektronix-bsd - exit 0 ;; - *:IRIX*:*:*) - echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` - exit 0 ;; - ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. - echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id - exit 0 ;; # Note that: echo "'`uname -s`'" gives 'AIX ' - i?86:AIX:*:*) - echo i386-ibm-aix - exit 0 ;; - *:AIX:2:3) - if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then - sed 's/^ //' << EOF >dummy.c - #include - - main() - { - if (!__power_pc()) - exit(1); - puts("powerpc-ibm-aix3.2.5"); - exit(0); - } -EOF - ${CC-cc} dummy.c -o dummy && ./dummy && rm dummy.c dummy && exit 0 - rm -f dummy.c dummy - echo rs6000-ibm-aix3.2.5 - elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then - echo rs6000-ibm-aix3.2.4 - else - echo rs6000-ibm-aix3.2 - fi - exit 0 ;; - *:AIX:*:4) - if /usr/sbin/lsattr -EHl proc0 | grep POWER >/dev/null 2>&1; then - IBM_ARCH=rs6000 - else - IBM_ARCH=powerpc - fi - if [ -x /usr/bin/oslevel ] ; then - IBM_REV=`/usr/bin/oslevel` - else - IBM_REV=4.${UNAME_RELEASE} - fi - echo ${IBM_ARCH}-ibm-aix${IBM_REV} - exit 0 ;; - *:AIX:*:*) - echo rs6000-ibm-aix - exit 0 ;; - ibmrt:4.4BSD:*|romp-ibm:BSD:*) - echo romp-ibm-bsd4.4 - exit 0 ;; - ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC NetBSD and - echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to - exit 0 ;; # report: romp-ibm BSD 4.3 - *:BOSX:*:*) - echo rs6000-bull-bosx - exit 0 ;; - DPX/2?00:B.O.S.:*:*) - echo m68k-bull-sysv3 - exit 0 ;; - 9000/[34]??:4.3bsd:1.*:*) - echo m68k-hp-bsd - exit 0 ;; - hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) - echo m68k-hp-bsd4.4 - exit 0 ;; - 9000/[3478]??:HP-UX:*:*) - case "${UNAME_MACHINE}" in - 9000/31? ) HP_ARCH=m68000 ;; - 9000/[34]?? ) HP_ARCH=m68k ;; - 9000/7?? | 9000/8?[1679] ) HP_ARCH=hppa1.1 ;; - 9000/8?? ) HP_ARCH=hppa1.0 ;; - esac - HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` - echo ${HP_ARCH}-hp-hpux${HPUX_REV} - exit 0 ;; - 3050*:HI-UX:*:*) - sed 's/^ //' << EOF >dummy.c - #include - int - main () - { - long cpu = sysconf (_SC_CPU_VERSION); - /* The order matters, because CPU_IS_HP_MC68K erroneously returns - true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct - results, however. */ - if (CPU_IS_PA_RISC (cpu)) - { - switch (cpu) - { - case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; - case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; - case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; - default: puts ("hppa-hitachi-hiuxwe2"); break; - } - } - else if (CPU_IS_HP_MC68K (cpu)) - puts ("m68k-hitachi-hiuxwe2"); - else puts ("unknown-hitachi-hiuxwe2"); - exit (0); - } -EOF - ${CC-cc} dummy.c -o dummy && ./dummy && rm dummy.c dummy && exit 0 - rm -f dummy.c dummy - echo unknown-hitachi-hiuxwe2 - exit 0 ;; - 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) - echo hppa1.1-hp-bsd - exit 0 ;; - 9000/8??:4.3bsd:*:*) - echo hppa1.0-hp-bsd - exit 0 ;; - hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) - echo hppa1.1-hp-osf - exit 0 ;; - hp8??:OSF1:*:*) - echo hppa1.0-hp-osf - exit 0 ;; - i?86:OSF1:*:*) - if [ -x /usr/sbin/sysversion ] ; then - echo ${UNAME_MACHINE}-unknown-osf1mk - else - echo ${UNAME_MACHINE}-unknown-osf1 - fi - exit 0 ;; - parisc*:Lites*:*:*) - echo hppa1.1-hp-lites - exit 0 ;; - C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) - echo c1-convex-bsd - exit 0 ;; - C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) - if getsysinfo -f scalar_acc - then echo c32-convex-bsd - else echo c2-convex-bsd - fi - exit 0 ;; - C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) - echo c34-convex-bsd - exit 0 ;; - C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) - echo c38-convex-bsd - exit 0 ;; - C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) - echo c4-convex-bsd - exit 0 ;; - CRAY*X-MP:*:*:*) - echo xmp-cray-unicos - exit 0 ;; - CRAY*Y-MP:*:*:*) - echo ymp-cray-unicos${UNAME_RELEASE} - exit 0 ;; - CRAY*[A-Z]90:*:*:*) - echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ - | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ - -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ - exit 0 ;; - CRAY*TS:*:*:*) - echo t90-cray-unicos${UNAME_RELEASE} - exit 0 ;; - CRAY-2:*:*:*) - echo cray2-cray-unicos - exit 0 ;; - F300:UNIX_System_V:*:*) - FUJITSU_SYS=`uname -p | tr [A-Z] [a-z] | sed -e 's/\///'` - FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` - echo "f300-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" - exit 0 ;; - F301:UNIX_System_V:*:*) - echo f301-fujitsu-uxpv`echo $UNAME_RELEASE | sed 's/ .*//'` - exit 0 ;; - hp3[0-9][05]:NetBSD:*:*) - echo m68k-hp-netbsd${UNAME_RELEASE} - exit 0 ;; - hp3[0-9][05]:OpenBSD:*:*) - echo m68k-hp-openbsd${UNAME_RELEASE} - exit 0 ;; - i?86:BSD/386:*:* | *:BSD/OS:*:*) - echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} - exit 0 ;; - *:FreeBSD:*:*) - echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` - exit 0 ;; - *:NetBSD:*:*) - echo ${UNAME_MACHINE}-unknown-netbsd`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` - exit 0 ;; - *:OpenBSD:*:*) - echo ${UNAME_MACHINE}-unknown-openbsd`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` - exit 0 ;; - i*:CYGWIN*:*) - echo i386-pc-cygwin32 - exit 0 ;; - p*:CYGWIN*:*) - echo powerpcle-unknown-cygwin32 - exit 0 ;; - prep*:SunOS:5.*:*) - echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit 0 ;; - *:GNU:*:*) - echo `echo ${UNAME_MACHINE}|sed -e 's,/.*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` - exit 0 ;; - *:Linux:*:*) - # The BFD linker knows what the default object file format is, so - # first see if it will tell us. - ld_help_string=`ld --help 2>&1` - if echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: elf_i.86"; then - echo "${UNAME_MACHINE}-pc-linux-gnu" ; exit 0 - elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: i.86linux"; then - echo "${UNAME_MACHINE}-pc-linux-gnuaout" ; exit 0 - elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: i.86coff"; then - echo "${UNAME_MACHINE}-pc-linux-gnucoff" ; exit 0 - elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: m68kelf"; then - echo "${UNAME_MACHINE}-unknown-linux-gnu" ; exit 0 - elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: m68klinux"; then - echo "${UNAME_MACHINE}-unknown-linux-gnuaout" ; exit 0 - elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: elf32ppc"; then - echo "powerpc-unknown-linux-gnu" ; exit 0 - elif test "${UNAME_MACHINE}" = "alpha" ; then - echo alpha-unknown-linux-gnu ; exit 0 - elif test "${UNAME_MACHINE}" = "sparc" ; then - echo sparc-unknown-linux-gnu ; exit 0 - else - # Either a pre-BFD a.out linker (linux-gnuoldld) or one that does not give us - # useful --help. Gcc wants to distinguish between linux-gnuoldld and linux-gnuaout. - test ! -d /usr/lib/ldscripts/. \ - && echo "${UNAME_MACHINE}-pc-linux-gnuoldld" && exit 0 - # Determine whether the default compiler is a.out or elf - cat >dummy.c </dev/null && ./dummy "${UNAME_MACHINE}" && rm dummy.c dummy && exit 0 - rm -f dummy.c dummy - fi ;; -# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. earlier versions -# are messed up and put the nodename in both sysname and nodename. - i?86:DYNIX/ptx:4*:*) - echo i386-sequent-sysv4 - exit 0 ;; - i?86:*:4.*:* | i?86:SYSTEM_V:4.*:*) - if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then - echo ${UNAME_MACHINE}-univel-sysv${UNAME_RELEASE} - else - echo ${UNAME_MACHINE}-pc-sysv${UNAME_RELEASE} - fi - exit 0 ;; - i?86:*:3.2:*) - if test -f /usr/options/cb.name; then - UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then - UNAME_REL=`(/bin/uname -X|egrep Release|sed -e 's/.*= //')` - (/bin/uname -X|egrep i80486 >/dev/null) && UNAME_MACHINE=i486 - (/bin/uname -X|egrep '^Machine.*Pentium' >/dev/null) \ - && UNAME_MACHINE=i586 - echo ${UNAME_MACHINE}-pc-sco$UNAME_REL - else - echo ${UNAME_MACHINE}-pc-sysv32 - fi - exit 0 ;; - Intel:Mach:3*:*) - echo i386-pc-mach3 - exit 0 ;; - paragon:*:*:*) - echo i860-intel-osf1 - exit 0 ;; - i860:*:4.*:*) # i860-SVR4 - if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then - echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 - else # Add other i860-SVR4 vendors below as they are discovered. - echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 - fi - exit 0 ;; - mini*:CTIX:SYS*5:*) - # "miniframe" - echo m68010-convergent-sysv - exit 0 ;; - M68*:*:R3V[567]*:*) - test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;; - 3[34]??:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 4850:*:4.0:3.0) - OS_REL='' - test -r /etc/.relid \ - && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` - /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ - && echo i486-ncr-sysv4.3${OS_REL} && exit 0 - /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ - && echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;; - 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) - /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ - && echo i486-ncr-sysv4 && exit 0 ;; - m68*:LynxOS:2.*:*) - echo m68k-unknown-lynxos${UNAME_RELEASE} - exit 0 ;; - mc68030:UNIX_System_V:4.*:*) - echo m68k-atari-sysv4 - exit 0 ;; - i?86:LynxOS:2.*:*) - echo i386-unknown-lynxos${UNAME_RELEASE} - exit 0 ;; - TSUNAMI:LynxOS:2.*:*) - echo sparc-unknown-lynxos${UNAME_RELEASE} - exit 0 ;; - rs6000:LynxOS:2.*:* | PowerPC:LynxOS:2.*:*) - echo rs6000-unknown-lynxos${UNAME_RELEASE} - exit 0 ;; - SM[BE]S:UNIX_SV:*:*) - echo mips-dde-sysv${UNAME_RELEASE} - exit 0 ;; - RM*:SINIX-*:*:*) - echo mips-sni-sysv4 - exit 0 ;; - *:SINIX-*:*:*) - if uname -p 2>/dev/null >/dev/null ; then - UNAME_MACHINE=`(uname -p) 2>/dev/null` - echo ${UNAME_MACHINE}-sni-sysv4 - else - echo ns32k-sni-sysv - fi - exit 0 ;; - *:UNIX_System_V:4*:FTX*) - # From Gerald Hewes . - # How about differentiating between stratus architectures? -djm - echo hppa1.1-stratus-sysv4 - exit 0 ;; - *:*:*:FTX*) - # From seanf@swdc.stratus.com. - echo i860-stratus-sysv4 - exit 0 ;; - mc68*:A/UX:*:*) - echo m68k-apple-aux${UNAME_RELEASE} - exit 0 ;; - R3000:*System_V*:*:* | R4000:UNIX_SYSV:*:*) - if [ -d /usr/nec ]; then - echo mips-nec-sysv${UNAME_RELEASE} - else - echo mips-unknown-sysv${UNAME_RELEASE} - fi - exit 0 ;; - PENTIUM:CPunix:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort - # says - echo i586-unisys-sysv4 - exit 0 ;; -esac - -#echo '(No uname command or uname output not recognized.)' 1>&2 -#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 - -cat >dummy.c < -# include -#endif -main () -{ -#if defined (sony) -#if defined (MIPSEB) - /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, - I don't know.... */ - printf ("mips-sony-bsd\n"); exit (0); -#else -#include - printf ("m68k-sony-newsos%s\n", -#ifdef NEWSOS4 - "4" -#else - "" -#endif - ); exit (0); -#endif -#endif - -#if defined (__arm) && defined (__acorn) && defined (__unix) - printf ("arm-acorn-riscix"); exit (0); -#endif - -#if defined (hp300) && !defined (hpux) - printf ("m68k-hp-bsd\n"); exit (0); -#endif - -#if defined (NeXT) -#if !defined (__ARCHITECTURE__) -#define __ARCHITECTURE__ "m68k" -#endif - int version; - version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; - printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); - exit (0); -#endif - -#if defined (MULTIMAX) || defined (n16) -#if defined (UMAXV) - printf ("ns32k-encore-sysv\n"); exit (0); -#else -#if defined (CMU) - printf ("ns32k-encore-mach\n"); exit (0); -#else - printf ("ns32k-encore-bsd\n"); exit (0); -#endif -#endif -#endif - -#if defined (__386BSD__) - printf ("i386-pc-bsd\n"); exit (0); -#endif - -#if defined (sequent) -#if defined (i386) - printf ("i386-sequent-dynix\n"); exit (0); -#endif -#if defined (ns32000) - printf ("ns32k-sequent-dynix\n"); exit (0); -#endif -#endif - -#if defined (_SEQUENT_) - struct utsname un; - - uname(&un); - - if (strncmp(un.version, "V2", 2) == 0) { - printf ("i386-sequent-ptx2\n"); exit (0); - } - if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ - printf ("i386-sequent-ptx1\n"); exit (0); - } - printf ("i386-sequent-ptx\n"); exit (0); - -#endif - -#if defined (vax) -#if !defined (ultrix) - printf ("vax-dec-bsd\n"); exit (0); -#else - printf ("vax-dec-ultrix\n"); exit (0); -#endif -#endif - -#if defined (alliant) && defined (i860) - printf ("i860-alliant-bsd\n"); exit (0); -#endif - - exit (1); -} -EOF - -${CC-cc} dummy.c -o dummy 2>/dev/null && ./dummy && rm dummy.c dummy && exit 0 -rm -f dummy.c dummy - -# Apollos put the system type in the environment. - -test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; } - -# Convex versions that predate uname can use getsysinfo(1) - -if [ -x /usr/convex/getsysinfo ] -then - case `getsysinfo -f cpu_type` in - c1*) - echo c1-convex-bsd - exit 0 ;; - c2*) - if getsysinfo -f scalar_acc - then echo c32-convex-bsd - else echo c2-convex-bsd - fi - exit 0 ;; - c34*) - echo c34-convex-bsd - exit 0 ;; - c38*) - echo c38-convex-bsd - exit 0 ;; - c4*) - echo c4-convex-bsd - exit 0 ;; - esac -fi - -#echo '(Unable to guess system type)' 1>&2 - -exit 1 diff --git a/contrib/nslint-2.1a3/configure b/contrib/nslint-2.1a3/configure deleted file mode 100644 index db5c53e8df..0000000000 --- a/contrib/nslint-2.1a3/configure +++ /dev/null @@ -1,1905 +0,0 @@ -#! /bin/sh - -# Guess values for system-dependent variables and create Makefiles. -# Generated automatically using autoconf version 2.13 -# Copyright (C) 1992, 93, 94, 95, 96 Free Software Foundation, Inc. -# -# This configure script is free software; the Free Software Foundation -# gives unlimited permission to copy, distribute and modify it. - -# Defaults: -ac_help= -ac_default_prefix=/usr/local -# Any additions from configure.in: -ac_help="$ac_help - --without-gcc don't use gcc" - -# Initialize some variables set by options. -# The variables have the same names as the options, with -# dashes changed to underlines. -build=NONE -cache_file=./config.cache -exec_prefix=NONE -host=NONE -no_create= -nonopt=NONE -no_recursion= -prefix=NONE -program_prefix=NONE -program_suffix=NONE -program_transform_name=s,x,x, -silent= -site= -srcdir= -target=NONE -verbose= -x_includes=NONE -x_libraries=NONE -bindir='${exec_prefix}/bin' -sbindir='${exec_prefix}/sbin' -libexecdir='${exec_prefix}/libexec' -datadir='${prefix}/share' -sysconfdir='${prefix}/etc' -sharedstatedir='${prefix}/com' -localstatedir='${prefix}/var' -libdir='${exec_prefix}/lib' -includedir='${prefix}/include' -oldincludedir='/usr/include' -infodir='${prefix}/info' -mandir='${prefix}/man' - -# Initialize some other variables. -subdirs= -MFLAGS= MAKEFLAGS= -SHELL=${CONFIG_SHELL-/bin/sh} -# Maximum number of lines to put in a shell here document. -ac_max_here_lines=12 - -ac_prev= -for ac_option -do - - # If the previous option needs an argument, assign it. - if test -n "$ac_prev"; then - eval "$ac_prev=\$ac_option" - ac_prev= - continue - fi - - case "$ac_option" in - -*=*) ac_optarg=`echo "$ac_option" | sed 's/[-_a-zA-Z0-9]*=//'` ;; - *) ac_optarg= ;; - esac - - # Accept the important Cygnus configure options, so we can diagnose typos. - - case "$ac_option" in - - -bindir | --bindir | --bindi | --bind | --bin | --bi) - ac_prev=bindir ;; - -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) - bindir="$ac_optarg" ;; - - -build | --build | --buil | --bui | --bu) - ac_prev=build ;; - -build=* | --build=* | --buil=* | --bui=* | --bu=*) - build="$ac_optarg" ;; - - -cache-file | --cache-file | --cache-fil | --cache-fi \ - | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) - ac_prev=cache_file ;; - -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ - | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) - cache_file="$ac_optarg" ;; - - -datadir | --datadir | --datadi | --datad | --data | --dat | --da) - ac_prev=datadir ;; - -datadir=* | --datadir=* | --datadi=* | --datad=* | --data=* | --dat=* \ - | --da=*) - datadir="$ac_optarg" ;; - - -disable-* | --disable-*) - ac_feature=`echo $ac_option|sed -e 's/-*disable-//'` - # Reject names that are not valid shell variable names. - if test -n "`echo $ac_feature| sed 's/[-a-zA-Z0-9_]//g'`"; then - { echo "configure: error: $ac_feature: invalid feature name" 1>&2; exit 1; } - fi - ac_feature=`echo $ac_feature| sed 's/-/_/g'` - eval "enable_${ac_feature}=no" ;; - - -enable-* | --enable-*) - ac_feature=`echo $ac_option|sed -e 's/-*enable-//' -e 's/=.*//'` - # Reject names that are not valid shell variable names. - if test -n "`echo $ac_feature| sed 's/[-_a-zA-Z0-9]//g'`"; then - { echo "configure: error: $ac_feature: invalid feature name" 1>&2; exit 1; } - fi - ac_feature=`echo $ac_feature| sed 's/-/_/g'` - case "$ac_option" in - *=*) ;; - *) ac_optarg=yes ;; - esac - eval "enable_${ac_feature}='$ac_optarg'" ;; - - -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ - | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ - | --exec | --exe | --ex) - ac_prev=exec_prefix ;; - -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ - | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ - | --exec=* | --exe=* | --ex=*) - exec_prefix="$ac_optarg" ;; - - -gas | --gas | --ga | --g) - # Obsolete; use --with-gas. - with_gas=yes ;; - - -help | --help | --hel | --he) - # Omit some internal or obsolete options to make the list less imposing. - # This message is too long to be a string in the A/UX 3.1 sh. - cat << EOF -Usage: configure [options] [host] -Options: [defaults in brackets after descriptions] -Configuration: - --cache-file=FILE cache test results in FILE - --help print this message - --no-create do not create output files - --quiet, --silent do not print \`checking...' messages - --version print the version of autoconf that created configure -Directory and file names: - --prefix=PREFIX install architecture-independent files in PREFIX - [$ac_default_prefix] - --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX - [same as prefix] - --bindir=DIR user executables in DIR [EPREFIX/bin] - --sbindir=DIR system admin executables in DIR [EPREFIX/sbin] - --libexecdir=DIR program executables in DIR [EPREFIX/libexec] - --datadir=DIR read-only architecture-independent data in DIR - [PREFIX/share] - --sysconfdir=DIR read-only single-machine data in DIR [PREFIX/etc] - --sharedstatedir=DIR modifiable architecture-independent data in DIR - [PREFIX/com] - --localstatedir=DIR modifiable single-machine data in DIR [PREFIX/var] - --libdir=DIR object code libraries in DIR [EPREFIX/lib] - --includedir=DIR C header files in DIR [PREFIX/include] - --oldincludedir=DIR C header files for non-gcc in DIR [/usr/include] - --infodir=DIR info documentation in DIR [PREFIX/info] - --mandir=DIR man documentation in DIR [PREFIX/man] - --srcdir=DIR find the sources in DIR [configure dir or ..] - --program-prefix=PREFIX prepend PREFIX to installed program names - --program-suffix=SUFFIX append SUFFIX to installed program names - --program-transform-name=PROGRAM - run sed PROGRAM on installed program names -EOF - cat << EOF -Host type: - --build=BUILD configure for building on BUILD [BUILD=HOST] - --host=HOST configure for HOST [guessed] - --target=TARGET configure for TARGET [TARGET=HOST] -Features and packages: - --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) - --enable-FEATURE[=ARG] include FEATURE [ARG=yes] - --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] - --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) - --x-includes=DIR X include files are in DIR - --x-libraries=DIR X library files are in DIR -EOF - if test -n "$ac_help"; then - echo "--enable and --with options recognized:$ac_help" - fi - exit 0 ;; - - -host | --host | --hos | --ho) - ac_prev=host ;; - -host=* | --host=* | --hos=* | --ho=*) - host="$ac_optarg" ;; - - -includedir | --includedir | --includedi | --included | --include \ - | --includ | --inclu | --incl | --inc) - ac_prev=includedir ;; - -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ - | --includ=* | --inclu=* | --incl=* | --inc=*) - includedir="$ac_optarg" ;; - - -infodir | --infodir | --infodi | --infod | --info | --inf) - ac_prev=infodir ;; - -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) - infodir="$ac_optarg" ;; - - -libdir | --libdir | --libdi | --libd) - ac_prev=libdir ;; - -libdir=* | --libdir=* | --libdi=* | --libd=*) - libdir="$ac_optarg" ;; - - -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ - | --libexe | --libex | --libe) - ac_prev=libexecdir ;; - -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ - | --libexe=* | --libex=* | --libe=*) - libexecdir="$ac_optarg" ;; - - -localstatedir | --localstatedir | --localstatedi | --localstated \ - | --localstate | --localstat | --localsta | --localst \ - | --locals | --local | --loca | --loc | --lo) - ac_prev=localstatedir ;; - -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ - | --localstate=* | --localstat=* | --localsta=* | --localst=* \ - | --locals=* | --local=* | --loca=* | --loc=* | --lo=*) - localstatedir="$ac_optarg" ;; - - -mandir | --mandir | --mandi | --mand | --man | --ma | --m) - ac_prev=mandir ;; - -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) - mandir="$ac_optarg" ;; - - -nfp | --nfp | --nf) - # Obsolete; use --without-fp. - with_fp=no ;; - - -no-create | --no-create | --no-creat | --no-crea | --no-cre \ - | --no-cr | --no-c) - no_create=yes ;; - - -no-recursion | --no-recursion | --no-recursio | --no-recursi \ - | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) - no_recursion=yes ;; - - -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ - | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ - | --oldin | --oldi | --old | --ol | --o) - ac_prev=oldincludedir ;; - -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ - | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ - | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) - oldincludedir="$ac_optarg" ;; - - -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) - ac_prev=prefix ;; - -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) - prefix="$ac_optarg" ;; - - -program-prefix | --program-prefix | --program-prefi | --program-pref \ - | --program-pre | --program-pr | --program-p) - ac_prev=program_prefix ;; - -program-prefix=* | --program-prefix=* | --program-prefi=* \ - | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) - program_prefix="$ac_optarg" ;; - - -program-suffix | --program-suffix | --program-suffi | --program-suff \ - | --program-suf | --program-su | --program-s) - ac_prev=program_suffix ;; - -program-suffix=* | --program-suffix=* | --program-suffi=* \ - | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) - program_suffix="$ac_optarg" ;; - - -program-transform-name | --program-transform-name \ - | --program-transform-nam | --program-transform-na \ - | --program-transform-n | --program-transform- \ - | --program-transform | --program-transfor \ - | --program-transfo | --program-transf \ - | --program-trans | --program-tran \ - | --progr-tra | --program-tr | --program-t) - ac_prev=program_transform_name ;; - -program-transform-name=* | --program-transform-name=* \ - | --program-transform-nam=* | --program-transform-na=* \ - | --program-transform-n=* | --program-transform-=* \ - | --program-transform=* | --program-transfor=* \ - | --program-transfo=* | --program-transf=* \ - | --program-trans=* | --program-tran=* \ - | --progr-tra=* | --program-tr=* | --program-t=*) - program_transform_name="$ac_optarg" ;; - - -q | -quiet | --quiet | --quie | --qui | --qu | --q \ - | -silent | --silent | --silen | --sile | --sil) - silent=yes ;; - - -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) - ac_prev=sbindir ;; - -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ - | --sbi=* | --sb=*) - sbindir="$ac_optarg" ;; - - -sharedstatedir | --sharedstatedir | --sharedstatedi \ - | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ - | --sharedst | --shareds | --shared | --share | --shar \ - | --sha | --sh) - ac_prev=sharedstatedir ;; - -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ - | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ - | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ - | --sha=* | --sh=*) - sharedstatedir="$ac_optarg" ;; - - -site | --site | --sit) - ac_prev=site ;; - -site=* | --site=* | --sit=*) - site="$ac_optarg" ;; - - -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) - ac_prev=srcdir ;; - -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) - srcdir="$ac_optarg" ;; - - -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ - | --syscon | --sysco | --sysc | --sys | --sy) - ac_prev=sysconfdir ;; - -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ - | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) - sysconfdir="$ac_optarg" ;; - - -target | --target | --targe | --targ | --tar | --ta | --t) - ac_prev=target ;; - -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) - target="$ac_optarg" ;; - - -v | -verbose | --verbose | --verbos | --verbo | --verb) - verbose=yes ;; - - -version | --version | --versio | --versi | --vers) - echo "configure generated by autoconf version 2.13" - exit 0 ;; - - -with-* | --with-*) - ac_package=`echo $ac_option|sed -e 's/-*with-//' -e 's/=.*//'` - # Reject names that are not valid shell variable names. - if test -n "`echo $ac_package| sed 's/[-_a-zA-Z0-9]//g'`"; then - { echo "configure: error: $ac_package: invalid package name" 1>&2; exit 1; } - fi - ac_package=`echo $ac_package| sed 's/-/_/g'` - case "$ac_option" in - *=*) ;; - *) ac_optarg=yes ;; - esac - eval "with_${ac_package}='$ac_optarg'" ;; - - -without-* | --without-*) - ac_package=`echo $ac_option|sed -e 's/-*without-//'` - # Reject names that are not valid shell variable names. - if test -n "`echo $ac_package| sed 's/[-a-zA-Z0-9_]//g'`"; then - { echo "configure: error: $ac_package: invalid package name" 1>&2; exit 1; } - fi - ac_package=`echo $ac_package| sed 's/-/_/g'` - eval "with_${ac_package}=no" ;; - - --x) - # Obsolete; use --with-x. - with_x=yes ;; - - -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ - | --x-incl | --x-inc | --x-in | --x-i) - ac_prev=x_includes ;; - -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ - | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) - x_includes="$ac_optarg" ;; - - -x-libraries | --x-libraries | --x-librarie | --x-librari \ - | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) - ac_prev=x_libraries ;; - -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ - | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) - x_libraries="$ac_optarg" ;; - - -*) { echo "configure: error: $ac_option: invalid option; use --help to show usage" 1>&2; exit 1; } - ;; - - *) - if test -n "`echo $ac_option| sed 's/[-a-z0-9.]//g'`"; then - echo "configure: warning: $ac_option: invalid host type" 1>&2 - fi - if test "x$nonopt" != xNONE; then - { echo "configure: error: can only configure for one host and one target at a time" 1>&2; exit 1; } - fi - nonopt="$ac_option" - ;; - - esac -done - -if test -n "$ac_prev"; then - { echo "configure: error: missing argument to --`echo $ac_prev | sed 's/_/-/g'`" 1>&2; exit 1; } -fi - -trap 'rm -fr conftest* confdefs* core core.* *.core $ac_clean_files; exit 1' 1 2 15 - -# File descriptor usage: -# 0 standard input -# 1 file creation -# 2 errors and warnings -# 3 some systems may open it to /dev/tty -# 4 used on the Kubota Titan -# 6 checking for... messages and results -# 5 compiler messages saved in config.log -if test "$silent" = yes; then - exec 6>/dev/null -else - exec 6>&1 -fi -exec 5>./config.log - -echo "\ -This file contains any messages produced by compilers while -running configure, to aid debugging if configure makes a mistake. -" 1>&5 - -# Strip out --no-create and --no-recursion so they do not pile up. -# Also quote any args containing shell metacharacters. -ac_configure_args= -for ac_arg -do - case "$ac_arg" in - -no-create | --no-create | --no-creat | --no-crea | --no-cre \ - | --no-cr | --no-c) ;; - -no-recursion | --no-recursion | --no-recursio | --no-recursi \ - | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) ;; - *" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?]*) - ac_configure_args="$ac_configure_args '$ac_arg'" ;; - *) ac_configure_args="$ac_configure_args $ac_arg" ;; - esac -done - -# NLS nuisances. -# Only set these to C if already set. These must not be set unconditionally -# because not all systems understand e.g. LANG=C (notably SCO). -# Fixing LC_MESSAGES prevents Solaris sh from translating var values in `set'! -# Non-C LC_CTYPE values break the ctype check. -if test "${LANG+set}" = set; then LANG=C; export LANG; fi -if test "${LC_ALL+set}" = set; then LC_ALL=C; export LC_ALL; fi -if test "${LC_MESSAGES+set}" = set; then LC_MESSAGES=C; export LC_MESSAGES; fi -if test "${LC_CTYPE+set}" = set; then LC_CTYPE=C; export LC_CTYPE; fi - -# confdefs.h avoids OS command line length limits that DEFS can exceed. -rm -rf conftest* confdefs.h -# AIX cpp loses on an empty file, so make sure it contains at least a newline. -echo > confdefs.h - -# A filename unique to this package, relative to the directory that -# configure is in, which we can look for to find out if srcdir is correct. -ac_unique_file=nslint.c - -# Find the source files, if location was not specified. -if test -z "$srcdir"; then - ac_srcdir_defaulted=yes - # Try the directory containing this script, then its parent. - ac_prog=$0 - ac_confdir=`echo $ac_prog|sed 's%/[^/][^/]*$%%'` - test "x$ac_confdir" = "x$ac_prog" && ac_confdir=. - srcdir=$ac_confdir - if test ! -r $srcdir/$ac_unique_file; then - srcdir=.. - fi -else - ac_srcdir_defaulted=no -fi -if test ! -r $srcdir/$ac_unique_file; then - if test "$ac_srcdir_defaulted" = yes; then - { echo "configure: error: can not find sources in $ac_confdir or .." 1>&2; exit 1; } - else - { echo "configure: error: can not find sources in $srcdir" 1>&2; exit 1; } - fi -fi -srcdir=`echo "${srcdir}" | sed 's%\([^/]\)/*$%\1%'` - -# Prefer explicitly selected file to automatically selected ones. -if test -z "$CONFIG_SITE"; then - if test "x$prefix" != xNONE; then - CONFIG_SITE="$prefix/share/config.site $prefix/etc/config.site" - else - CONFIG_SITE="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site" - fi -fi -for ac_site_file in $CONFIG_SITE; do - if test -r "$ac_site_file"; then - echo "loading site script $ac_site_file" - . "$ac_site_file" - fi -done - -if test -r "$cache_file"; then - echo "loading cache $cache_file" - . $cache_file -else - echo "creating cache $cache_file" - > $cache_file -fi - -ac_ext=c -# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. -ac_cpp='$CPP $CPPFLAGS' -ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' -ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' -cross_compiling=$ac_cv_prog_cc_cross - -ac_exeext= -ac_objext=o -if (echo "testing\c"; echo 1,2,3) | grep c >/dev/null; then - # Stardent Vistra SVR4 grep lacks -e, says ghazi@caip.rutgers.edu. - if (echo -n testing; echo 1,2,3) | sed s/-n/xn/ | grep xn >/dev/null; then - ac_n= ac_c=' -' ac_t=' ' - else - ac_n=-n ac_c= ac_t= - fi -else - ac_n= ac_c='\c' ac_t= -fi - - - -ac_aux_dir= -for ac_dir in $srcdir $srcdir/.. $srcdir/../..; do - if test -f $ac_dir/install-sh; then - ac_aux_dir=$ac_dir - ac_install_sh="$ac_aux_dir/install-sh -c" - break - elif test -f $ac_dir/install.sh; then - ac_aux_dir=$ac_dir - ac_install_sh="$ac_aux_dir/install.sh -c" - break - fi -done -if test -z "$ac_aux_dir"; then - { echo "configure: error: can not find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." 1>&2; exit 1; } -fi -ac_config_guess=$ac_aux_dir/config.guess -ac_config_sub=$ac_aux_dir/config.sub -ac_configure=$ac_aux_dir/configure # This should be Cygnus configure. - - -# Do some error checking and defaulting for the host and target type. -# The inputs are: -# configure --host=HOST --target=TARGET --build=BUILD NONOPT -# -# The rules are: -# 1. You are not allowed to specify --host, --target, and nonopt at the -# same time. -# 2. Host defaults to nonopt. -# 3. If nonopt is not specified, then host defaults to the current host, -# as determined by config.guess. -# 4. Target and build default to nonopt. -# 5. If nonopt is not specified, then target and build default to host. - -# The aliases save the names the user supplied, while $host etc. -# will get canonicalized. -case $host---$target---$nonopt in -NONE---*---* | *---NONE---* | *---*---NONE) ;; -*) { echo "configure: error: can only configure for one host and one target at a time" 1>&2; exit 1; } ;; -esac - - -# Make sure we can run config.sub. -if ${CONFIG_SHELL-/bin/sh} $ac_config_sub sun4 >/dev/null 2>&1; then : -else { echo "configure: error: can not run $ac_config_sub" 1>&2; exit 1; } -fi - -echo $ac_n "checking host system type""... $ac_c" 1>&6 -echo "configure:575: checking host system type" >&5 - -host_alias=$host -case "$host_alias" in -NONE) - case $nonopt in - NONE) - if host_alias=`${CONFIG_SHELL-/bin/sh} $ac_config_guess`; then : - else { echo "configure: error: can not guess host type; you must specify one" 1>&2; exit 1; } - fi ;; - *) host_alias=$nonopt ;; - esac ;; -esac - -host=`${CONFIG_SHELL-/bin/sh} $ac_config_sub $host_alias` -host_cpu=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` -host_vendor=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` -host_os=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` -echo "$ac_t""$host" 1>&6 - -echo $ac_n "checking target system type""... $ac_c" 1>&6 -echo "configure:596: checking target system type" >&5 - -target_alias=$target -case "$target_alias" in -NONE) - case $nonopt in - NONE) target_alias=$host_alias ;; - *) target_alias=$nonopt ;; - esac ;; -esac - -target=`${CONFIG_SHELL-/bin/sh} $ac_config_sub $target_alias` -target_cpu=`echo $target | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` -target_vendor=`echo $target | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` -target_os=`echo $target | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` -echo "$ac_t""$target" 1>&6 - -echo $ac_n "checking build system type""... $ac_c" 1>&6 -echo "configure:614: checking build system type" >&5 - -build_alias=$build -case "$build_alias" in -NONE) - case $nonopt in - NONE) build_alias=$host_alias ;; - *) build_alias=$nonopt ;; - esac ;; -esac - -build=`${CONFIG_SHELL-/bin/sh} $ac_config_sub $build_alias` -build_cpu=`echo $build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` -build_vendor=`echo $build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` -build_os=`echo $build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` -echo "$ac_t""$build" 1>&6 - -test "$host_alias" != "$target_alias" && - test "$program_prefix$program_suffix$program_transform_name" = \ - NONENONEs,x,x, && - program_prefix=${target_alias}- - - -umask 002 - -if test -z "$PWD" ; then - PWD=`pwd` -fi - - - - - - # Check whether --with-gcc or --without-gcc was given. -if test "${with_gcc+set}" = set; then - withval="$with_gcc" - : -fi - - V_CCOPT="-O" - V_INCLS="" - if test "${srcdir}" != "." ; then - V_INCLS="-I\$\(srcdir\)" - fi - if test "${CFLAGS+set}" = set; then - LBL_CFLAGS="$CFLAGS" - fi - if test -z "$CC" ; then - case "$target_os" in - - bsdi*) - # Extract the first word of "shlicc2", so it can be a program name with args. -set dummy shlicc2; ac_word=$2 -echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:668: checking for $ac_word" >&5 -if eval "test \"`echo '$''{'ac_cv_prog_SHLICC2'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - if test -n "$SHLICC2"; then - ac_cv_prog_SHLICC2="$SHLICC2" # Let the user override the test. -else - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" - ac_dummy="$PATH" - for ac_dir in $ac_dummy; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_prog_SHLICC2="yes" - break - fi - done - IFS="$ac_save_ifs" - test -z "$ac_cv_prog_SHLICC2" && ac_cv_prog_SHLICC2="no" -fi -fi -SHLICC2="$ac_cv_prog_SHLICC2" -if test -n "$SHLICC2"; then - echo "$ac_t""$SHLICC2" 1>&6 -else - echo "$ac_t""no" 1>&6 -fi - - if test $SHLICC2 = yes ; then - CC=shlicc2 - export CC - fi - ;; - esac - fi - if test -z "$CC" -a "$with_gcc" = no ; then - CC=cc - export CC - fi - # Extract the first word of "gcc", so it can be a program name with args. -set dummy gcc; ac_word=$2 -echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:709: checking for $ac_word" >&5 -if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. -else - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" - ac_dummy="$PATH" - for ac_dir in $ac_dummy; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_prog_CC="gcc" - break - fi - done - IFS="$ac_save_ifs" -fi -fi -CC="$ac_cv_prog_CC" -if test -n "$CC"; then - echo "$ac_t""$CC" 1>&6 -else - echo "$ac_t""no" 1>&6 -fi - -if test -z "$CC"; then - # Extract the first word of "cc", so it can be a program name with args. -set dummy cc; ac_word=$2 -echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:739: checking for $ac_word" >&5 -if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. -else - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" - ac_prog_rejected=no - ac_dummy="$PATH" - for ac_dir in $ac_dummy; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - if test "$ac_dir/$ac_word" = "/usr/ucb/cc"; then - ac_prog_rejected=yes - continue - fi - ac_cv_prog_CC="cc" - break - fi - done - IFS="$ac_save_ifs" -if test $ac_prog_rejected = yes; then - # We found a bogon in the path, so make sure we never use it. - set dummy $ac_cv_prog_CC - shift - if test $# -gt 0; then - # We chose a different compiler from the bogus one. - # However, it has the same basename, so the bogon will be chosen - # first if we set CC to just the basename; use the full file name. - shift - set dummy "$ac_dir/$ac_word" "$@" - shift - ac_cv_prog_CC="$@" - fi -fi -fi -fi -CC="$ac_cv_prog_CC" -if test -n "$CC"; then - echo "$ac_t""$CC" 1>&6 -else - echo "$ac_t""no" 1>&6 -fi - - if test -z "$CC"; then - case "`uname -s`" in - *win32* | *WIN32*) - # Extract the first word of "cl", so it can be a program name with args. -set dummy cl; ac_word=$2 -echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:790: checking for $ac_word" >&5 -if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. -else - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" - ac_dummy="$PATH" - for ac_dir in $ac_dummy; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_prog_CC="cl" - break - fi - done - IFS="$ac_save_ifs" -fi -fi -CC="$ac_cv_prog_CC" -if test -n "$CC"; then - echo "$ac_t""$CC" 1>&6 -else - echo "$ac_t""no" 1>&6 -fi - ;; - esac - fi - test -z "$CC" && { echo "configure: error: no acceptable cc found in \$PATH" 1>&2; exit 1; } -fi - -echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works""... $ac_c" 1>&6 -echo "configure:822: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5 - -ac_ext=c -# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. -ac_cpp='$CPP $CPPFLAGS' -ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' -ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' -cross_compiling=$ac_cv_prog_cc_cross - -cat > conftest.$ac_ext << EOF - -#line 833 "configure" -#include "confdefs.h" - -main(){return(0);} -EOF -if { (eval echo configure:838: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - ac_cv_prog_cc_works=yes - # If we can't run a trivial program, we are probably using a cross compiler. - if (./conftest; exit) 2>/dev/null; then - ac_cv_prog_cc_cross=no - else - ac_cv_prog_cc_cross=yes - fi -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - ac_cv_prog_cc_works=no -fi -rm -fr conftest* -ac_ext=c -# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. -ac_cpp='$CPP $CPPFLAGS' -ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' -ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' -cross_compiling=$ac_cv_prog_cc_cross - -echo "$ac_t""$ac_cv_prog_cc_works" 1>&6 -if test $ac_cv_prog_cc_works = no; then - { echo "configure: error: installation or configuration problem: C compiler cannot create executables." 1>&2; exit 1; } -fi -echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler""... $ac_c" 1>&6 -echo "configure:864: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5 -echo "$ac_t""$ac_cv_prog_cc_cross" 1>&6 -cross_compiling=$ac_cv_prog_cc_cross - -echo $ac_n "checking whether we are using GNU C""... $ac_c" 1>&6 -echo "configure:869: checking whether we are using GNU C" >&5 -if eval "test \"`echo '$''{'ac_cv_prog_gcc'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.c <&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then - ac_cv_prog_gcc=yes -else - ac_cv_prog_gcc=no -fi -fi - -echo "$ac_t""$ac_cv_prog_gcc" 1>&6 - -if test $ac_cv_prog_gcc = yes; then - GCC=yes -else - GCC= -fi - -ac_test_CFLAGS="${CFLAGS+set}" -ac_save_CFLAGS="$CFLAGS" -CFLAGS= -echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6 -echo "configure:897: checking whether ${CC-cc} accepts -g" >&5 -if eval "test \"`echo '$''{'ac_cv_prog_cc_g'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - echo 'void f(){}' > conftest.c -if test -z "`${CC-cc} -g -c conftest.c 2>&1`"; then - ac_cv_prog_cc_g=yes -else - ac_cv_prog_cc_g=no -fi -rm -f conftest* - -fi - -echo "$ac_t""$ac_cv_prog_cc_g" 1>&6 -if test "$ac_test_CFLAGS" = set; then - CFLAGS="$ac_save_CFLAGS" -elif test $ac_cv_prog_cc_g = yes; then - if test "$GCC" = yes; then - CFLAGS="-g -O2" - else - CFLAGS="-g" - fi -else - if test "$GCC" = yes; then - CFLAGS="-O2" - else - CFLAGS= - fi -fi - - if test "$GCC" != yes ; then - echo $ac_n "checking that $CC handles ansi prototypes""... $ac_c" 1>&6 -echo "configure:930: checking that $CC handles ansi prototypes" >&5 - if eval "test \"`echo '$''{'ac_cv_lbl_cc_ansi_prototypes'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext < -int main() { -int frob(int, char *) -; return 0; } -EOF -if { (eval echo configure:942: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then - rm -rf conftest* - ac_cv_lbl_cc_ansi_prototypes=yes -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - ac_cv_lbl_cc_ansi_prototypes=no -fi -rm -f conftest* -fi - - echo "$ac_t""$ac_cv_lbl_cc_ansi_prototypes" 1>&6 - if test $ac_cv_lbl_cc_ansi_prototypes = no ; then - case "$target_os" in - - hpux*) - echo $ac_n "checking for HP-UX ansi compiler ($CC -Aa -D_HPUX_SOURCE)""... $ac_c" 1>&6 -echo "configure:960: checking for HP-UX ansi compiler ($CC -Aa -D_HPUX_SOURCE)" >&5 - savedcflags="$CFLAGS" - CFLAGS="-Aa -D_HPUX_SOURCE $CFLAGS" - if eval "test \"`echo '$''{'ac_cv_lbl_cc_hpux_cc_aa'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext < -int main() { -int frob(int, char *) -; return 0; } -EOF -if { (eval echo configure:974: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then - rm -rf conftest* - ac_cv_lbl_cc_hpux_cc_aa=yes -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - ac_cv_lbl_cc_hpux_cc_aa=no -fi -rm -f conftest* -fi - - echo "$ac_t""$ac_cv_lbl_cc_hpux_cc_aa" 1>&6 - if test $ac_cv_lbl_cc_hpux_cc_aa = no ; then - { echo "configure: error: see the INSTALL doc for more info" 1>&2; exit 1; } - fi - CFLAGS="$savedcflags" - V_CCOPT="-Aa $V_CCOPT" - cat >> confdefs.h <<\EOF -#define _HPUX_SOURCE 1 -EOF - - ;; - - *) - { echo "configure: error: see the INSTALL doc for more info" 1>&2; exit 1; } - ;; - esac - fi - V_INCLS="$V_INCLS -I/usr/local/include" - LDFLAGS="$LDFLAGS -L/usr/local/lib" - - case "$target_os" in - - irix*) - V_CCOPT="$V_CCOPT -xansi -signed -g3" - ;; - - osf*) - V_CCOPT="$V_CCOPT -std1 -g3" - ;; - - ultrix*) - echo $ac_n "checking that Ultrix $CC hacks const in prototypes""... $ac_c" 1>&6 -echo "configure:1018: checking that Ultrix $CC hacks const in prototypes" >&5 - if eval "test \"`echo '$''{'ac_cv_lbl_cc_const_proto'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext < -int main() { -struct a { int b; }; - void c(const struct a *) -; return 0; } -EOF -if { (eval echo configure:1031: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then - rm -rf conftest* - ac_cv_lbl_cc_const_proto=yes -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - ac_cv_lbl_cc_const_proto=no -fi -rm -f conftest* -fi - - echo "$ac_t""$ac_cv_lbl_cc_const_proto" 1>&6 - if test $ac_cv_lbl_cc_const_proto = no ; then - cat >> confdefs.h <<\EOF -#define const -EOF - - fi - ;; - esac - fi - - -echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6 -echo "configure:1056: checking how to run the C preprocessor" >&5 -# On Suns, sometimes $CPP names a directory. -if test -n "$CPP" && test -d "$CPP"; then - CPP= -fi -if test -z "$CPP"; then -if eval "test \"`echo '$''{'ac_cv_prog_CPP'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - # This must be in double quotes, not single quotes, because CPP may get - # substituted into the Makefile and "${CC-cc}" will confuse make. - CPP="${CC-cc} -E" - # On the NeXT, cc -E runs the code through the compiler's parser, - # not just through cpp. - cat > conftest.$ac_ext < -Syntax Error -EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:1077: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` -if test -z "$ac_err"; then - : -else - echo "$ac_err" >&5 - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - CPP="${CC-cc} -E -traditional-cpp" - cat > conftest.$ac_ext < -Syntax Error -EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:1094: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` -if test -z "$ac_err"; then - : -else - echo "$ac_err" >&5 - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - CPP="${CC-cc} -nologo -E" - cat > conftest.$ac_ext < -Syntax Error -EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:1111: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` -if test -z "$ac_err"; then - : -else - echo "$ac_err" >&5 - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - CPP=/lib/cpp -fi -rm -f conftest* -fi -rm -f conftest* -fi -rm -f conftest* - ac_cv_prog_CPP="$CPP" -fi - CPP="$ac_cv_prog_CPP" -else - ac_cv_prog_CPP="$CPP" -fi -echo "$ac_t""$CPP" 1>&6 - -for ac_hdr in fcntl.h malloc.h memory.h -do -ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` -echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:1139: checking for $ac_hdr" >&5 -if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext < -EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:1149: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` -if test -z "$ac_err"; then - rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" -else - echo "$ac_err" >&5 - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_header_$ac_safe=no" -fi -rm -f conftest* -fi -if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` - cat >> confdefs.h <&6 -fi -done - - -for ac_func in strerror -do -echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:1179: checking for $ac_func" >&5 -if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext < -/* Override any gcc2 internal prototype to avoid an error. */ -/* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char $ac_func(); - -int main() { - -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined (__stub_$ac_func) || defined (__stub___$ac_func) -choke me -#else -$ac_func(); -#endif - -; return 0; } -EOF -if { (eval echo configure:1207: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_func_$ac_func=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_func_$ac_func=no" -fi -rm -f conftest* -fi - -if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` - cat >> confdefs.h <&6 -LIBOBJS="$LIBOBJS ${ac_func}.${ac_objext}" -fi -done - - -echo $ac_n "checking for main in -lnsl""... $ac_c" 1>&6 -echo "configure:1234: checking for main in -lnsl" >&5 -ac_lib_var=`echo nsl'_'main | sed 'y%./+-%__p_%'` -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - ac_save_LIBS="$LIBS" -LIBS="-lnsl $LIBS" -cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_lib=HAVE_LIB`echo nsl | sed -e 's/[^a-zA-Z0-9_]/_/g' \ - -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'` - cat >> confdefs.h <&6 -fi - -echo $ac_n "checking for main in -lsocket""... $ac_c" 1>&6 -echo "configure:1277: checking for main in -lsocket" >&5 -ac_lib_var=`echo socket'_'main | sed 'y%./+-%__p_%'` -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - ac_save_LIBS="$LIBS" -LIBS="-lsocket $LIBS" -cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_lib=HAVE_LIB`echo socket | sed -e 's/[^a-zA-Z0-9_]/_/g' \ - -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'` - cat >> confdefs.h <&6 -fi - - -echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6 -echo "configure:1321: checking for ANSI C header files" >&5 -if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext < -#include -#include -#include -EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:1334: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` -if test -z "$ac_err"; then - rm -rf conftest* - ac_cv_header_stdc=yes -else - echo "$ac_err" >&5 - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - ac_cv_header_stdc=no -fi -rm -f conftest* - -if test $ac_cv_header_stdc = yes; then - # SunOS 4.x string.h does not declare mem*, contrary to ANSI. -cat > conftest.$ac_ext < -EOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - egrep "memchr" >/dev/null 2>&1; then - : -else - rm -rf conftest* - ac_cv_header_stdc=no -fi -rm -f conftest* - -fi - -if test $ac_cv_header_stdc = yes; then - # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. -cat > conftest.$ac_ext < -EOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - egrep "free" >/dev/null 2>&1; then - : -else - rm -rf conftest* - ac_cv_header_stdc=no -fi -rm -f conftest* - -fi - -if test $ac_cv_header_stdc = yes; then - # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. -if test "$cross_compiling" = yes; then - : -else - cat > conftest.$ac_ext < -#define ISLOWER(c) ('a' <= (c) && (c) <= 'z') -#define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) -#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) -int main () { int i; for (i = 0; i < 256; i++) -if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) exit(2); -exit (0); } - -EOF -if { (eval echo configure:1401: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null -then - : -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -fr conftest* - ac_cv_header_stdc=no -fi -rm -fr conftest* -fi - -fi -fi - -echo "$ac_t""$ac_cv_header_stdc" 1>&6 -if test $ac_cv_header_stdc = yes; then - cat >> confdefs.h <<\EOF -#define STDC_HEADERS 1 -EOF - -fi - -echo $ac_n "checking for int32_t""... $ac_c" 1>&6 -echo "configure:1425: checking for int32_t" >&5 -if eval "test \"`echo '$''{'ac_cv_type_int32_t'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext < -#if STDC_HEADERS -#include -#include -#endif -EOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - egrep "(^|[^a-zA-Z_0-9])int32_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then - rm -rf conftest* - ac_cv_type_int32_t=yes -else - rm -rf conftest* - ac_cv_type_int32_t=no -fi -rm -f conftest* - -fi -echo "$ac_t""$ac_cv_type_int32_t" 1>&6 -if test $ac_cv_type_int32_t = no; then - cat >> confdefs.h <<\EOF -#define int32_t int -EOF - -fi - -echo $ac_n "checking for u_int32_t""... $ac_c" 1>&6 -echo "configure:1458: checking for u_int32_t" >&5 -if eval "test \"`echo '$''{'ac_cv_type_u_int32_t'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext < -#if STDC_HEADERS -#include -#include -#endif -EOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - egrep "(^|[^a-zA-Z_0-9])u_int32_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then - rm -rf conftest* - ac_cv_type_u_int32_t=yes -else - rm -rf conftest* - ac_cv_type_u_int32_t=no -fi -rm -f conftest* - -fi -echo "$ac_t""$ac_cv_type_u_int32_t" 1>&6 -if test $ac_cv_type_u_int32_t = no; then - cat >> confdefs.h <<\EOF -#define u_int32_t u_int -EOF - -fi - - -rm -f os-proto.h - if test "${LBL_CFLAGS+set}" = set; then - V_CCOPT="$V_CCOPT ${LBL_CFLAGS}" - fi - if test -f .devel ; then - if test "$GCC" = yes ; then - if test "$SHLICC2" = yes ; then - ac_cv_lbl_gcc_vers=2 - V_CCOPT="`echo $V_CCOPT | sed -e 's/-O/-O2/'`" - else - echo $ac_n "checking gcc version""... $ac_c" 1>&6 -echo "configure:1502: checking gcc version" >&5 - if eval "test \"`echo '$''{'ac_cv_lbl_gcc_vers'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - ac_cv_lbl_gcc_vers=`$CC --version 2>&1 | \ - sed -e 's/\..*//'` -fi - - echo "$ac_t""$ac_cv_lbl_gcc_vers" 1>&6 - if test $ac_cv_lbl_gcc_vers -gt 1 ; then - V_CCOPT="`echo $V_CCOPT | sed -e 's/-O/-O2/'`" - fi - fi - if test "${LBL_CFLAGS+set}" != set; then - if test "$ac_cv_prog_cc_g" = yes ; then - V_CCOPT="-g $V_CCOPT" - fi - V_CCOPT="$V_CCOPT -Wall" - if test $ac_cv_lbl_gcc_vers -gt 1 ; then - V_CCOPT="$V_CCOPT -Wmissing-prototypes -Wstrict-prototypes" - fi - fi - else - case "$target_os" in - - irix6*) - V_CCOPT="$V_CCOPT -fullwarn -n32" - ;; - - *) - ;; - esac - fi - os=`echo $target_os | sed -e 's/\([0-9][0-9]*\)[^0-9].*$/\1/'` - name="lbl/os-$os.h" - if test -f $name ; then - ln -s $name os-proto.h - cat >> confdefs.h <<\EOF -#define HAVE_OS_PROTO_H 1 -EOF - - else - echo "configure: warning: can't find $name" 1>&2 - fi - fi - -if test -r lbl/gnuc.h ; then - rm -f gnuc.h - ln -s lbl/gnuc.h gnuc.h -fi - - - - -# Find a good install program. We prefer a C program (faster), -# so one script is as good as another. But avoid the broken or -# incompatible versions: -# SysV /etc/install, /usr/sbin/install -# SunOS /usr/etc/install -# IRIX /sbin/install -# AIX /bin/install -# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag -# AFS /usr/afsws/bin/install, which mishandles nonexistent args -# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" -# ./install, which can be erroneously created by make from ./install.sh. -echo $ac_n "checking for a BSD compatible install""... $ac_c" 1>&6 -echo "configure:1568: checking for a BSD compatible install" >&5 -if test -z "$INSTALL"; then -if eval "test \"`echo '$''{'ac_cv_path_install'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - IFS="${IFS= }"; ac_save_IFS="$IFS"; IFS=":" - for ac_dir in $PATH; do - # Account for people who put trailing slashes in PATH elements. - case "$ac_dir/" in - /|./|.//|/etc/*|/usr/sbin/*|/usr/etc/*|/sbin/*|/usr/afsws/bin/*|/usr/ucb/*) ;; - *) - # OSF1 and SCO ODT 3.0 have their own names for install. - # Don't use installbsd from OSF since it installs stuff as root - # by default. - for ac_prog in ginstall scoinst install; do - if test -f $ac_dir/$ac_prog; then - if test $ac_prog = install && - grep dspmsg $ac_dir/$ac_prog >/dev/null 2>&1; then - # AIX install. It has an incompatible calling convention. - : - else - ac_cv_path_install="$ac_dir/$ac_prog -c" - break 2 - fi - fi - done - ;; - esac - done - IFS="$ac_save_IFS" - -fi - if test "${ac_cv_path_install+set}" = set; then - INSTALL="$ac_cv_path_install" - else - # As a last resort, use the slow shell script. We don't cache a - # path for INSTALL within a source directory, because that will - # break other packages using the cache if that directory is - # removed, or if the path is relative. - INSTALL="$ac_install_sh" - fi -fi -echo "$ac_t""$INSTALL" 1>&6 - -# Use test -z because SunOS4 sh mishandles braces in ${var-val}. -# It thinks the first close brace ends the variable substitution. -test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' - -test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL_PROGRAM}' - -test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' - - -trap '' 1 2 15 -cat > confcache <<\EOF -# This file is a shell script that caches the results of configure -# tests run on this system so they can be shared between configure -# scripts and configure runs. It is not useful on other systems. -# If it contains results you don't want to keep, you may remove or edit it. -# -# By default, configure uses ./config.cache as the cache file, -# creating it if it does not exist already. You can give configure -# the --cache-file=FILE option to use a different cache file; that is -# what configure does when it calls configure scripts in -# subdirectories, so they share the cache. -# Giving --cache-file=/dev/null disables caching, for debugging configure. -# config.status only pays attention to the cache file if you give it the -# --recheck option to rerun configure. -# -EOF -# The following way of writing the cache mishandles newlines in values, -# but we know of no workaround that is simple, portable, and efficient. -# So, don't put newlines in cache variables' values. -# Ultrix sh set writes to stderr and can't be redirected directly, -# and sets the high bit in the cache file unless we assign to the vars. -(set) 2>&1 | - case `(ac_space=' '; set | grep ac_space) 2>&1` in - *ac_space=\ *) - # `set' does not quote correctly, so add quotes (double-quote substitution - # turns \\\\ into \\, and sed turns \\ into \). - sed -n \ - -e "s/'/'\\\\''/g" \ - -e "s/^\\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\\)=\\(.*\\)/\\1=\${\\1='\\2'}/p" - ;; - *) - # `set' quotes correctly as required by POSIX, so do not add quotes. - sed -n -e 's/^\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\)=\(.*\)/\1=${\1=\2}/p' - ;; - esac >> confcache -if cmp -s $cache_file confcache; then - : -else - if test -w $cache_file; then - echo "updating cache $cache_file" - cat confcache > $cache_file - else - echo "not updating unwritable cache $cache_file" - fi -fi -rm -f confcache - -trap 'rm -fr conftest* confdefs* core core.* *.core $ac_clean_files; exit 1' 1 2 15 - -test "x$prefix" = xNONE && prefix=$ac_default_prefix -# Let make expand exec_prefix. -test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' - -# Any assignment to VPATH causes Sun make to only execute -# the first set of double-colon rules, so remove it if not needed. -# If there is a colon in the path, we need to keep it. -if test "x$srcdir" = x.; then - ac_vpsub='/^[ ]*VPATH[ ]*=[^:]*$/d' -fi - -trap 'rm -f $CONFIG_STATUS conftest*; exit 1' 1 2 15 - -# Transform confdefs.h into DEFS. -# Protect against shell expansion while executing Makefile rules. -# Protect against Makefile macro expansion. -cat > conftest.defs <<\EOF -s%#define \([A-Za-z_][A-Za-z0-9_]*\) *\(.*\)%-D\1=\2%g -s%[ `~#$^&*(){}\\|;'"<>?]%\\&%g -s%\[%\\&%g -s%\]%\\&%g -s%\$%$$%g -EOF -DEFS=`sed -f conftest.defs confdefs.h | tr '\012' ' '` -rm -f conftest.defs - - -# Without the "./", some shells look in PATH for config.status. -: ${CONFIG_STATUS=./config.status} - -echo creating $CONFIG_STATUS -rm -f $CONFIG_STATUS -cat > $CONFIG_STATUS </dev/null | sed 1q`: -# -# $0 $ac_configure_args -# -# Compiler output produced by configure, useful for debugging -# configure, is in ./config.log if it exists. - -ac_cs_usage="Usage: $CONFIG_STATUS [--recheck] [--version] [--help]" -for ac_option -do - case "\$ac_option" in - -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) - echo "running \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion" - exec \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion ;; - -version | --version | --versio | --versi | --vers | --ver | --ve | --v) - echo "$CONFIG_STATUS generated by autoconf version 2.13" - exit 0 ;; - -help | --help | --hel | --he | --h) - echo "\$ac_cs_usage"; exit 0 ;; - *) echo "\$ac_cs_usage"; exit 1 ;; - esac -done - -ac_given_srcdir=$srcdir -ac_given_INSTALL="$INSTALL" - -trap 'rm -fr `echo "Makefile" | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15 -EOF -cat >> $CONFIG_STATUS < conftest.subs <<\\CEOF -$ac_vpsub -$extrasub -s%@SHELL@%$SHELL%g -s%@CFLAGS@%$CFLAGS%g -s%@CPPFLAGS@%$CPPFLAGS%g -s%@CXXFLAGS@%$CXXFLAGS%g -s%@FFLAGS@%$FFLAGS%g -s%@DEFS@%$DEFS%g -s%@LDFLAGS@%$LDFLAGS%g -s%@LIBS@%$LIBS%g -s%@exec_prefix@%$exec_prefix%g -s%@prefix@%$prefix%g -s%@program_transform_name@%$program_transform_name%g -s%@bindir@%$bindir%g -s%@sbindir@%$sbindir%g -s%@libexecdir@%$libexecdir%g -s%@datadir@%$datadir%g -s%@sysconfdir@%$sysconfdir%g -s%@sharedstatedir@%$sharedstatedir%g -s%@localstatedir@%$localstatedir%g -s%@libdir@%$libdir%g -s%@includedir@%$includedir%g -s%@oldincludedir@%$oldincludedir%g -s%@infodir@%$infodir%g -s%@mandir@%$mandir%g -s%@host@%$host%g -s%@host_alias@%$host_alias%g -s%@host_cpu@%$host_cpu%g -s%@host_vendor@%$host_vendor%g -s%@host_os@%$host_os%g -s%@target@%$target%g -s%@target_alias@%$target_alias%g -s%@target_cpu@%$target_cpu%g -s%@target_vendor@%$target_vendor%g -s%@target_os@%$target_os%g -s%@build@%$build%g -s%@build_alias@%$build_alias%g -s%@build_cpu@%$build_cpu%g -s%@build_vendor@%$build_vendor%g -s%@build_os@%$build_os%g -s%@SHLICC2@%$SHLICC2%g -s%@CC@%$CC%g -s%@CPP@%$CPP%g -s%@LIBOBJS@%$LIBOBJS%g -s%@V_CCOPT@%$V_CCOPT%g -s%@V_INCLS@%$V_INCLS%g -s%@INSTALL_PROGRAM@%$INSTALL_PROGRAM%g -s%@INSTALL_SCRIPT@%$INSTALL_SCRIPT%g -s%@INSTALL_DATA@%$INSTALL_DATA%g - -CEOF -EOF - -cat >> $CONFIG_STATUS <<\EOF - -# Split the substitutions into bite-sized pieces for seds with -# small command number limits, like on Digital OSF/1 and HP-UX. -ac_max_sed_cmds=90 # Maximum number of lines to put in a sed script. -ac_file=1 # Number of current file. -ac_beg=1 # First line for current file. -ac_end=$ac_max_sed_cmds # Line after last line for current file. -ac_more_lines=: -ac_sed_cmds="" -while $ac_more_lines; do - if test $ac_beg -gt 1; then - sed "1,${ac_beg}d; ${ac_end}q" conftest.subs > conftest.s$ac_file - else - sed "${ac_end}q" conftest.subs > conftest.s$ac_file - fi - if test ! -s conftest.s$ac_file; then - ac_more_lines=false - rm -f conftest.s$ac_file - else - if test -z "$ac_sed_cmds"; then - ac_sed_cmds="sed -f conftest.s$ac_file" - else - ac_sed_cmds="$ac_sed_cmds | sed -f conftest.s$ac_file" - fi - ac_file=`expr $ac_file + 1` - ac_beg=$ac_end - ac_end=`expr $ac_end + $ac_max_sed_cmds` - fi -done -if test -z "$ac_sed_cmds"; then - ac_sed_cmds=cat -fi -EOF - -cat >> $CONFIG_STATUS <> $CONFIG_STATUS <<\EOF -for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then - # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". - case "$ac_file" in - *:*) ac_file_in=`echo "$ac_file"|sed 's%[^:]*:%%'` - ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;; - *) ac_file_in="${ac_file}.in" ;; - esac - - # Adjust a relative srcdir, top_srcdir, and INSTALL for subdirectories. - - # Remove last slash and all that follows it. Not all systems have dirname. - ac_dir=`echo $ac_file|sed 's%/[^/][^/]*$%%'` - if test "$ac_dir" != "$ac_file" && test "$ac_dir" != .; then - # The file is in a subdirectory. - test ! -d "$ac_dir" && mkdir "$ac_dir" - ac_dir_suffix="/`echo $ac_dir|sed 's%^\./%%'`" - # A "../" for each directory in $ac_dir_suffix. - ac_dots=`echo $ac_dir_suffix|sed 's%/[^/]*%../%g'` - else - ac_dir_suffix= ac_dots= - fi - - case "$ac_given_srcdir" in - .) srcdir=. - if test -z "$ac_dots"; then top_srcdir=. - else top_srcdir=`echo $ac_dots|sed 's%/$%%'`; fi ;; - /*) srcdir="$ac_given_srcdir$ac_dir_suffix"; top_srcdir="$ac_given_srcdir" ;; - *) # Relative path. - srcdir="$ac_dots$ac_given_srcdir$ac_dir_suffix" - top_srcdir="$ac_dots$ac_given_srcdir" ;; - esac - - case "$ac_given_INSTALL" in - [/$]*) INSTALL="$ac_given_INSTALL" ;; - *) INSTALL="$ac_dots$ac_given_INSTALL" ;; - esac - - echo creating "$ac_file" - rm -f "$ac_file" - configure_input="Generated automatically from `echo $ac_file_in|sed 's%.*/%%'` by configure." - case "$ac_file" in - *Makefile*) ac_comsub="1i\\ -# $configure_input" ;; - *) ac_comsub= ;; - esac - - ac_file_inputs=`echo $ac_file_in|sed -e "s%^%$ac_given_srcdir/%" -e "s%:% $ac_given_srcdir/%g"` - sed -e "$ac_comsub -s%@configure_input@%$configure_input%g -s%@srcdir@%$srcdir%g -s%@top_srcdir@%$top_srcdir%g -s%@INSTALL@%$INSTALL%g -" $ac_file_inputs | (eval "$ac_sed_cmds") > $ac_file -fi; done -rm -f conftest.s* - -EOF -cat >> $CONFIG_STATUS <> $CONFIG_STATUS <<\EOF - -exit 0 -EOF -chmod +x $CONFIG_STATUS -rm -fr confdefs* $ac_clean_files -test "$no_create" = yes || ${CONFIG_SHELL-/bin/sh} $CONFIG_STATUS || exit 1 - - -if test -f .devel ; then - make depend -fi -exit 0 diff --git a/contrib/nslint-2.1a3/configure.in b/contrib/nslint-2.1a3/configure.in deleted file mode 100644 index 2bbb61450f..0000000000 --- a/contrib/nslint-2.1a3/configure.in +++ /dev/null @@ -1,47 +0,0 @@ -dnl @(#) $Header: /u0/home/explorer/proj/ISC/git-conversion/cvsroot/bind9/contrib/nslint-2.1a3/configure.in,v 1.1 2001/12/21 04:12:03 marka Exp $ (LBL) -dnl -dnl Copyright (c) 1995, 1996, 1997 -dnl The Regents of the University of California. All rights reserved. -dnl -dnl Process this file with autoconf to produce a configure script. -dnl - -AC_INIT(nslint.c) - -AC_CANONICAL_SYSTEM - -umask 002 - -if test -z "$PWD" ; then - PWD=`pwd` -fi - -AC_LBL_C_INIT(V_CCOPT, V_INCLS) - -AC_CHECK_HEADERS(fcntl.h malloc.h memory.h) - -AC_REPLACE_FUNCS(strerror) -AC_CHECK_LIB(nsl, main) -AC_CHECK_LIB(socket, main) - -AC_CHECK_TYPE(int32_t, int) -AC_CHECK_TYPE(u_int32_t, u_int) - -AC_LBL_DEVEL(V_CCOPT) - -if test -r lbl/gnuc.h ; then - rm -f gnuc.h - ln -s lbl/gnuc.h gnuc.h -fi - -AC_SUBST(V_CCOPT) -AC_SUBST(V_INCLS) - -AC_PROG_INSTALL - -AC_OUTPUT(Makefile) - -if test -f .devel ; then - make depend -fi -exit 0 diff --git a/contrib/nslint-2.1a3/install-sh b/contrib/nslint-2.1a3/install-sh deleted file mode 100644 index ebc66913e9..0000000000 --- a/contrib/nslint-2.1a3/install-sh +++ /dev/null @@ -1,250 +0,0 @@ -#! /bin/sh -# -# install - install a program, script, or datafile -# This comes from X11R5 (mit/util/scripts/install.sh). -# -# Copyright 1991 by the Massachusetts Institute of Technology -# -# Permission to use, copy, modify, distribute, and sell this software and its -# documentation for any purpose is hereby granted without fee, provided that -# the above copyright notice appear in all copies and that both that -# copyright notice and this permission notice appear in supporting -# documentation, and that the name of M.I.T. not be used in advertising or -# publicity pertaining to distribution of the software without specific, -# written prior permission. M.I.T. makes no representations about the -# suitability of this software for any purpose. It is provided "as is" -# without express or implied warranty. -# -# Calling this script install-sh is preferred over install.sh, to prevent -# `make' implicit rules from creating a file called install from it -# when there is no Makefile. -# -# This script is compatible with the BSD install script, but was written -# from scratch. It can only install one file at a time, a restriction -# shared with many OS's install programs. - - -# set DOITPROG to echo to test this script - -# Don't use :- since 4.3BSD and earlier shells don't like it. -doit="${DOITPROG-}" - - -# put in absolute paths if you don't have them in your path; or use env. vars. - -mvprog="${MVPROG-mv}" -cpprog="${CPPROG-cp}" -chmodprog="${CHMODPROG-chmod}" -chownprog="${CHOWNPROG-chown}" -chgrpprog="${CHGRPPROG-chgrp}" -stripprog="${STRIPPROG-strip}" -rmprog="${RMPROG-rm}" -mkdirprog="${MKDIRPROG-mkdir}" - -transformbasename="" -transform_arg="" -instcmd="$mvprog" -chmodcmd="$chmodprog 0755" -chowncmd="" -chgrpcmd="" -stripcmd="" -rmcmd="$rmprog -f" -mvcmd="$mvprog" -src="" -dst="" -dir_arg="" - -while [ x"$1" != x ]; do - case $1 in - -c) instcmd="$cpprog" - shift - continue;; - - -d) dir_arg=true - shift - continue;; - - -m) chmodcmd="$chmodprog $2" - shift - shift - continue;; - - -o) chowncmd="$chownprog $2" - shift - shift - continue;; - - -g) chgrpcmd="$chgrpprog $2" - shift - shift - continue;; - - -s) stripcmd="$stripprog" - shift - continue;; - - -t=*) transformarg=`echo $1 | sed 's/-t=//'` - shift - continue;; - - -b=*) transformbasename=`echo $1 | sed 's/-b=//'` - shift - continue;; - - *) if [ x"$src" = x ] - then - src=$1 - else - # this colon is to work around a 386BSD /bin/sh bug - : - dst=$1 - fi - shift - continue;; - esac -done - -if [ x"$src" = x ] -then - echo "install: no input file specified" - exit 1 -else - true -fi - -if [ x"$dir_arg" != x ]; then - dst=$src - src="" - - if [ -d $dst ]; then - instcmd=: - else - instcmd=mkdir - fi -else - -# Waiting for this to be detected by the "$instcmd $src $dsttmp" command -# might cause directories to be created, which would be especially bad -# if $src (and thus $dsttmp) contains '*'. - - if [ -f $src -o -d $src ] - then - true - else - echo "install: $src does not exist" - exit 1 - fi - - if [ x"$dst" = x ] - then - echo "install: no destination specified" - exit 1 - else - true - fi - -# If destination is a directory, append the input filename; if your system -# does not like double slashes in filenames, you may need to add some logic - - if [ -d $dst ] - then - dst="$dst"/`basename $src` - else - true - fi -fi - -## this sed command emulates the dirname command -dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'` - -# Make sure that the destination directory exists. -# this part is taken from Noah Friedman's mkinstalldirs script - -# Skip lots of stat calls in the usual case. -if [ ! -d "$dstdir" ]; then -defaultIFS=' -' -IFS="${IFS-${defaultIFS}}" - -oIFS="${IFS}" -# Some sh's can't handle IFS=/ for some reason. -IFS='%' -set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'` -IFS="${oIFS}" - -pathcomp='' - -while [ $# -ne 0 ] ; do - pathcomp="${pathcomp}${1}" - shift - - if [ ! -d "${pathcomp}" ] ; - then - $mkdirprog "${pathcomp}" - else - true - fi - - pathcomp="${pathcomp}/" -done -fi - -if [ x"$dir_arg" != x ] -then - $doit $instcmd $dst && - - if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi && - if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi && - if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi && - if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi -else - -# If we're going to rename the final executable, determine the name now. - - if [ x"$transformarg" = x ] - then - dstfile=`basename $dst` - else - dstfile=`basename $dst $transformbasename | - sed $transformarg`$transformbasename - fi - -# don't allow the sed command to completely eliminate the filename - - if [ x"$dstfile" = x ] - then - dstfile=`basename $dst` - else - true - fi - -# Make a temp file name in the proper directory. - - dsttmp=$dstdir/#inst.$$# - -# Move or copy the file name to the temp name - - $doit $instcmd $src $dsttmp && - - trap "rm -f ${dsttmp}" 0 && - -# and set any options; do chmod last to preserve setuid bits - -# If any of these fail, we abort the whole thing. If we want to -# ignore errors from any of these, just make sure not to ignore -# errors from the above "$doit $instcmd $src $dsttmp" command. - - if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi && - if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi && - if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi && - if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi && - -# Now rename the file to the real destination. - - $doit $rmcmd -f $dstdir/$dstfile && - $doit $mvcmd $dsttmp $dstdir/$dstfile - -fi && - - -exit 0 diff --git a/contrib/nslint-2.1a3/lbl/os-irix5.h b/contrib/nslint-2.1a3/lbl/os-irix5.h deleted file mode 100644 index 238bdd8079..0000000000 --- a/contrib/nslint-2.1a3/lbl/os-irix5.h +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright (c) 1994, 1995, 1996 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that: (1) source code distributions - * retain the above copyright notice and this paragraph in its entirety, (2) - * distributions including binary code include the above copyright notice and - * this paragraph in its entirety in the documentation or other materials - * provided with the distribution, and (3) all advertising materials mentioning - * features or use of this software display the following acknowledgement: - * ``This product includes software developed by the University of California, - * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of - * the University nor the names of its contributors may be used to endorse - * or promote products derived from this software without specific prior - * written permission. - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. - * - * @(#) $Header: /u0/home/explorer/proj/ISC/git-conversion/cvsroot/bind9/contrib/nslint-2.1a3/lbl/os-irix5.h,v 1.1 2001/12/21 04:12:05 marka Exp $ (LBL) - */ - -/* Prototypes missing in IRIX 5 */ -#ifdef __STDC__ -struct ether_addr; -#endif -int ether_hostton(char *, struct ether_addr *); -char *ether_ntoa(struct ether_addr *); -#ifdef __STDC__ -struct utmp; -#endif -void login(struct utmp *); -int setenv(const char *, const char *, int); -int sigblock(int); -int sigsetmask(int); -int snprintf(char *, size_t, const char *, ...); -time_t time(time_t *); diff --git a/contrib/nslint-2.1a3/lbl/os-osf3.h b/contrib/nslint-2.1a3/lbl/os-osf3.h deleted file mode 100644 index b3f19649c1..0000000000 --- a/contrib/nslint-2.1a3/lbl/os-osf3.h +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Copyright (c) 1995, 1996 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that: (1) source code distributions - * retain the above copyright notice and this paragraph in its entirety, (2) - * distributions including binary code include the above copyright notice and - * this paragraph in its entirety in the documentation or other materials - * provided with the distribution, and (3) all advertising materials mentioning - * features or use of this software display the following acknowledgement: - * ``This product includes software developed by the University of California, - * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of - * the University nor the names of its contributors may be used to endorse - * or promote products derived from this software without specific prior - * written permission. - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. - * - * @(#) $Header: /u0/home/explorer/proj/ISC/git-conversion/cvsroot/bind9/contrib/nslint-2.1a3/lbl/os-osf3.h,v 1.1 2001/12/21 04:12:05 marka Exp $ (LBL) - */ - -/* Prototypes missing in osf3 */ -int flock(int, int); -int ioctl(int, int, caddr_t); -int iruserok(u_int, int, char *, char *); -int pfopen(char *, int); -int rcmd(char **, u_short, const char *, const char *, const char *, int *); -int rresvport(int *); -int snprintf(char *, size_t, const char *, ...); -void sync(void); diff --git a/contrib/nslint-2.1a3/lbl/os-solaris2.h b/contrib/nslint-2.1a3/lbl/os-solaris2.h deleted file mode 100644 index ba91e71235..0000000000 --- a/contrib/nslint-2.1a3/lbl/os-solaris2.h +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright (c) 1993, 1994, 1995, 1996, 1997, 2000 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that: (1) source code distributions - * retain the above copyright notice and this paragraph in its entirety, (2) - * distributions including binary code include the above copyright notice and - * this paragraph in its entirety in the documentation or other materials - * provided with the distribution, and (3) all advertising materials mentioning - * features or use of this software display the following acknowledgement: - * ``This product includes software developed by the University of California, - * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of - * the University nor the names of its contributors may be used to endorse - * or promote products derived from this software without specific prior - * written permission. - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. - * - * @(#) $Id: os-solaris2.h,v 1.1 2001/12/21 04:12:05 marka Exp $ (LBL) - */ - -/* Prototypes missing in SunOS 5 */ -int daemon(int, int); -int dn_expand(const u_char *, const u_char *, const u_char *, char *, int); -int dn_skipname(const u_char *, const u_char *); -int flock(int, int); -int getdtablesize(void); -int gethostname(char *, int); -int getpagesize(void); -char *getusershell(void); -char *getwd(char *); -int iruserok(u_int, int, char *, char *); -#ifdef __STDC__ -struct utmp; -void login(struct utmp *); -#endif -int logout(const char *); -int res_query(const char *, int, int, u_char *, int); -int setenv(const char *, const char *, int); -#if defined(_STDIO_H) && defined(HAVE_SETLINEBUF) -int setlinebuf(FILE *); -#endif -int sigblock(int); -int sigsetmask(int); -char *strerror(int); -int snprintf(char *, size_t, const char *, ...); -int strcasecmp(const char *, const char *); -void unsetenv(const char *); diff --git a/contrib/nslint-2.1a3/lbl/os-sunos4.h b/contrib/nslint-2.1a3/lbl/os-sunos4.h deleted file mode 100644 index 47b022a89a..0000000000 --- a/contrib/nslint-2.1a3/lbl/os-sunos4.h +++ /dev/null @@ -1,215 +0,0 @@ -/* - * Copyright (c) 1989, 1990, 1993, 1994, 1995, 1996 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that: (1) source code distributions - * retain the above copyright notice and this paragraph in its entirety, (2) - * distributions including binary code include the above copyright notice and - * this paragraph in its entirety in the documentation or other materials - * provided with the distribution, and (3) all advertising materials mentioning - * features or use of this software display the following acknowledgement: - * ``This product includes software developed by the University of California, - * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of - * the University nor the names of its contributors may be used to endorse - * or promote products derived from this software without specific prior - * written permission. - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. - * - * @(#) $Header: /u0/home/explorer/proj/ISC/git-conversion/cvsroot/bind9/contrib/nslint-2.1a3/lbl/os-sunos4.h,v 1.1 2001/12/21 04:12:05 marka Exp $ (LBL) - */ - -/* Prototypes missing in SunOS 4 */ -#ifdef FILE -int _filbuf(FILE *); -int _flsbuf(u_char, FILE *); -int fclose(FILE *); -int fflush(FILE *); -int fgetc(FILE *); -int fprintf(FILE *, const char *, ...); -int fputc(int, FILE *); -int fputs(const char *, FILE *); -u_int fread(void *, u_int, u_int, FILE *); -int fseek(FILE *, long, int); -u_int fwrite(const void *, u_int, u_int, FILE *); -int pclose(FILE *); -void rewind(FILE *); -void setbuf(FILE *, char *); -int setlinebuf(FILE *); -int ungetc(int, FILE *); -int vfprintf(FILE *, const char *, ...); -int vprintf(const char *, ...); -#endif - -#if __GNUC__ <= 1 -int read(int, char *, u_int); -int write(int, char *, u_int); -#endif - -long a64l(const char *); -#ifdef __STDC__ -struct sockaddr; -#endif -int accept(int, struct sockaddr *, int *); -int bind(int, struct sockaddr *, int); -int bcmp(const void *, const void *, u_int); -void bcopy(const void *, void *, u_int); -void bzero(void *, int); -int chroot(const char *); -int close(int); -void closelog(void); -int connect(int, struct sockaddr *, int); -char *crypt(const char *, const char *); -int daemon(int, int); -int fchmod(int, int); -int fchown(int, int, int); -void endgrent(void); -void endpwent(void); -void endservent(void); -#ifdef __STDC__ -struct ether_addr; -#endif -struct ether_addr *ether_aton(const char *); -int flock(int, int); -#ifdef __STDC__ -struct stat; -#endif -int fstat(int, struct stat *); -#ifdef __STDC__ -struct statfs; -#endif -int fstatfs(int, struct statfs *); -int fsync(int); -#ifdef __STDC__ -struct timeb; -#endif -int ftime(struct timeb *); -int ftruncate(int, off_t); -int getdtablesize(void); -long gethostid(void); -int gethostname(char *, int); -int getopt(int, char * const *, const char *); -int getpagesize(void); -char *getpass(char *); -int getpeername(int, struct sockaddr *, int *); -int getpriority(int, int); -#ifdef __STDC__ -struct rlimit; -#endif -int getrlimit(int, struct rlimit *); -int getsockname(int, struct sockaddr *, int *); -int getsockopt(int, int, int, char *, int *); -#ifdef __STDC__ -struct timeval; -struct timezone; -#endif -int gettimeofday(struct timeval *, struct timezone *); -char *getusershell(void); -char *getwd(char *); -int initgroups(const char *, int); -int ioctl(int, int, caddr_t); -int iruserok(u_long, int, char *, char *); -int isatty(int); -int killpg(int, int); -int listen(int, int); -#ifdef __STDC__ -struct utmp; -#endif -void login(struct utmp *); -int logout(const char *); -off_t lseek(int, off_t, int); -int lstat(const char *, struct stat *); -int mkstemp(char *); -char *mktemp(char *); -int munmap(caddr_t, int); -void openlog(const char *, int, int); -void perror(const char *); -int printf(const char *, ...); -int puts(const char *); -long random(void); -int readlink(const char *, char *, int); -#ifdef __STDC__ -struct iovec; -#endif -int readv(int, struct iovec *, int); -int recv(int, char *, u_int, int); -int recvfrom(int, char *, u_int, int, struct sockaddr *, int *); -int rename(const char *, const char *); -int rcmd(char **, u_short, char *, char *, char *, int *); -int rresvport(int *); -int send(int, char *, u_int, int); -int sendto(int, char *, u_int, int, struct sockaddr *, int); -int setenv(const char *, const char *, int); -int seteuid(int); -int setpriority(int, int, int); -int select(int, fd_set *, fd_set *, fd_set *, struct timeval *); -int setpgrp(int, int); -void setpwent(void); -int setrlimit(int, struct rlimit *); -void setservent(int); -int setsockopt(int, int, int, char *, int); -int shutdown(int, int); -int sigblock(int); -void (*signal (int, void (*) (int))) (int); -int sigpause(int); -int sigsetmask(int); -#ifdef __STDC__ -struct sigvec; -#endif -int sigvec(int, struct sigvec *, struct sigvec*); -int snprintf(char *, size_t, const char *, ...); -int socket(int, int, int); -int socketpair(int, int, int, int *); -int symlink(const char *, const char *); -void srandom(int); -int sscanf(char *, const char *, ...); -int stat(const char *, struct stat *); -int statfs(char *, struct statfs *); -char *strerror(int); -int strcasecmp(const char *, const char *); -#ifdef __STDC__ -struct tm; -#endif -int strftime(char *, int, char *, struct tm *); -int strncasecmp(const char *, const char *, int); -long strtol(const char *, char **, int); -void sync(void); -void syslog(int, const char *, ...); -int system(const char *); -long tell(int); -time_t time(time_t *); -char *timezone(int, int); -int tolower(int); -int toupper(int); -int truncate(char *, off_t); -void unsetenv(const char *); -int vfork(void); -int vsprintf(char *, const char *, ...); -int writev(int, struct iovec *, int); -#ifdef __STDC__ -struct rusage; -#endif -int utimes(const char *, struct timeval *); -#if __GNUC__ <= 1 -int wait(int *); -pid_t wait3(int *, int, struct rusage *); -#endif - -/* Ugly signal hacking */ -#ifdef SIG_ERR -#undef SIG_ERR -#define SIG_ERR (void (*)(int))-1 -#undef SIG_DFL -#define SIG_DFL (void (*)(int))0 -#undef SIG_IGN -#define SIG_IGN (void (*)(int))1 - -#ifdef KERNEL -#undef SIG_CATCH -#define SIG_CATCH (void (*)(int))2 -#endif -#undef SIG_HOLD -#define SIG_HOLD (void (*)(int))3 -#endif diff --git a/contrib/nslint-2.1a3/lbl/os-ultrix4.h b/contrib/nslint-2.1a3/lbl/os-ultrix4.h deleted file mode 100644 index f1ad7078bb..0000000000 --- a/contrib/nslint-2.1a3/lbl/os-ultrix4.h +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Copyright (c) 1990, 1993, 1994, 1995, 1996 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that: (1) source code distributions - * retain the above copyright notice and this paragraph in its entirety, (2) - * distributions including binary code include the above copyright notice and - * this paragraph in its entirety in the documentation or other materials - * provided with the distribution, and (3) all advertising materials mentioning - * features or use of this software display the following acknowledgement: - * ``This product includes software developed by the University of California, - * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of - * the University nor the names of its contributors may be used to endorse - * or promote products derived from this software without specific prior - * written permission. - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. - * - * @(#) $Header: /u0/home/explorer/proj/ISC/git-conversion/cvsroot/bind9/contrib/nslint-2.1a3/lbl/os-ultrix4.h,v 1.1 2001/12/21 04:12:05 marka Exp $ (LBL) - */ - -/* Prototypes missing in Ultrix 4 */ -int bcmp(const char *, const char *, u_int); -void bcopy(const void *, void *, u_int); -void bzero(void *, u_int); -void endservent(void); -int getopt(int, char * const *, const char *); -#ifdef __STDC__ -struct timeval; -struct timezone; -#endif -int gettimeofday(struct timeval *, struct timezone *); -int ioctl(int, int, caddr_t); -int pfopen(char *, int); -int setlinebuf(FILE *); -int socket(int, int, int); -int strcasecmp(const char *, const char *); diff --git a/contrib/nslint-2.1a3/CHANGES b/contrib/nslint-3.0a2/CHANGES similarity index 92% rename from contrib/nslint-2.1a3/CHANGES rename to contrib/nslint-3.0a2/CHANGES index c425e0171a..0e47d36f5f 100644 --- a/contrib/nslint-2.1a3/CHANGES +++ b/contrib/nslint-3.0a2/CHANGES @@ -1,6 +1,14 @@ -@(#) $Id: CHANGES,v 1.1 2001/12/21 04:12:02 marka Exp $ (LBL) +@(#) $Id: CHANGES 250 2009-10-16 23:26:47Z leres $ (LBL) -v2.1 Wed Aug 22 18:30:35 PDT 2001 +v3.0 Fri Oct 16 16:26:04 PDT 2009 + +- Add IPv6 support. + +v2.2 Fri Mar 13 22:29:52 PDT 2009 + +- Convert source tree to subversion + +v2.1 Fri Feb 15 20:45:01 PST 2008 - Handle "srv" records. @@ -8,6 +16,12 @@ v2.1 Wed Aug 22 18:30:35 PDT 2001 - Add "ignore" option +- Hack in support for "view" + +- Check for duplicate "cname" records. + +- Upgrade to autoconf 2.61 + v2.0.2 Tue Mar 20 17:49:13 PST 2001 - Allow missing trailing dot in certain special cases. @@ -16,6 +30,9 @@ v2.0.2 Tue Mar 20 17:49:13 PST 2001 - Document nslint.conf network keyword. +- Sort the network list so that we always pick the right network/mask + when the overlap. + v2.0.1 Tue Dec 14 11:24:31 PST 1999 - Handle $ttl. diff --git a/contrib/nslint-2.1a3/FILES b/contrib/nslint-3.0a2/FILES similarity index 69% rename from contrib/nslint-2.1a3/FILES rename to contrib/nslint-3.0a2/FILES index ddb8d44a68..376bdd39af 100644 --- a/contrib/nslint-2.1a3/FILES +++ b/contrib/nslint-3.0a2/FILES @@ -11,14 +11,10 @@ configure configure.in install-sh lbl/gnuc.h -lbl/os-irix5.h -lbl/os-osf3.h -lbl/os-solaris2.h -lbl/os-sunos4.h -lbl/os-ultrix4.h mkdep nslint.8 nslint.c savestr.c savestr.h strerror.c +version.h diff --git a/contrib/nslint-2.1a3/INSTALL b/contrib/nslint-3.0a2/INSTALL similarity index 88% rename from contrib/nslint-2.1a3/INSTALL rename to contrib/nslint-3.0a2/INSTALL index d451a976c2..d07822939f 100644 --- a/contrib/nslint-2.1a3/INSTALL +++ b/contrib/nslint-3.0a2/INSTALL @@ -1,4 +1,4 @@ -@(#) $Header: /u0/home/explorer/proj/ISC/git-conversion/cvsroot/bind9/contrib/nslint-2.1a3/INSTALL,v 1.1 2001/12/21 04:12:02 marka Exp $ (LBL) +@(#) $Id: INSTALL 238 2009-03-14 05:43:37Z leres $ (LBL) You will need an ANSI C compiler to build nslint. The configure script will abort if your compiler is not ANSI compliant. If this @@ -33,10 +33,10 @@ configure - configure script (run this first) configure.in - configure script source install-sh - BSD style install script lbl/gnuc.h - gcc macros and defines -lbl/os-*.h - os dependent defines and prototypes mkdep - construct Makefile dependency list nslint.8 - manual entry nslint.c - main program savestr.c - strdup() replacement savestr.h - savestr prototypes strerror.c - missing routine +version.h - prototypes, defines and struct definitions diff --git a/contrib/nslint-2.1a3/Makefile.in b/contrib/nslint-3.0a2/Makefile.in similarity index 74% rename from contrib/nslint-2.1a3/Makefile.in rename to contrib/nslint-3.0a2/Makefile.in index 60ed0173a4..0c265c75af 100644 --- a/contrib/nslint-2.1a3/Makefile.in +++ b/contrib/nslint-3.0a2/Makefile.in @@ -1,4 +1,4 @@ -# Copyright (c) 1992, 1993, 1994, 1995, 1996, 1997, 2000 +# Copyright (c) 1992, 1993, 1994, 1995, 1996, 1997, 2000, 2008, 2009 # The Regents of the University of California. All rights reserved. # # Redistribution and use in source and binary forms, with or without @@ -17,7 +17,7 @@ # WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. # -# @(#) $Id: Makefile.in,v 1.2 2004/07/20 07:13:40 marka Exp $ (LBL) +# @(#) $Id: Makefile.in 242 2009-10-14 08:30:03Z leres $ (LBL) # # Various configurable paths (remember to edit Makefile.in, not Makefile) @@ -29,7 +29,9 @@ exec_prefix = @exec_prefix@ # Pathname of directory to install the binary BINDEST = @bindir@ # Pathname of directory to install the man page -MANDEST = @mandir@ +MANDEST = @prefix@/man +# The root of the directory tree for read-only +datarootdir = @datarootdir@ # VPATH srcdir = @srcdir@ @@ -48,6 +50,9 @@ DEFS = @DEFS@ # Standard CFLAGS CFLAGS = $(CCOPT) $(DEFS) $(INCLS) +# Standard LDFLAGS +LDFLAGS = @LDFLAGS@ + # Standard LIBS LIBS = @LIBS@ @@ -65,9 +70,9 @@ GENSRC = version.c SRC = $(CSRC) $(GENSRC) -# We would like to say "OBJ = $(SRC:.c=.o)" but Ultrix's make cannot +# We would like to say "OBJS = $(SRC:.c=.o)" but Ultrix's make cannot # hack the extra indirection -OBJ = $(CSRC:.c=.o) $(GENSRC:.c=.o) @LIBOBJS@ +OBJS = $(CSRC:.c=.o) $(GENSRC:.c=.o) @LIBOBJS@ TAGHDR = \ /usr/include/sys/types.h \ @@ -75,11 +80,15 @@ TAGHDR = \ TAGFILES = $(SRC) $(TAGHDR) -CLEANFILES = $(PROG) $(OBJ) $(GENSRC) +CLEANFILES = $(PROG) $(OBJS) $(GENSRC) purify $(OBJS:.o=_pure_*.o) -$(PROG): $(OBJ) +$(PROG): $(OBJS) @rm -f $@ - $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(OBJ) $(LIBS) + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) + +purify: $(OBJS) + @rm -f $@ + purify $(CC) $(CFLAGS) $(LDFLAGS) -static -o purify $(OBJS) $(LIBS) version.o: version.c version.c: $(srcdir)/VERSION @@ -88,17 +97,15 @@ version.c: $(srcdir)/VERSION install: force $(INSTALL) -m 555 -o bin -g bin $(PROG) $(DESTDIR)$(BINDEST)/$(PROG) - -install-man: force - $(INSTALL) -m 444 -o bin -g bin $(srcdir)/$(PROG).8 \ - $(DESTDIR)$(MANDEST)/man8/$(PROG).8 + @diff $(srcdir)/$(PROG).8 $(DESTDIR)$(MANDEST)/man8 >/dev/null 2>&1 || \ + $(INSTALL) -m 444 -o bin -g bin $(srcdir)/$(PROG).8 $(DESTDIR)$(MANDEST)/man8/ clean: force rm -f $(CLEANFILES) distclean: force - rm -f $(CLEANFILES) Makefile config.cache config.log config.status \ - gnuc.h os-proto.h + rm -rf $(CLEANFILES) Makefile config.cache config.log config.status \ + gnuc.h os-proto.h autom4te.cache tags: $(TAGFILES) ctags -wtd $(TAGFILES) @@ -117,6 +124,12 @@ tar: force "rm -f $$name" ; \ rm -f $$name +sign: + @name=${PROG}-`cat VERSION`.tar.gz; \ + set -x; \ + rm -f $${name}.asc; \ + gpg --armor --detach-sign $${name} + force: /tmp depend: $(GENSRC) force ./mkdep -c $(CC) $(DEFS) $(INCLS) $(SRC) diff --git a/contrib/nslint-2.1a3/README b/contrib/nslint-3.0a2/README similarity index 81% rename from contrib/nslint-2.1a3/README rename to contrib/nslint-3.0a2/README index 39f0202a31..d1c9177fa9 100644 --- a/contrib/nslint-2.1a3/README +++ b/contrib/nslint-3.0a2/README @@ -1,4 +1,4 @@ -@(#) $Id: README,v 1.1 2001/12/21 04:12:02 marka Exp $ (LBL) +@(#) $Id: README 237 2009-03-14 05:38:15Z leres $ (LBL) NSLINT 2.0 Lawrence Berkeley National Laboratory diff --git a/contrib/nslint-3.0a2/VERSION b/contrib/nslint-3.0a2/VERSION new file mode 100644 index 0000000000..57af7a33a3 --- /dev/null +++ b/contrib/nslint-3.0a2/VERSION @@ -0,0 +1 @@ +3.0a2 diff --git a/contrib/nslint-2.1a3/aclocal.m4 b/contrib/nslint-3.0a2/aclocal.m4 similarity index 71% rename from contrib/nslint-2.1a3/aclocal.m4 rename to contrib/nslint-3.0a2/aclocal.m4 index a5e3035bfa..ceff7c4054 100644 --- a/contrib/nslint-2.1a3/aclocal.m4 +++ b/contrib/nslint-3.0a2/aclocal.m4 @@ -1,6 +1,6 @@ -dnl @(#) $Header: /u0/home/explorer/proj/ISC/git-conversion/cvsroot/bind9/contrib/nslint-2.1a3/aclocal.m4,v 1.1 2001/12/21 04:12:03 marka Exp $ (LBL) +dnl @(#) $Id: aclocal.m4 616 2009-10-10 00:08:08Z leres $ (LBL) dnl -dnl Copyright (c) 1995, 1996, 1997, 1998, 1999 +dnl Copyright (c) 2008, 2009 dnl The Regents of the University of California. All rights reserved. dnl dnl Redistribution and use in source and binary forms, with or without @@ -26,7 +26,7 @@ dnl dnl Determine which compiler we're using (cc or gcc) dnl If using gcc, determine the version number dnl If using cc, require that it support ansi prototypes -dnl If using gcc, use -O2 (otherwise use -O) +dnl If using gcc, use -O3 (otherwise use -O) dnl If using cc, explicitly specify /usr/local/include dnl dnl usage: @@ -38,23 +38,27 @@ dnl dnl $1 (copt set) dnl $2 (incls set) dnl CC -dnl LDFLAGS -dnl LBL_CFLAGS +dnl LDFLAGS set dnl AC_DEFUN(AC_LBL_C_INIT, [AC_PREREQ(2.12) + AC_ARG_ENABLE([optimization], + [AS_HELP_STRING([--disable-optimization], + [turn off gcc optimization])], + ac_cv_without_optimization=${withval}) AC_BEFORE([$0], [AC_PROG_CC]) AC_BEFORE([$0], [AC_LBL_FIXINCLUDES]) AC_BEFORE([$0], [AC_LBL_DEVEL]) AC_ARG_WITH(gcc, [ --without-gcc don't use gcc]) - $1="-O" + AC_USE_SYSTEM_EXTENSIONS + $1="" + if test "${ac_cv_without_optimization+set}" != set; then + $1="-O" + fi $2="" if test "${srcdir}" != "." ; then $2="-I\$\(srcdir\)" fi - if test "${CFLAGS+set}" = set; then - LBL_CFLAGS="$CFLAGS" - fi if test -z "$CC" ; then case "$target_os" in @@ -72,6 +76,7 @@ AC_DEFUN(AC_LBL_C_INIT, export CC fi AC_PROG_CC + AC_SYS_LARGEFILE if test "$GCC" != yes ; then AC_MSG_CHECKING(that $CC handles ansi prototypes) AC_CACHE_VAL(ac_cv_lbl_cc_ansi_prototypes, @@ -100,7 +105,7 @@ AC_DEFUN(AC_LBL_C_INIT, fi CFLAGS="$savedcflags" $1="-Aa $$1" - AC_DEFINE(_HPUX_SOURCE) + AC_DEFINE(_HPUX_SOURCE,,[HP-UX ansi compiler]) ;; *) @@ -132,13 +137,43 @@ AC_DEFUN(AC_LBL_C_INIT, ac_cv_lbl_cc_const_proto=no)) AC_MSG_RESULT($ac_cv_lbl_cc_const_proto) if test $ac_cv_lbl_cc_const_proto = no ; then - AC_DEFINE(const,) + AC_DEFINE(const,,[ultrix can't hack const]) fi ;; esac fi ]) +AC_LBL_ENABLE_CHECK(brov6 activemapping expire-dfa-states) +dnl +dnl This allows us to check for bogus configure enable/disable +dnl command line options +dnl +dnl usage: +dnl +dnl AC_LBL_ENABLE_CHECK(opt ...) +dnl +AC_DEFUN(AC_LBL_ENABLE_CHECK, + [set | + sed -n -e 's/^enable_\([[^=]]*\)=[[^=]]*$/\1/p' | + while read var; do + ok=0 + for o in $1; do + if test "${o}" = "${var}" ; then + ok=1 + break + fi + done + if test ${ok} -eq 0 ; then + # It's hard to kill configure script from subshell! + AC_MSG_ERROR(unknown enable option: ${var}) + exit 1 + fi + done + if test $? -ne 0 ; then + exit 1 + fi]) + dnl dnl Use pfopen.c if available and pfopen() not in standard libraries dnl Require libpcap @@ -191,13 +226,13 @@ AC_DEFUN(AC_LBL_LIBPCAP, done if test "x$libpcap" = xFAIL ; then AC_MSG_RESULT(not found) - unset ac_cv_lbl_lib_pcap_pcap_open_live_ - AC_LBL_CHECK_LIB(pcap, pcap_open_live, libpcap="-lpcap") + AC_CHECK_LIB(pcap, pcap_open_live, libpcap="-lpcap") + unset ac_cv_lib_pcap_pcap_open_live if test "x$libpcap" = xFAIL ; then - unset ac_cv_lbl_lib_pcap_pcap_open_live_ CFLAGS="$CFLAGS -I/usr/local/include" LIBS="$LIBS -L/usr/local/lib" - AC_LBL_CHECK_LIB(pcap, pcap_open_live, libpcap="-lpcap") + AC_CHECK_LIB(pcap, pcap_open_live, libpcap="-lpcap") + unset ac_cv_lib_pcap_pcap_open_live if test "x$libpcap" = xFAIL ; then AC_MSG_ERROR(see the INSTALL doc for more info) fi @@ -240,21 +275,21 @@ AC_DEFUN(AC_LBL_TYPE_SIGNAL, [AC_BEFORE([$0], [AC_LBL_LIBPCAP]) AC_TYPE_SIGNAL if test "$ac_cv_type_signal" = void ; then - AC_DEFINE(RETSIGVAL,) + AC_DEFINE(RETSIGVAL,,[signal function return value]) else AC_DEFINE(RETSIGVAL,(0)) fi case "$target_os" in irix*) - AC_DEFINE(_BSD_SIGNALS) + AC_DEFINE(_BSD_SIGNALS,,[irix's BSD style signals]) ;; *) dnl prefer sigset() to sigaction() AC_CHECK_FUNCS(sigset) if test $ac_cv_func_sigset = yes ; then - AC_DEFINE(signal,sigset) + AC_DEFINE(signal,sigset,[use sigset() instead of signal()]) else AC_CHECK_FUNCS(sigaction) fi @@ -397,17 +432,38 @@ dnl dnl HAVE_SOCKADDR_SA_LEN (defined) dnl AC_DEFUN(AC_LBL_SOCKADDR_SA_LEN, - [AC_MSG_CHECKING(if sockaddr struct has sa_len member) - AC_CACHE_VAL(ac_cv_lbl_sockaddr_has_sa_len, - AC_TRY_COMPILE([ + [AC_CHECK_MEMBERS(struct sockaddr.sa_len,,,[ # include -# include ], - [u_int i = sizeof(((struct sockaddr *)0)->sa_len)], - ac_cv_lbl_sockaddr_has_sa_len=yes, - ac_cv_lbl_sockaddr_has_sa_len=no)) - AC_MSG_RESULT($ac_cv_lbl_sockaddr_has_sa_len) - if test $ac_cv_lbl_sockaddr_has_sa_len = yes ; then - AC_DEFINE(HAVE_SOCKADDR_SA_LEN) +# include ])]) + +dnl +dnl Makes sure socklen_t is defined +dnl +dnl usage: +dnl +dnl AC_LBL_SOCKLEN_T +dnl +dnl results: +dnl +dnl socklen_t (defined if missing) +dnl +AC_DEFUN(AC_LBL_SOCKLEN_T, + [AC_MSG_CHECKING(for socklen_t in sys/socket.h using $CC) + AC_CACHE_VAL(ac_cv_lbl_socklen_t, + AC_TRY_COMPILE([ +# include "confdefs.h" +# include +# include +# if STDC_HEADERS +# include +# include +# endif], + [socklen_t i], + ac_cv_lbl_socklen_t=yes, + ac_cv_lbl_socklen_t=no)) + AC_MSG_RESULT($ac_cv_lbl_socklen_t) + if test $ac_cv_lbl_socklen_t = no ; then + AC_DEFINE(socklen_t, int, [Define socklen_t if missing]) fi]) dnl @@ -442,34 +498,9 @@ AC_DEFUN(AC_LBL_IFF_LOOPBACK, ac_cv_lbl_have_iff_loopback=no)) AC_MSG_RESULT($ac_cv_lbl_have_iff_loopback) if test $ac_cv_lbl_have_iff_loopback = yes ; then - AC_DEFINE(HAVE_IFF_LOOPBACK) + AC_DEFINE(HAVE_IFF_LOOPBACK,, [Have IFF_LOOPBACK define/enum]) fi]) -dnl -dnl Checks to see if -R is used -dnl -dnl usage: -dnl -dnl AC_LBL_HAVE_RUN_PATH -dnl -dnl results: -dnl -dnl ac_cv_lbl_have_run_path (yes or no) -dnl -AC_DEFUN(AC_LBL_HAVE_RUN_PATH, - [AC_MSG_CHECKING(for ${CC-cc} -R) - AC_CACHE_VAL(ac_cv_lbl_have_run_path, - [echo 'main(){}' > conftest.c - ${CC-cc} -o conftest conftest.c -R/a1/b2/c3 >conftest.out 2>&1 - if test ! -s conftest.out ; then - ac_cv_lbl_have_run_path=yes - else - ac_cv_lbl_have_run_path=no - fi - rm -f conftest*]) - AC_MSG_RESULT($ac_cv_lbl_have_run_path) - ]) - dnl dnl Due to the stupid way it's implemented, AC_CHECK_TYPE is nearly useless. dnl @@ -497,7 +528,7 @@ AC_DEFUN(AC_LBL_CHECK_TYPE, ac_cv_lbl_have_$1=no)) AC_MSG_RESULT($ac_cv_lbl_have_$1) if test $ac_cv_lbl_have_$1 = no ; then - AC_DEFINE($1, $2) + AC_DEFINE($1, $2, Define $1) fi]) dnl @@ -584,24 +615,27 @@ AC_DEFUN(AC_LBL_CHECK_WALL, [ if test "$GCC" = yes ; then if test "$SHLICC2" = yes ; then ac_cv_lbl_gcc_vers=2 - $1="`echo $$1 | sed -e 's/-O/-O2/'`" + $1="`echo $$1 | sed -e 's/-O/-O3/'`" else AC_MSG_CHECKING(gcc version) AC_CACHE_VAL(ac_cv_lbl_gcc_vers, - ac_cv_lbl_gcc_vers=`$CC --version 2>&1 | \ - sed -e 's/\..*//'`) + # Gag, the gcc folks keep changing the output... + # try to grab N.N.N + ac_cv_lbl_gcc_vers=`$CC --version 2>&1 | + sed -e '1!d' -e 's/[[[^0-9]]]*\([[[0-9]]][[[0-9]]]*\)\.[[[0-9\]]][[[0-9]]]*\.[[[0-9]]][[[0-9]]]*.*/\1/'`) AC_MSG_RESULT($ac_cv_lbl_gcc_vers) - if test $ac_cv_lbl_gcc_vers -gt 1 ; then - $1="`echo $$1 | sed -e 's/-O/-O2/'`" + if test "$ac_cv_lbl_gcc_vers" -gt 1 ; then + $1="`echo $$1 | sed -e 's/-O/-O3/'`" fi fi - if test "${LBL_CFLAGS+set}" != set; then - if test "$ac_cv_prog_cc_g" = yes ; then - $1="-g $$1" - fi - $1="$$1 -Wall" - if test $ac_cv_lbl_gcc_vers -gt 1 ; then - $1="$$1 -Wmissing-prototypes -Wstrict-prototypes" + if test "$ac_cv_prog_cc_g" = yes ; then + $1="-g $$1" + fi + $1="$$1 -Wall" + if test "$ac_cv_lbl_gcc_vers" -gt 1 ; then + $1="$$1 -Wmissing-prototypes -Wstrict-prototypes" + if [[ "`uname -s`" = "FreeBSD" ]]; then + $1="$$1 -Werror" fi fi else @@ -632,18 +666,16 @@ dnl $1 (copt appended) dnl HAVE_OS_PROTO_H (defined) dnl os-proto.h (symlinked) dnl -AC_DEFUN(AC_LBL_DEVEL, - [rm -f os-proto.h - if test "${LBL_CFLAGS+set}" = set; then - $1="$$1 ${LBL_CFLAGS}" - fi +AC_DEFUN(AC_LBL_DEVEL,[ + AC_BEFORE([$0], [AC_LBL_LD_RUN_PATH]) + rm -f os-proto.h if test -f .devel ; then AC_LBL_CHECK_WALL($1) os=`echo $target_os | sed -e 's/\([[0-9]][[0-9]]*\)[[^0-9]].*$/\1/'` name="lbl/os-$os.h" if test -f $name ; then ln -s $name os-proto.h - AC_DEFINE(HAVE_OS_PROTO_H) + AC_DEFINE(HAVE_OS_PROTO_H,,[have os-proto.h]) else AC_MSG_WARN(can't find $name) fi @@ -747,19 +779,200 @@ AC_DEFUN(AC_LBL_LIBRARY_NET, [ # libraries (i.e. libc): AC_CHECK_FUNC(gethostbyname, , # Some OSes (eg. Solaris) place it in libnsl: - AC_LBL_CHECK_LIB(nsl, gethostbyname, , + AC_CHECK_LIB(nsl, gethostbyname, , # Some strange OSes (SINIX) have it in libsocket: - AC_LBL_CHECK_LIB(socket, gethostbyname, , + AC_CHECK_LIB(socket, gethostbyname, , # Unfortunately libsocket sometimes depends on libnsl. # AC_CHECK_LIB's API is essentially broken so the # following ugliness is necessary: - AC_LBL_CHECK_LIB(socket, gethostbyname, + AC_CHECK_LIB(socket, gethostbyname, LIBS="-lsocket -lnsl $LIBS", AC_CHECK_LIB(resolv, gethostbyname), -lnsl)))) AC_CHECK_FUNC(socket, , AC_CHECK_LIB(socket, socket, , - AC_LBL_CHECK_LIB(socket, socket, LIBS="-lsocket -lnsl $LIBS", , + AC_CHECK_LIB(socket, socket, LIBS="-lsocket -lnsl $LIBS", , -lnsl))) # DLPI needs putmsg under HPUX so test for -lstr while we're at it AC_CHECK_LIB(str, putmsg) ]) + +dnl +dnl AC_LBL_RUN_PATH +dnl +dnl Extracts -L directories from LIBS; if any are found they are +dnl converted to a LD_RUN_PATH and put in V_ENVIRONMENT +dnl +dnl usage: +dnl +dnl AC_LBL_RUN_PATH +dnl +dnl results: +dnl +dnl V_ENVIRONMENT +dnl +AC_DEFUN(AC_LBL_LD_RUN_PATH, [ + AC_MSG_CHECKING(LD_RUN_PATH) + AC_SUBST(V_ENVIRONMENT) + dnl + dnl Split out -L directories + dnl + ldirs="" + for x in ${LIBS}; do + case x${x} in + + x-L*) + ldirs="${ldirs} ${x}" + ;; + + *) + ;; + esac + done + + dnl + dnl Build LD_RUN_PATH + dnl + if test -n "${ldirs}"; then + V_ENVIRONMENT="LD_RUN_PATH=\"`echo \"${ldirs}\" | sed -e 's,-L,,g' -e 's,^ *,,' -e 's, ,:,g'`\"" + AC_MSG_RESULT(${V_ENVIRONMENT}) + else + AC_MSG_RESULT(empty) + fi]) + +dnl +dnl AC_LBL_BROCCOLI +dnl +dnl Include Broccoli support +dnl +dnl usage: +dnl +dnl AC_LBL_BROCCOLI(copt, incls, [min-vers]) +dnl +dnl results: +dnl +dnl $1 (copt variable appended) +dnl $2 (incls variable appended) +dnl $3 minimum version (optional) +dnl +AC_DEFUN(AC_LBL_BROCCOLI, [ + AC_BEFORE([$0], [AC_LBL_LD_RUN_PATH]) + dnl + dnl configure flags + dnl + AC_ARG_WITH([broccoli], + [AS_HELP_STRING([--without-broccoli], + [disable Broccoli support @<:@default=check@:>@])], + ac_cv_with_broccoli=${withval}) + dnl + dnl Network application libraries + dnl + AC_LBL_LIBRARY_NET + + AC_MSG_CHECKING(for broccoli) + if test "${ac_cv_with_broccoli}" = "" -o \ + "${ac_cv_with_broccoli}" = yes ; then + cflags="" + libs="" + dnl + dnl Our entire path + dnl + dirs="`echo ${PATH} | sed -e 's/:/ /g'`" + dnl + dnl Add in default Bro install bin directory + dnl + dirs="${dirs} /usr/local/bro/bin" + for d in ${dirs}; do + if test -x ${d}/broccoli-config ; then + broccoli_config_path="${d}/broccoli-config" + cflags="`${broccoli_config_path} --cflags`" + libs="`${broccoli_config_path} --libs`" + break + fi + done + if test -n "${cflags}" ; then + ac_cv_have_broccoli=yes + else + ac_cv_have_broccoli=no + fi + AC_MSG_RESULT($ac_cv_have_broccoli) + if test "${ac_cv_with_broccoli}" = yes -a \ + ${ac_cv_have_broccoli} = "no" ; then + AC_MSG_ERROR(Broccoli explicitly enabled but not supported) + fi + else + AC_MSG_RESULT([disabled]) + fi + + dnl + dnl Optionally check for minimum Broccoli version + dnl + if test "$ac_cv_have_broccoli" = yes -a -n "$3"; then + AC_MSG_CHECKING(Broccoli >= $3) + BROCCOLI_VERSION="`${broccoli_config_path} --version`" + AC_MSG_RESULT(${BROCCOLI_VERSION}) + dnl + dnl Sort the two versions; the desired version should + dnl appear first (or perhaps 1st and 2nd) + dnl + tvers="`(echo "$3" ; echo ${BROCCOLI_VERSION}) | + sort -t. +0 -1n +1 -2n +2 -3n +3 -4n | + head -1`" + if test "${tvers}" != "$3"; then + if test "${ac_cv_with_broccoli}" = yes; then + AC_MSG_ERROR(Broccoli $3 or higher is required) + fi + AC_MSG_NOTICE(Broccoli support disabled) + ac_cv_have_broccoli="no" + fi + fi + + dnl + dnl Broccoli ho! + dnl + if test "$ac_cv_have_broccoli" = yes ; then + AC_DEFINE(HAVE_BROCCOLI) + dnl + dnl Split out -I directories + dnl + for x in ${cflags}; do + case x${x} in + + x-I*) + eval "$2=\"\$$2 ${x}\"" + ;; + + *) + eval "$1=\"\$$1 ${x}\"" + ;; + esac + done + + dnl + dnl Add in Broccoli libs + dnl + LIBS="$LIBS ${libs}" + + dnl + dnl Look for the libs in DIR or DIR/lib + dnl + AC_ARG_WITH([openssl], + [AS_HELP_STRING([--with-openssl=DIR], + [Use OpenSSL installation in DIR])], + [eval "$2=\"-I${withval}/include \$$2\"" + for x in ${withval}/lib ${withval}; do + if test -r ${x}/libssl.a; then + LIBS="-L${x} ${LIBS}" + break + fi + done]) + + dnl + dnl -lssl needs to come first on some systems! + dnl + AC_CHECK_LIB(ssl, OPENSSL_add_all_algorithms_conf, + [LIBS="${LIBS} -lssl -lcrypto"],,-lcrypto) + dnl + dnl Newer versions of 1.4.0 and anything higher needs bro_init() + dnl + AC_CHECK_LIB(broccoli, bro_init, [AC_DEFINE(HAVE_BRO_INIT)]) + fi]) diff --git a/contrib/nslint-3.0a2/config.guess b/contrib/nslint-3.0a2/config.guess new file mode 100755 index 0000000000..0e30d56e94 --- /dev/null +++ b/contrib/nslint-3.0a2/config.guess @@ -0,0 +1,1407 @@ +#! /bin/sh +# Attempt to guess a canonical system name. +# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, +# 2000, 2001, 2002, 2003 Free Software Foundation, Inc. + +timestamp='2003-07-02' + +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# Originally written by Per Bothner . +# Please send patches to . Submit a context +# diff and a properly formatted ChangeLog entry. +# +# This script attempts to guess a canonical system name similar to +# config.sub. If it succeeds, it prints the system name on stdout, and +# exits with 0. Otherwise, it exits with 1. +# +# The plan is that this can be called by configure scripts if you +# don't specify an explicit build system type. + +me=`echo "$0" | sed -e 's,.*/,,'` + +usage="\ +Usage: $0 [OPTION] + +Output the configuration name of the system \`$me' is run on. + +Operation modes: + -h, --help print this help, then exit + -t, --time-stamp print date of last modification, then exit + -v, --version print version number, then exit + +Report bugs and patches to ." + +version="\ +GNU config.guess ($timestamp) + +Originally written by Per Bothner. +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 +Free Software Foundation, Inc. + +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." + +help=" +Try \`$me --help' for more information." + +# Parse command line +while test $# -gt 0 ; do + case $1 in + --time-stamp | --time* | -t ) + echo "$timestamp" ; exit 0 ;; + --version | -v ) + echo "$version" ; exit 0 ;; + --help | --h* | -h ) + echo "$usage"; exit 0 ;; + -- ) # Stop option processing + shift; break ;; + - ) # Use stdin as input. + break ;; + -* ) + echo "$me: invalid option $1$help" >&2 + exit 1 ;; + * ) + break ;; + esac +done + +if test $# != 0; then + echo "$me: too many arguments$help" >&2 + exit 1 +fi + +trap 'exit 1' 1 2 15 + +# CC_FOR_BUILD -- compiler used by this script. Note that the use of a +# compiler to aid in system detection is discouraged as it requires +# temporary files to be created and, as you can see below, it is a +# headache to deal with in a portable fashion. + +# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still +# use `HOST_CC' if defined, but it is deprecated. + +# Portable tmp directory creation inspired by the Autoconf team. + +set_cc_for_build=' +trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; +trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; +: ${TMPDIR=/tmp} ; + { tmp=`(umask 077 && mktemp -d -q "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || + { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || + { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } || + { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ; +dummy=$tmp/dummy ; +tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ; +case $CC_FOR_BUILD,$HOST_CC,$CC in + ,,) echo "int x;" > $dummy.c ; + for c in cc gcc c89 c99 ; do + if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then + CC_FOR_BUILD="$c"; break ; + fi ; + done ; + if test x"$CC_FOR_BUILD" = x ; then + CC_FOR_BUILD=no_compiler_found ; + fi + ;; + ,,*) CC_FOR_BUILD=$CC ;; + ,*,*) CC_FOR_BUILD=$HOST_CC ;; +esac ;' + +# This is needed to find uname on a Pyramid OSx when run in the BSD universe. +# (ghazi@noc.rutgers.edu 1994-08-24) +if (test -f /.attbin/uname) >/dev/null 2>&1 ; then + PATH=$PATH:/.attbin ; export PATH +fi + +UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown +UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown +UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown +UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown + +# Note: order is significant - the case branches are not exclusive. + +case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in + *:NetBSD:*:*) + # NetBSD (nbsd) targets should (where applicable) match one or + # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*, + # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently + # switched to ELF, *-*-netbsd* would select the old + # object file format. This provides both forward + # compatibility and a consistent mechanism for selecting the + # object file format. + # + # Note: NetBSD doesn't particularly care about the vendor + # portion of the name. We always set it to "unknown". + sysctl="sysctl -n hw.machine_arch" + UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \ + /usr/sbin/$sysctl 2>/dev/null || echo unknown)` + case "${UNAME_MACHINE_ARCH}" in + armeb) machine=armeb-unknown ;; + arm*) machine=arm-unknown ;; + sh3el) machine=shl-unknown ;; + sh3eb) machine=sh-unknown ;; + *) machine=${UNAME_MACHINE_ARCH}-unknown ;; + esac + # The Operating System including object format, if it has switched + # to ELF recently, or will in the future. + case "${UNAME_MACHINE_ARCH}" in + arm*|i386|m68k|ns32k|sh3*|sparc|vax) + eval $set_cc_for_build + if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep __ELF__ >/dev/null + then + # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). + # Return netbsd for either. FIX? + os=netbsd + else + os=netbsdelf + fi + ;; + *) + os=netbsd + ;; + esac + # The OS release + # Debian GNU/NetBSD machines have a different userland, and + # thus, need a distinct triplet. However, they do not need + # kernel version information, so it can be replaced with a + # suitable tag, in the style of linux-gnu. + case "${UNAME_VERSION}" in + Debian*) + release='-gnu' + ;; + *) + release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` + ;; + esac + # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: + # contains redundant information, the shorter form: + # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. + echo "${machine}-${os}${release}" + exit 0 ;; + amiga:OpenBSD:*:*) + echo m68k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + arc:OpenBSD:*:*) + echo mipsel-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + hp300:OpenBSD:*:*) + echo m68k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + mac68k:OpenBSD:*:*) + echo m68k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + macppc:OpenBSD:*:*) + echo powerpc-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + mvme68k:OpenBSD:*:*) + echo m68k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + mvme88k:OpenBSD:*:*) + echo m88k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + mvmeppc:OpenBSD:*:*) + echo powerpc-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + pmax:OpenBSD:*:*) + echo mipsel-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + sgi:OpenBSD:*:*) + echo mipseb-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + sun3:OpenBSD:*:*) + echo m68k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + wgrisc:OpenBSD:*:*) + echo mipsel-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + *:OpenBSD:*:*) + echo ${UNAME_MACHINE}-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + alpha:OSF1:*:*) + if test $UNAME_RELEASE = "V4.0"; then + UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` + fi + # According to Compaq, /usr/sbin/psrinfo has been available on + # OSF/1 and Tru64 systems produced since 1995. I hope that + # covers most systems running today. This code pipes the CPU + # types through head -n 1, so we only detect the type of CPU 0. + ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` + case "$ALPHA_CPU_TYPE" in + "EV4 (21064)") + UNAME_MACHINE="alpha" ;; + "EV4.5 (21064)") + UNAME_MACHINE="alpha" ;; + "LCA4 (21066/21068)") + UNAME_MACHINE="alpha" ;; + "EV5 (21164)") + UNAME_MACHINE="alphaev5" ;; + "EV5.6 (21164A)") + UNAME_MACHINE="alphaev56" ;; + "EV5.6 (21164PC)") + UNAME_MACHINE="alphapca56" ;; + "EV5.7 (21164PC)") + UNAME_MACHINE="alphapca57" ;; + "EV6 (21264)") + UNAME_MACHINE="alphaev6" ;; + "EV6.7 (21264A)") + UNAME_MACHINE="alphaev67" ;; + "EV6.8CB (21264C)") + UNAME_MACHINE="alphaev68" ;; + "EV6.8AL (21264B)") + UNAME_MACHINE="alphaev68" ;; + "EV6.8CX (21264D)") + UNAME_MACHINE="alphaev68" ;; + "EV6.9A (21264/EV69A)") + UNAME_MACHINE="alphaev69" ;; + "EV7 (21364)") + UNAME_MACHINE="alphaev7" ;; + "EV7.9 (21364A)") + UNAME_MACHINE="alphaev79" ;; + esac + # A Vn.n version is a released version. + # A Tn.n version is a released field test version. + # A Xn.n version is an unreleased experimental baselevel. + # 1.2 uses "1.2" for uname -r. + echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + exit 0 ;; + Alpha*:OpenVMS:*:*) + echo alpha-hp-vms + exit 0 ;; + Alpha\ *:Windows_NT*:*) + # How do we know it's Interix rather than the generic POSIX subsystem? + # Should we change UNAME_MACHINE based on the output of uname instead + # of the specific Alpha model? + echo alpha-pc-interix + exit 0 ;; + 21064:Windows_NT:50:3) + echo alpha-dec-winnt3.5 + exit 0 ;; + Amiga*:UNIX_System_V:4.0:*) + echo m68k-unknown-sysv4 + exit 0;; + *:[Aa]miga[Oo][Ss]:*:*) + echo ${UNAME_MACHINE}-unknown-amigaos + exit 0 ;; + *:[Mm]orph[Oo][Ss]:*:*) + echo ${UNAME_MACHINE}-unknown-morphos + exit 0 ;; + *:OS/390:*:*) + echo i370-ibm-openedition + exit 0 ;; + arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) + echo arm-acorn-riscix${UNAME_RELEASE} + exit 0;; + SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) + echo hppa1.1-hitachi-hiuxmpp + exit 0;; + Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) + # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. + if test "`(/bin/universe) 2>/dev/null`" = att ; then + echo pyramid-pyramid-sysv3 + else + echo pyramid-pyramid-bsd + fi + exit 0 ;; + NILE*:*:*:dcosx) + echo pyramid-pyramid-svr4 + exit 0 ;; + DRS?6000:unix:4.0:6*) + echo sparc-icl-nx6 + exit 0 ;; + DRS?6000:UNIX_SV:4.2*:7*) + case `/usr/bin/uname -p` in + sparc) echo sparc-icl-nx7 && exit 0 ;; + esac ;; + sun4H:SunOS:5.*:*) + echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) + echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + i86pc:SunOS:5.*:*) + echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + sun4*:SunOS:6*:*) + # According to config.sub, this is the proper way to canonicalize + # SunOS6. Hard to guess exactly what SunOS6 will be like, but + # it's likely to be more like Solaris than SunOS4. + echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + sun4*:SunOS:*:*) + case "`/usr/bin/arch -k`" in + Series*|S4*) + UNAME_RELEASE=`uname -v` + ;; + esac + # Japanese Language versions have a version number like `4.1.3-JL'. + echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` + exit 0 ;; + sun3*:SunOS:*:*) + echo m68k-sun-sunos${UNAME_RELEASE} + exit 0 ;; + sun*:*:4.2BSD:*) + UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` + test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 + case "`/bin/arch`" in + sun3) + echo m68k-sun-sunos${UNAME_RELEASE} + ;; + sun4) + echo sparc-sun-sunos${UNAME_RELEASE} + ;; + esac + exit 0 ;; + aushp:SunOS:*:*) + echo sparc-auspex-sunos${UNAME_RELEASE} + exit 0 ;; + # The situation for MiNT is a little confusing. The machine name + # can be virtually everything (everything which is not + # "atarist" or "atariste" at least should have a processor + # > m68000). The system name ranges from "MiNT" over "FreeMiNT" + # to the lowercase version "mint" (or "freemint"). Finally + # the system name "TOS" denotes a system which is actually not + # MiNT. But MiNT is downward compatible to TOS, so this should + # be no problem. + atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} + exit 0 ;; + atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} + exit 0 ;; + *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} + exit 0 ;; + milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) + echo m68k-milan-mint${UNAME_RELEASE} + exit 0 ;; + hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) + echo m68k-hades-mint${UNAME_RELEASE} + exit 0 ;; + *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) + echo m68k-unknown-mint${UNAME_RELEASE} + exit 0 ;; + powerpc:machten:*:*) + echo powerpc-apple-machten${UNAME_RELEASE} + exit 0 ;; + RISC*:Mach:*:*) + echo mips-dec-mach_bsd4.3 + exit 0 ;; + RISC*:ULTRIX:*:*) + echo mips-dec-ultrix${UNAME_RELEASE} + exit 0 ;; + VAX*:ULTRIX*:*:*) + echo vax-dec-ultrix${UNAME_RELEASE} + exit 0 ;; + 2020:CLIX:*:* | 2430:CLIX:*:*) + echo clipper-intergraph-clix${UNAME_RELEASE} + exit 0 ;; + mips:*:*:UMIPS | mips:*:*:RISCos) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c +#ifdef __cplusplus +#include /* for printf() prototype */ + int main (int argc, char *argv[]) { +#else + int main (argc, argv) int argc; char *argv[]; { +#endif + #if defined (host_mips) && defined (MIPSEB) + #if defined (SYSTYPE_SYSV) + printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_SVR4) + printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) + printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); + #endif + #endif + exit (-1); + } +EOF + $CC_FOR_BUILD -o $dummy $dummy.c \ + && $dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \ + && exit 0 + echo mips-mips-riscos${UNAME_RELEASE} + exit 0 ;; + Motorola:PowerMAX_OS:*:*) + echo powerpc-motorola-powermax + exit 0 ;; + Motorola:*:4.3:PL8-*) + echo powerpc-harris-powermax + exit 0 ;; + Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) + echo powerpc-harris-powermax + exit 0 ;; + Night_Hawk:Power_UNIX:*:*) + echo powerpc-harris-powerunix + exit 0 ;; + m88k:CX/UX:7*:*) + echo m88k-harris-cxux7 + exit 0 ;; + m88k:*:4*:R4*) + echo m88k-motorola-sysv4 + exit 0 ;; + m88k:*:3*:R3*) + echo m88k-motorola-sysv3 + exit 0 ;; + AViiON:dgux:*:*) + # DG/UX returns AViiON for all architectures + UNAME_PROCESSOR=`/usr/bin/uname -p` + if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] + then + if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ + [ ${TARGET_BINARY_INTERFACE}x = x ] + then + echo m88k-dg-dgux${UNAME_RELEASE} + else + echo m88k-dg-dguxbcs${UNAME_RELEASE} + fi + else + echo i586-dg-dgux${UNAME_RELEASE} + fi + exit 0 ;; + M88*:DolphinOS:*:*) # DolphinOS (SVR3) + echo m88k-dolphin-sysv3 + exit 0 ;; + M88*:*:R3*:*) + # Delta 88k system running SVR3 + echo m88k-motorola-sysv3 + exit 0 ;; + XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) + echo m88k-tektronix-sysv3 + exit 0 ;; + Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) + echo m68k-tektronix-bsd + exit 0 ;; + *:IRIX*:*:*) + echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` + exit 0 ;; + ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. + echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id + exit 0 ;; # Note that: echo "'`uname -s`'" gives 'AIX ' + i*86:AIX:*:*) + echo i386-ibm-aix + exit 0 ;; + ia64:AIX:*:*) + if [ -x /usr/bin/oslevel ] ; then + IBM_REV=`/usr/bin/oslevel` + else + IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} + fi + echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} + exit 0 ;; + *:AIX:2:3) + if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #include + + main() + { + if (!__power_pc()) + exit(1); + puts("powerpc-ibm-aix3.2.5"); + exit(0); + } +EOF + $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && exit 0 + echo rs6000-ibm-aix3.2.5 + elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then + echo rs6000-ibm-aix3.2.4 + else + echo rs6000-ibm-aix3.2 + fi + exit 0 ;; + *:AIX:*:[45]) + IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` + if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then + IBM_ARCH=rs6000 + else + IBM_ARCH=powerpc + fi + if [ -x /usr/bin/oslevel ] ; then + IBM_REV=`/usr/bin/oslevel` + else + IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} + fi + echo ${IBM_ARCH}-ibm-aix${IBM_REV} + exit 0 ;; + *:AIX:*:*) + echo rs6000-ibm-aix + exit 0 ;; + ibmrt:4.4BSD:*|romp-ibm:BSD:*) + echo romp-ibm-bsd4.4 + exit 0 ;; + ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and + echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to + exit 0 ;; # report: romp-ibm BSD 4.3 + *:BOSX:*:*) + echo rs6000-bull-bosx + exit 0 ;; + DPX/2?00:B.O.S.:*:*) + echo m68k-bull-sysv3 + exit 0 ;; + 9000/[34]??:4.3bsd:1.*:*) + echo m68k-hp-bsd + exit 0 ;; + hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) + echo m68k-hp-bsd4.4 + exit 0 ;; + 9000/[34678]??:HP-UX:*:*) + HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` + case "${UNAME_MACHINE}" in + 9000/31? ) HP_ARCH=m68000 ;; + 9000/[34]?? ) HP_ARCH=m68k ;; + 9000/[678][0-9][0-9]) + if [ -x /usr/bin/getconf ]; then + sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` + sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` + case "${sc_cpu_version}" in + 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 + 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 + 532) # CPU_PA_RISC2_0 + case "${sc_kernel_bits}" in + 32) HP_ARCH="hppa2.0n" ;; + 64) HP_ARCH="hppa2.0w" ;; + '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 + esac ;; + esac + fi + if [ "${HP_ARCH}" = "" ]; then + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + + #define _HPUX_SOURCE + #include + #include + + int main () + { + #if defined(_SC_KERNEL_BITS) + long bits = sysconf(_SC_KERNEL_BITS); + #endif + long cpu = sysconf (_SC_CPU_VERSION); + + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1"); break; + case CPU_PA_RISC2_0: + #if defined(_SC_KERNEL_BITS) + switch (bits) + { + case 64: puts ("hppa2.0w"); break; + case 32: puts ("hppa2.0n"); break; + default: puts ("hppa2.0"); break; + } break; + #else /* !defined(_SC_KERNEL_BITS) */ + puts ("hppa2.0"); break; + #endif + default: puts ("hppa1.0"); break; + } + exit (0); + } +EOF + (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` + test -z "$HP_ARCH" && HP_ARCH=hppa + fi ;; + esac + if [ ${HP_ARCH} = "hppa2.0w" ] + then + # avoid double evaluation of $set_cc_for_build + test -n "$CC_FOR_BUILD" || eval $set_cc_for_build + if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E -) | grep __LP64__ >/dev/null + then + HP_ARCH="hppa2.0w" + else + HP_ARCH="hppa64" + fi + fi + echo ${HP_ARCH}-hp-hpux${HPUX_REV} + exit 0 ;; + ia64:HP-UX:*:*) + HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` + echo ia64-hp-hpux${HPUX_REV} + exit 0 ;; + 3050*:HI-UX:*:*) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #include + int + main () + { + long cpu = sysconf (_SC_CPU_VERSION); + /* The order matters, because CPU_IS_HP_MC68K erroneously returns + true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct + results, however. */ + if (CPU_IS_PA_RISC (cpu)) + { + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; + case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; + default: puts ("hppa-hitachi-hiuxwe2"); break; + } + } + else if (CPU_IS_HP_MC68K (cpu)) + puts ("m68k-hitachi-hiuxwe2"); + else puts ("unknown-hitachi-hiuxwe2"); + exit (0); + } +EOF + $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && exit 0 + echo unknown-hitachi-hiuxwe2 + exit 0 ;; + 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) + echo hppa1.1-hp-bsd + exit 0 ;; + 9000/8??:4.3bsd:*:*) + echo hppa1.0-hp-bsd + exit 0 ;; + *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) + echo hppa1.0-hp-mpeix + exit 0 ;; + hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) + echo hppa1.1-hp-osf + exit 0 ;; + hp8??:OSF1:*:*) + echo hppa1.0-hp-osf + exit 0 ;; + i*86:OSF1:*:*) + if [ -x /usr/sbin/sysversion ] ; then + echo ${UNAME_MACHINE}-unknown-osf1mk + else + echo ${UNAME_MACHINE}-unknown-osf1 + fi + exit 0 ;; + parisc*:Lites*:*:*) + echo hppa1.1-hp-lites + exit 0 ;; + C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) + echo c1-convex-bsd + exit 0 ;; + C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) + if getsysinfo -f scalar_acc + then echo c32-convex-bsd + else echo c2-convex-bsd + fi + exit 0 ;; + C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) + echo c34-convex-bsd + exit 0 ;; + C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) + echo c38-convex-bsd + exit 0 ;; + C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) + echo c4-convex-bsd + exit 0 ;; + CRAY*Y-MP:*:*:*) + echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit 0 ;; + CRAY*[A-Z]90:*:*:*) + echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ + | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ + -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ + -e 's/\.[^.]*$/.X/' + exit 0 ;; + CRAY*TS:*:*:*) + echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit 0 ;; + CRAY*T3E:*:*:*) + echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit 0 ;; + CRAY*SV1:*:*:*) + echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit 0 ;; + *:UNICOS/mp:*:*) + echo nv1-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit 0 ;; + F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) + FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` + FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` + echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + exit 0 ;; + i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) + echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} + exit 0 ;; + sparc*:BSD/OS:*:*) + echo sparc-unknown-bsdi${UNAME_RELEASE} + exit 0 ;; + *:BSD/OS:*:*) + echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} + exit 0 ;; + *:FreeBSD:*:*|*:GNU/FreeBSD:*:*) + # Determine whether the default compiler uses glibc. + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #include + #if __GLIBC__ >= 2 + LIBC=gnu + #else + LIBC= + #endif +EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=` + # GNU/FreeBSD systems have a "k" prefix to indicate we are using + # FreeBSD's kernel, but not the complete OS. + case ${LIBC} in gnu) kernel_only='k' ;; esac + echo ${UNAME_MACHINE}-unknown-${kernel_only}freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`${LIBC:+-$LIBC} + exit 0 ;; + i*:CYGWIN*:*) + echo ${UNAME_MACHINE}-pc-cygwin + exit 0 ;; + i*:MINGW*:*) + echo ${UNAME_MACHINE}-pc-mingw32 + exit 0 ;; + i*:PW*:*) + echo ${UNAME_MACHINE}-pc-pw32 + exit 0 ;; + x86:Interix*:[34]*) + echo i586-pc-interix${UNAME_RELEASE}|sed -e 's/\..*//' + exit 0 ;; + [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) + echo i${UNAME_MACHINE}-pc-mks + exit 0 ;; + i*:Windows_NT*:* | Pentium*:Windows_NT*:*) + # How do we know it's Interix rather than the generic POSIX subsystem? + # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we + # UNAME_MACHINE based on the output of uname instead of i386? + echo i586-pc-interix + exit 0 ;; + i*:UWIN*:*) + echo ${UNAME_MACHINE}-pc-uwin + exit 0 ;; + p*:CYGWIN*:*) + echo powerpcle-unknown-cygwin + exit 0 ;; + prep*:SunOS:5.*:*) + echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + *:GNU:*:*) + echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` + exit 0 ;; + i*86:Minix:*:*) + echo ${UNAME_MACHINE}-pc-minix + exit 0 ;; + arm*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit 0 ;; + cris:Linux:*:*) + echo cris-axis-linux-gnu + exit 0 ;; + ia64:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit 0 ;; + m68*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit 0 ;; + mips:Linux:*:*) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #undef CPU + #undef mips + #undef mipsel + #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) + CPU=mipsel + #else + #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) + CPU=mips + #else + CPU= + #endif + #endif +EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=` + test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0 + ;; + mips64:Linux:*:*) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #undef CPU + #undef mips64 + #undef mips64el + #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) + CPU=mips64el + #else + #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) + CPU=mips64 + #else + CPU= + #endif + #endif +EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=` + test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0 + ;; + ppc:Linux:*:*) + echo powerpc-unknown-linux-gnu + exit 0 ;; + ppc64:Linux:*:*) + echo powerpc64-unknown-linux-gnu + exit 0 ;; + alpha:Linux:*:*) + case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in + EV5) UNAME_MACHINE=alphaev5 ;; + EV56) UNAME_MACHINE=alphaev56 ;; + PCA56) UNAME_MACHINE=alphapca56 ;; + PCA57) UNAME_MACHINE=alphapca56 ;; + EV6) UNAME_MACHINE=alphaev6 ;; + EV67) UNAME_MACHINE=alphaev67 ;; + EV68*) UNAME_MACHINE=alphaev68 ;; + esac + objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null + if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi + echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} + exit 0 ;; + parisc:Linux:*:* | hppa:Linux:*:*) + # Look for CPU level + case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in + PA7*) echo hppa1.1-unknown-linux-gnu ;; + PA8*) echo hppa2.0-unknown-linux-gnu ;; + *) echo hppa-unknown-linux-gnu ;; + esac + exit 0 ;; + parisc64:Linux:*:* | hppa64:Linux:*:*) + echo hppa64-unknown-linux-gnu + exit 0 ;; + s390:Linux:*:* | s390x:Linux:*:*) + echo ${UNAME_MACHINE}-ibm-linux + exit 0 ;; + sh64*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit 0 ;; + sh*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit 0 ;; + sparc:Linux:*:* | sparc64:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit 0 ;; + x86_64:Linux:*:*) + echo x86_64-unknown-linux-gnu + exit 0 ;; + i*86:Linux:*:*) + # The BFD linker knows what the default object file format is, so + # first see if it will tell us. cd to the root directory to prevent + # problems with other programs or directories called `ld' in the path. + # Set LC_ALL=C to ensure ld outputs messages in English. + ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \ + | sed -ne '/supported targets:/!d + s/[ ][ ]*/ /g + s/.*supported targets: *// + s/ .*// + p'` + case "$ld_supported_targets" in + elf32-i386) + TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu" + ;; + a.out-i386-linux) + echo "${UNAME_MACHINE}-pc-linux-gnuaout" + exit 0 ;; + coff-i386) + echo "${UNAME_MACHINE}-pc-linux-gnucoff" + exit 0 ;; + "") + # Either a pre-BFD a.out linker (linux-gnuoldld) or + # one that does not give us useful --help. + echo "${UNAME_MACHINE}-pc-linux-gnuoldld" + exit 0 ;; + esac + # Determine whether the default compiler is a.out or elf + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #include + #ifdef __ELF__ + # ifdef __GLIBC__ + # if __GLIBC__ >= 2 + LIBC=gnu + # else + LIBC=gnulibc1 + # endif + # else + LIBC=gnulibc1 + # endif + #else + #ifdef __INTEL_COMPILER + LIBC=gnu + #else + LIBC=gnuaout + #endif + #endif +EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=` + test x"${LIBC}" != x && echo "${UNAME_MACHINE}-pc-linux-${LIBC}" && exit 0 + test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0 + ;; + i*86:DYNIX/ptx:4*:*) + # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. + # earlier versions are messed up and put the nodename in both + # sysname and nodename. + echo i386-sequent-sysv4 + exit 0 ;; + i*86:UNIX_SV:4.2MP:2.*) + # Unixware is an offshoot of SVR4, but it has its own version + # number series starting with 2... + # I am not positive that other SVR4 systems won't match this, + # I just have to hope. -- rms. + # Use sysv4.2uw... so that sysv4* matches it. + echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} + exit 0 ;; + i*86:OS/2:*:*) + # If we were able to find `uname', then EMX Unix compatibility + # is probably installed. + echo ${UNAME_MACHINE}-pc-os2-emx + exit 0 ;; + i*86:XTS-300:*:STOP) + echo ${UNAME_MACHINE}-unknown-stop + exit 0 ;; + i*86:atheos:*:*) + echo ${UNAME_MACHINE}-unknown-atheos + exit 0 ;; + i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*) + echo i386-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + i*86:*DOS:*:*) + echo ${UNAME_MACHINE}-pc-msdosdjgpp + exit 0 ;; + i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) + UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` + if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then + echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL} + else + echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} + fi + exit 0 ;; + i*86:*:5:[78]*) + case `/bin/uname -X | grep "^Machine"` in + *486*) UNAME_MACHINE=i486 ;; + *Pentium) UNAME_MACHINE=i586 ;; + *Pent*|*Celeron) UNAME_MACHINE=i686 ;; + esac + echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} + exit 0 ;; + i*86:*:3.2:*) + if test -f /usr/options/cb.name; then + UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then + UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` + (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 + (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \ + && UNAME_MACHINE=i586 + (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \ + && UNAME_MACHINE=i686 + (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ + && UNAME_MACHINE=i686 + echo ${UNAME_MACHINE}-pc-sco$UNAME_REL + else + echo ${UNAME_MACHINE}-pc-sysv32 + fi + exit 0 ;; + pc:*:*:*) + # Left here for compatibility: + # uname -m prints for DJGPP always 'pc', but it prints nothing about + # the processor, so we play safe by assuming i386. + echo i386-pc-msdosdjgpp + exit 0 ;; + Intel:Mach:3*:*) + echo i386-pc-mach3 + exit 0 ;; + paragon:*:*:*) + echo i860-intel-osf1 + exit 0 ;; + i860:*:4.*:*) # i860-SVR4 + if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then + echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 + else # Add other i860-SVR4 vendors below as they are discovered. + echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 + fi + exit 0 ;; + mini*:CTIX:SYS*5:*) + # "miniframe" + echo m68010-convergent-sysv + exit 0 ;; + mc68k:UNIX:SYSTEM5:3.51m) + echo m68k-convergent-sysv + exit 0 ;; + M680?0:D-NIX:5.3:*) + echo m68k-diab-dnix + exit 0 ;; + M68*:*:R3V[567]*:*) + test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;; + 3[34]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0) + OS_REL='' + test -r /etc/.relid \ + && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && echo i486-ncr-sysv4.3${OS_REL} && exit 0 + /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ + && echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;; + 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && echo i486-ncr-sysv4 && exit 0 ;; + m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) + echo m68k-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + mc68030:UNIX_System_V:4.*:*) + echo m68k-atari-sysv4 + exit 0 ;; + TSUNAMI:LynxOS:2.*:*) + echo sparc-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + rs6000:LynxOS:2.*:*) + echo rs6000-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*) + echo powerpc-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + SM[BE]S:UNIX_SV:*:*) + echo mips-dde-sysv${UNAME_RELEASE} + exit 0 ;; + RM*:ReliantUNIX-*:*:*) + echo mips-sni-sysv4 + exit 0 ;; + RM*:SINIX-*:*:*) + echo mips-sni-sysv4 + exit 0 ;; + *:SINIX-*:*:*) + if uname -p 2>/dev/null >/dev/null ; then + UNAME_MACHINE=`(uname -p) 2>/dev/null` + echo ${UNAME_MACHINE}-sni-sysv4 + else + echo ns32k-sni-sysv + fi + exit 0 ;; + PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort + # says + echo i586-unisys-sysv4 + exit 0 ;; + *:UNIX_System_V:4*:FTX*) + # From Gerald Hewes . + # How about differentiating between stratus architectures? -djm + echo hppa1.1-stratus-sysv4 + exit 0 ;; + *:*:*:FTX*) + # From seanf@swdc.stratus.com. + echo i860-stratus-sysv4 + exit 0 ;; + *:VOS:*:*) + # From Paul.Green@stratus.com. + echo hppa1.1-stratus-vos + exit 0 ;; + mc68*:A/UX:*:*) + echo m68k-apple-aux${UNAME_RELEASE} + exit 0 ;; + news*:NEWS-OS:6*:*) + echo mips-sony-newsos6 + exit 0 ;; + R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) + if [ -d /usr/nec ]; then + echo mips-nec-sysv${UNAME_RELEASE} + else + echo mips-unknown-sysv${UNAME_RELEASE} + fi + exit 0 ;; + BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. + echo powerpc-be-beos + exit 0 ;; + BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. + echo powerpc-apple-beos + exit 0 ;; + BePC:BeOS:*:*) # BeOS running on Intel PC compatible. + echo i586-pc-beos + exit 0 ;; + SX-4:SUPER-UX:*:*) + echo sx4-nec-superux${UNAME_RELEASE} + exit 0 ;; + SX-5:SUPER-UX:*:*) + echo sx5-nec-superux${UNAME_RELEASE} + exit 0 ;; + SX-6:SUPER-UX:*:*) + echo sx6-nec-superux${UNAME_RELEASE} + exit 0 ;; + Power*:Rhapsody:*:*) + echo powerpc-apple-rhapsody${UNAME_RELEASE} + exit 0 ;; + *:Rhapsody:*:*) + echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} + exit 0 ;; + *:Darwin:*:*) + case `uname -p` in + *86) UNAME_PROCESSOR=i686 ;; + powerpc) UNAME_PROCESSOR=powerpc ;; + esac + echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} + exit 0 ;; + *:procnto*:*:* | *:QNX:[0123456789]*:*) + UNAME_PROCESSOR=`uname -p` + if test "$UNAME_PROCESSOR" = "x86"; then + UNAME_PROCESSOR=i386 + UNAME_MACHINE=pc + fi + echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} + exit 0 ;; + *:QNX:*:4*) + echo i386-pc-qnx + exit 0 ;; + NSR-[DGKLNPTVW]:NONSTOP_KERNEL:*:*) + echo nsr-tandem-nsk${UNAME_RELEASE} + exit 0 ;; + *:NonStop-UX:*:*) + echo mips-compaq-nonstopux + exit 0 ;; + BS2000:POSIX*:*:*) + echo bs2000-siemens-sysv + exit 0 ;; + DS/*:UNIX_System_V:*:*) + echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} + exit 0 ;; + *:Plan9:*:*) + # "uname -m" is not consistent, so use $cputype instead. 386 + # is converted to i386 for consistency with other x86 + # operating systems. + if test "$cputype" = "386"; then + UNAME_MACHINE=i386 + else + UNAME_MACHINE="$cputype" + fi + echo ${UNAME_MACHINE}-unknown-plan9 + exit 0 ;; + *:TOPS-10:*:*) + echo pdp10-unknown-tops10 + exit 0 ;; + *:TENEX:*:*) + echo pdp10-unknown-tenex + exit 0 ;; + KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) + echo pdp10-dec-tops20 + exit 0 ;; + XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) + echo pdp10-xkl-tops20 + exit 0 ;; + *:TOPS-20:*:*) + echo pdp10-unknown-tops20 + exit 0 ;; + *:ITS:*:*) + echo pdp10-unknown-its + exit 0 ;; + SEI:*:*:SEIUX) + echo mips-sei-seiux${UNAME_RELEASE} + exit 0 ;; +esac + +#echo '(No uname command or uname output not recognized.)' 1>&2 +#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 + +eval $set_cc_for_build +cat >$dummy.c < +# include +#endif +main () +{ +#if defined (sony) +#if defined (MIPSEB) + /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, + I don't know.... */ + printf ("mips-sony-bsd\n"); exit (0); +#else +#include + printf ("m68k-sony-newsos%s\n", +#ifdef NEWSOS4 + "4" +#else + "" +#endif + ); exit (0); +#endif +#endif + +#if defined (__arm) && defined (__acorn) && defined (__unix) + printf ("arm-acorn-riscix"); exit (0); +#endif + +#if defined (hp300) && !defined (hpux) + printf ("m68k-hp-bsd\n"); exit (0); +#endif + +#if defined (NeXT) +#if !defined (__ARCHITECTURE__) +#define __ARCHITECTURE__ "m68k" +#endif + int version; + version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; + if (version < 4) + printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); + else + printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); + exit (0); +#endif + +#if defined (MULTIMAX) || defined (n16) +#if defined (UMAXV) + printf ("ns32k-encore-sysv\n"); exit (0); +#else +#if defined (CMU) + printf ("ns32k-encore-mach\n"); exit (0); +#else + printf ("ns32k-encore-bsd\n"); exit (0); +#endif +#endif +#endif + +#if defined (__386BSD__) + printf ("i386-pc-bsd\n"); exit (0); +#endif + +#if defined (sequent) +#if defined (i386) + printf ("i386-sequent-dynix\n"); exit (0); +#endif +#if defined (ns32000) + printf ("ns32k-sequent-dynix\n"); exit (0); +#endif +#endif + +#if defined (_SEQUENT_) + struct utsname un; + + uname(&un); + + if (strncmp(un.version, "V2", 2) == 0) { + printf ("i386-sequent-ptx2\n"); exit (0); + } + if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ + printf ("i386-sequent-ptx1\n"); exit (0); + } + printf ("i386-sequent-ptx\n"); exit (0); + +#endif + +#if defined (vax) +# if !defined (ultrix) +# include +# if defined (BSD) +# if BSD == 43 + printf ("vax-dec-bsd4.3\n"); exit (0); +# else +# if BSD == 199006 + printf ("vax-dec-bsd4.3reno\n"); exit (0); +# else + printf ("vax-dec-bsd\n"); exit (0); +# endif +# endif +# else + printf ("vax-dec-bsd\n"); exit (0); +# endif +# else + printf ("vax-dec-ultrix\n"); exit (0); +# endif +#endif + +#if defined (alliant) && defined (i860) + printf ("i860-alliant-bsd\n"); exit (0); +#endif + + exit (1); +} +EOF + +$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && $dummy && exit 0 + +# Apollos put the system type in the environment. + +test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; } + +# Convex versions that predate uname can use getsysinfo(1) + +if [ -x /usr/convex/getsysinfo ] +then + case `getsysinfo -f cpu_type` in + c1*) + echo c1-convex-bsd + exit 0 ;; + c2*) + if getsysinfo -f scalar_acc + then echo c32-convex-bsd + else echo c2-convex-bsd + fi + exit 0 ;; + c34*) + echo c34-convex-bsd + exit 0 ;; + c38*) + echo c38-convex-bsd + exit 0 ;; + c4*) + echo c4-convex-bsd + exit 0 ;; + esac +fi + +cat >&2 < in order to provide the needed +information to handle your system. + +config.guess timestamp = $timestamp + +uname -m = `(uname -m) 2>/dev/null || echo unknown` +uname -r = `(uname -r) 2>/dev/null || echo unknown` +uname -s = `(uname -s) 2>/dev/null || echo unknown` +uname -v = `(uname -v) 2>/dev/null || echo unknown` + +/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null` +/bin/uname -X = `(/bin/uname -X) 2>/dev/null` + +hostinfo = `(hostinfo) 2>/dev/null` +/bin/universe = `(/bin/universe) 2>/dev/null` +/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null` +/bin/arch = `(/bin/arch) 2>/dev/null` +/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null` +/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null` + +UNAME_MACHINE = ${UNAME_MACHINE} +UNAME_RELEASE = ${UNAME_RELEASE} +UNAME_SYSTEM = ${UNAME_SYSTEM} +UNAME_VERSION = ${UNAME_VERSION} +EOF + +exit 1 + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "timestamp='" +# time-stamp-format: "%:y-%02m-%02d" +# time-stamp-end: "'" +# End: diff --git a/contrib/nslint-2.1a3/config.sub b/contrib/nslint-3.0a2/config.sub old mode 100644 new mode 100755 similarity index 54% rename from contrib/nslint-2.1a3/config.sub rename to contrib/nslint-3.0a2/config.sub index 0432524944..9d7f733905 --- a/contrib/nslint-2.1a3/config.sub +++ b/contrib/nslint-3.0a2/config.sub @@ -1,6 +1,10 @@ #! /bin/sh -# Configuration validation subroutine script, version 1.1. -# Copyright (C) 1991, 92, 93, 94, 95, 1996 Free Software Foundation, Inc. +# Configuration validation subroutine script. +# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, +# 2000, 2001, 2002, 2003 Free Software Foundation, Inc. + +timestamp='2003-07-04' + # This file is (in principle) common to ALL GNU software. # The presence of a machine in this file suggests that SOME GNU software # can handle that machine. It does not imply ALL GNU software can. @@ -25,6 +29,9 @@ # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. +# Please send patches to . Submit a context +# diff and a properly formatted ChangeLog entry. +# # Configuration subroutine to validate and canonicalize a configuration type. # Supply the specified configuration type as an argument. # If it is invalid, we print an error message on stderr and exit with code 1. @@ -45,30 +52,73 @@ # CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM # It is wrong to echo any other type of specification. -if [ x$1 = x ] -then - echo Configuration name missing. 1>&2 - echo "Usage: $0 CPU-MFR-OPSYS" 1>&2 - echo "or $0 ALIAS" 1>&2 - echo where ALIAS is a recognized configuration type. 1>&2 - exit 1 -fi +me=`echo "$0" | sed -e 's,.*/,,'` -# First pass through any local machine types. -case $1 in - *local*) - echo $1 - exit 0 - ;; - *) - ;; +usage="\ +Usage: $0 [OPTION] CPU-MFR-OPSYS + $0 [OPTION] ALIAS + +Canonicalize a configuration name. + +Operation modes: + -h, --help print this help, then exit + -t, --time-stamp print date of last modification, then exit + -v, --version print version number, then exit + +Report bugs and patches to ." + +version="\ +GNU config.sub ($timestamp) + +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 +Free Software Foundation, Inc. + +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." + +help=" +Try \`$me --help' for more information." + +# Parse command line +while test $# -gt 0 ; do + case $1 in + --time-stamp | --time* | -t ) + echo "$timestamp" ; exit 0 ;; + --version | -v ) + echo "$version" ; exit 0 ;; + --help | --h* | -h ) + echo "$usage"; exit 0 ;; + -- ) # Stop option processing + shift; break ;; + - ) # Use stdin as input. + break ;; + -* ) + echo "$me: invalid option $1$help" + exit 1 ;; + + *local*) + # First pass through any local machine types. + echo $1 + exit 0;; + + * ) + break ;; + esac +done + +case $# in + 0) echo "$me: missing argument$help" >&2 + exit 1;; + 1) ;; + *) echo "$me: too many arguments$help" >&2 + exit 1;; esac # Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). # Here we must recognize all the valid KERNEL-OS combinations. maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` case $maybe_os in - linux-gnu*) + nto-qnx* | linux-gnu* | kfreebsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*) os=-$maybe_os basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` ;; @@ -94,15 +144,33 @@ case $os in -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ - -apple) + -apple | -axis) os= basic_machine=$1 ;; + -sim | -cisco | -oki | -wec | -winbond) + os= + basic_machine=$1 + ;; + -scout) + ;; + -wrs) + os=-vxworks + basic_machine=$1 + ;; + -chorusos*) + os=-chorusos + basic_machine=$1 + ;; + -chorusrdb) + os=-chorusrdb + basic_machine=$1 + ;; -hiux*) os=-hiuxwe2 ;; -sco5) - os=sco3.2v5 + os=-sco3.2v5 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco4) @@ -121,6 +189,9 @@ case $os in os=-sco3.2v2 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; + -udk*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; -isc) os=-isc2.2 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` @@ -143,25 +214,72 @@ case $os in -psos*) os=-psos ;; + -mint | -mint[0-9]*) + basic_machine=m68k-atari + os=-mint + ;; esac # Decode aliases for certain CPU-COMPANY combinations. case $basic_machine in # Recognize the basic CPU types without company name. # Some are omitted here because they have special meanings below. - tahoe | i860 | m68k | m68000 | m88k | ns32k | arm \ - | arme[lb] | pyramid \ - | tron | a29k | 580 | i960 | h8300 | hppa | hppa1.0 | hppa1.1 \ - | alpha | we32k | ns16k | clipper | i370 | sh \ - | powerpc | powerpcle | 1750a | dsp16xx | mips64 | mipsel \ - | pdp11 | mips64el | mips64orion | mips64orionel \ - | sparc | sparclet | sparclite | sparc64) + 1750a | 580 \ + | a29k \ + | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ + | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ + | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \ + | c4x | clipper \ + | d10v | d30v | dlx | dsp16xx \ + | fr30 | frv \ + | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ + | i370 | i860 | i960 | ia64 \ + | ip2k \ + | m32r | m68000 | m68k | m88k | mcore \ + | mips | mipsbe | mipseb | mipsel | mipsle \ + | mips16 \ + | mips64 | mips64el \ + | mips64vr | mips64vrel \ + | mips64orion | mips64orionel \ + | mips64vr4100 | mips64vr4100el \ + | mips64vr4300 | mips64vr4300el \ + | mips64vr5000 | mips64vr5000el \ + | mipsisa32 | mipsisa32el \ + | mipsisa32r2 | mipsisa32r2el \ + | mipsisa64 | mipsisa64el \ + | mipsisa64sb1 | mipsisa64sb1el \ + | mipsisa64sr71k | mipsisa64sr71kel \ + | mipstx39 | mipstx39el \ + | mn10200 | mn10300 \ + | msp430 \ + | ns16k | ns32k \ + | openrisc | or32 \ + | pdp10 | pdp11 | pj | pjl \ + | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ + | pyramid \ + | sh | sh[1234] | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \ + | sh64 | sh64le \ + | sparc | sparc64 | sparc86x | sparclet | sparclite | sparcv9 | sparcv9b \ + | strongarm \ + | tahoe | thumb | tic4x | tic80 | tron \ + | v850 | v850e \ + | we32k \ + | x86 | xscale | xstormy16 | xtensa \ + | z8k) basic_machine=$basic_machine-unknown ;; + m6811 | m68hc11 | m6812 | m68hc12) + # Motorola 68HC11/12. + basic_machine=$basic_machine-unknown + os=-none + ;; + m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k) + ;; + # We use `pc' rather than `unknown' # because (1) that's what they normally are, and # (2) the word "unknown" tends to confuse beginning users. - i[3456]86) + i*86 | x86_64) basic_machine=$basic_machine-pc ;; # Object if more than one company name word. @@ -170,23 +288,81 @@ case $basic_machine in exit 1 ;; # Recognize the basic CPU types with company name. - vax-* | tahoe-* | i[3456]86-* | i860-* | m68k-* | m68000-* | m88k-* \ - | sparc-* | ns32k-* | fx80-* | arm-* | c[123]* \ - | mips-* | pyramid-* | tron-* | a29k-* | romp-* | rs6000-* | power-* \ - | none-* | 580-* | cray2-* | h8300-* | i960-* | xmp-* | ymp-* \ - | hppa-* | hppa1.0-* | hppa1.1-* | alpha-* | we32k-* | cydra-* | ns16k-* \ - | pn-* | np1-* | xps100-* | clipper-* | orion-* | sparclite-* \ - | pdp11-* | sh-* | powerpc-* | powerpcle-* | sparc64-* | mips64-* | mipsel-* \ - | mips64el-* | mips64orion-* | mips64orionel-* | f301-*) + 580-* \ + | a29k-* \ + | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ + | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ + | alphapca5[67]-* | alpha64pca5[67]-* | amd64-* | arc-* \ + | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ + | avr-* \ + | bs2000-* \ + | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \ + | clipper-* | cydra-* \ + | d10v-* | d30v-* | dlx-* \ + | elxsi-* \ + | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \ + | h8300-* | h8500-* \ + | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ + | i*86-* | i860-* | i960-* | ia64-* \ + | ip2k-* \ + | m32r-* \ + | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ + | m88110-* | m88k-* | mcore-* \ + | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ + | mips16-* \ + | mips64-* | mips64el-* \ + | mips64vr-* | mips64vrel-* \ + | mips64orion-* | mips64orionel-* \ + | mips64vr4100-* | mips64vr4100el-* \ + | mips64vr4300-* | mips64vr4300el-* \ + | mips64vr5000-* | mips64vr5000el-* \ + | mipsisa32-* | mipsisa32el-* \ + | mipsisa32r2-* | mipsisa32r2el-* \ + | mipsisa64-* | mipsisa64el-* \ + | mipsisa64sb1-* | mipsisa64sb1el-* \ + | mipsisa64sr71k-* | mipsisa64sr71kel-* \ + | mipstx39-* | mipstx39el-* \ + | msp430-* \ + | none-* | np1-* | nv1-* | ns16k-* | ns32k-* \ + | orion-* \ + | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ + | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ + | pyramid-* \ + | romp-* | rs6000-* \ + | sh-* | sh[1234]-* | sh[23]e-* | sh[34]eb-* | shbe-* \ + | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ + | sparc-* | sparc64-* | sparc86x-* | sparclet-* | sparclite-* \ + | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \ + | tahoe-* | thumb-* \ + | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ + | tron-* \ + | v850-* | v850e-* | vax-* \ + | we32k-* \ + | x86-* | x86_64-* | xps100-* | xscale-* | xstormy16-* \ + | xtensa-* \ + | ymp-* \ + | z8k-*) ;; # Recognize the various machine names and aliases which stand # for a CPU type and a company and sometimes even an OS. + 386bsd) + basic_machine=i386-unknown + os=-bsd + ;; 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) basic_machine=m68000-att ;; 3b*) basic_machine=we32k-att ;; + a29khif) + basic_machine=a29k-amd + os=-udi + ;; + adobe68k) + basic_machine=m68010-adobe + os=-scout + ;; alliant | fx80) basic_machine=fx80-alliant ;; @@ -197,25 +373,32 @@ case $basic_machine in basic_machine=a29k-none os=-bsd ;; + amd64) + basic_machine=x86_64-pc + ;; amdahl) basic_machine=580-amdahl os=-sysv ;; amiga | amiga-*) - basic_machine=m68k-cbm + basic_machine=m68k-unknown ;; - amigados) - basic_machine=m68k-cbm - os=-amigados + amigaos | amigados) + basic_machine=m68k-unknown + os=-amigaos ;; amigaunix | amix) - basic_machine=m68k-cbm + basic_machine=m68k-unknown os=-sysv4 ;; apollo68) basic_machine=m68k-apollo os=-sysv ;; + apollo68bsd) + basic_machine=m68k-apollo + os=-bsd + ;; aux) basic_machine=m68k-apple os=-aux @@ -224,6 +407,10 @@ case $basic_machine in basic_machine=ns32k-sequent os=-dynix ;; + c90) + basic_machine=c90-cray + os=-unicos + ;; convex-c1) basic_machine=c1-convex os=-bsd @@ -244,27 +431,30 @@ case $basic_machine in basic_machine=c38-convex os=-bsd ;; - cray | ymp) - basic_machine=ymp-cray - os=-unicos - ;; - cray2) - basic_machine=cray2-cray - os=-unicos - ;; - [ctj]90-cray) - basic_machine=c90-cray + cray | j90) + basic_machine=j90-cray os=-unicos ;; crds | unos) basic_machine=m68k-crds ;; + cris | cris-* | etrax*) + basic_machine=cris-axis + ;; da30 | da30-*) basic_machine=m68k-da30 ;; decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) basic_machine=mips-dec ;; + decsystem10* | dec10*) + basic_machine=pdp10-dec + os=-tops10 + ;; + decsystem20* | dec20*) + basic_machine=pdp10-dec + os=-tops20 + ;; delta | 3300 | motorola-3300 | motorola-delta \ | 3300-motorola | delta-motorola) basic_machine=m68k-motorola @@ -292,6 +482,10 @@ case $basic_machine in encore | umax | mmax) basic_machine=ns32k-encore ;; + es1800 | OSE68k | ose68k | ose | OSE) + basic_machine=m68k-ericsson + os=-ose + ;; fx2800) basic_machine=i860-alliant ;; @@ -302,6 +496,10 @@ case $basic_machine in basic_machine=tron-gmicro os=-sysv ;; + go32) + basic_machine=i386-pc + os=-go32 + ;; h3050r* | hiux*) basic_machine=hppa1.1-hitachi os=-hiuxwe2 @@ -310,6 +508,14 @@ case $basic_machine in basic_machine=h8300-hitachi os=-hms ;; + h8300xray) + basic_machine=h8300-hitachi + os=-xray + ;; + h8500hms) + basic_machine=h8500-hitachi + os=-hms + ;; harris) basic_machine=m88k-harris os=-sysv3 @@ -325,13 +531,30 @@ case $basic_machine in basic_machine=m68k-hp os=-hpux ;; + hp3k9[0-9][0-9] | hp9[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; hp9k2[0-9][0-9] | hp9k31[0-9]) basic_machine=m68000-hp ;; hp9k3[2-9][0-9]) basic_machine=m68k-hp ;; - hp9k7[0-9][0-9] | hp7[0-9][0-9] | hp9k8[0-9]7 | hp8[0-9]7) + hp9k6[0-9][0-9] | hp6[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hp9k7[0-79][0-9] | hp7[0-79][0-9]) + basic_machine=hppa1.1-hp + ;; + hp9k78[0-9] | hp78[0-9]) + # FIXME: really hppa2.0-hp + basic_machine=hppa1.1-hp + ;; + hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) + # FIXME: really hppa2.0-hp + basic_machine=hppa1.1-hp + ;; + hp9k8[0-9][13679] | hp8[0-9][13679]) basic_machine=hppa1.1-hp ;; hp9k8[0-9][0-9] | hp8[0-9][0-9]) @@ -340,27 +563,42 @@ case $basic_machine in hppa-next) os=-nextstep3 ;; + hppaosf) + basic_machine=hppa1.1-hp + os=-osf + ;; + hppro) + basic_machine=hppa1.1-hp + os=-proelf + ;; i370-ibm* | ibm*) basic_machine=i370-ibm - os=-mvs ;; # I'm not sure what "Sysv32" means. Should this be sysv3.2? - i[3456]86v32) + i*86v32) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv32 ;; - i[3456]86v4*) + i*86v4*) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv4 ;; - i[3456]86v) + i*86v) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv ;; - i[3456]86sol2) + i*86sol2) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-solaris2 ;; + i386mach) + basic_machine=i386-mach + os=-mach + ;; + i386-vsta | vsta) + basic_machine=i386-unknown + os=-vsta + ;; iris | iris4d) basic_machine=mips-sgi case $os in @@ -386,19 +624,55 @@ case $basic_machine in basic_machine=ns32k-utek os=-sysv ;; + mingw32) + basic_machine=i386-pc + os=-mingw32 + ;; miniframe) basic_machine=m68000-convergent ;; + *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*) + basic_machine=m68k-atari + os=-mint + ;; mips3*-*) basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` ;; mips3*) basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown ;; + mmix*) + basic_machine=mmix-knuth + os=-mmixware + ;; + monitor) + basic_machine=m68k-rom68k + os=-coff + ;; + morphos) + basic_machine=powerpc-unknown + os=-morphos + ;; + msdos) + basic_machine=i386-pc + os=-msdos + ;; + mvs) + basic_machine=i370-ibm + os=-mvs + ;; ncr3000) basic_machine=i486-ncr os=-sysv4 ;; + netbsd386) + basic_machine=i386-unknown + os=-netbsd + ;; + netwinder) + basic_machine=armv4l-rebel + os=-linux + ;; news | news700 | news800 | news900) basic_machine=m68k-sony os=-newsos @@ -411,6 +685,10 @@ case $basic_machine in basic_machine=mips-sony os=-newsos ;; + necv70) + basic_machine=v70-nec + os=-sysv + ;; next | m*-next ) basic_machine=m68k-next case $os in @@ -436,9 +714,40 @@ case $basic_machine in basic_machine=i960-intel os=-nindy ;; + mon960) + basic_machine=i960-intel + os=-mon960 + ;; + nonstopux) + basic_machine=mips-compaq + os=-nonstopux + ;; np1) basic_machine=np1-gould ;; + nv1) + basic_machine=nv1-cray + os=-unicosmp + ;; + nsr-tandem) + basic_machine=nsr-tandem + ;; + op50n-* | op60c-*) + basic_machine=hppa1.1-oki + os=-proelf + ;; + or32 | or32-*) + basic_machine=or32-unknown + os=-coff + ;; + OSE68000 | ose68000) + basic_machine=m68000-ericsson + os=-ose + ;; + os68k) + basic_machine=m68k-none + os=-os68k + ;; pa-hitachi) basic_machine=hppa1.1-hitachi os=-hiuxwe2 @@ -453,53 +762,95 @@ case $basic_machine in pbb) basic_machine=m68k-tti ;; - pc532 | pc532-*) + pc532 | pc532-*) basic_machine=ns32k-pc532 ;; - pentium | p5) - basic_machine=i586-intel + pentium | p5 | k5 | k6 | nexgen | viac3) + basic_machine=i586-pc ;; - pentiumpro | p6) - basic_machine=i686-intel + pentiumpro | p6 | 6x86 | athlon | athlon_*) + basic_machine=i686-pc ;; - pentium-* | p5-*) + pentiumii | pentium2 | pentiumiii | pentium3) + basic_machine=i686-pc + ;; + pentium4) + basic_machine=i786-pc + ;; + pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` ;; - pentiumpro-* | p6-*) + pentiumpro-* | p6-* | 6x86-* | athlon-*) basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` ;; - k5) - # We don't have specific support for AMD's K5 yet, so just call it a Pentium - basic_machine=i586-amd + pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) + basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` ;; - nexen) - # We don't have specific support for Nexgen yet, so just call it a Pentium - basic_machine=i586-nexgen + pentium4-*) + basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pn) basic_machine=pn-gould ;; - power) basic_machine=rs6000-ibm + power) basic_machine=power-ibm ;; ppc) basic_machine=powerpc-unknown - ;; + ;; ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppcle | powerpclittle | ppc-le | powerpc-little) basic_machine=powerpcle-unknown - ;; + ;; ppcle-* | powerpclittle-*) basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` ;; + ppc64) basic_machine=powerpc64-unknown + ;; + ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppc64le | powerpc64little | ppc64-le | powerpc64-little) + basic_machine=powerpc64le-unknown + ;; + ppc64le-* | powerpc64little-*) + basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; ps2) basic_machine=i386-ibm ;; + pw32) + basic_machine=i586-unknown + os=-pw32 + ;; + rom68k) + basic_machine=m68k-rom68k + os=-coff + ;; rm[46]00) basic_machine=mips-siemens ;; rtpc | rtpc-*) basic_machine=romp-ibm ;; + s390 | s390-*) + basic_machine=s390-ibm + ;; + s390x | s390x-*) + basic_machine=s390x-ibm + ;; + sa29200) + basic_machine=a29k-amd + os=-udi + ;; + sb1) + basic_machine=mipsisa64sb1-unknown + ;; + sb1el) + basic_machine=mipsisa64sb1el-unknown + ;; + sei) + basic_machine=mips-sei + os=-seiux + ;; sequent) basic_machine=i386-sequent ;; @@ -507,6 +858,13 @@ case $basic_machine in basic_machine=sh-hitachi os=-hms ;; + sh64) + basic_machine=sh64-unknown + ;; + sparclite-wrs | simso-wrs) + basic_machine=sparclite-wrs + os=-vxworks + ;; sps7) basic_machine=m68k-bull os=-sysv2 @@ -514,6 +872,13 @@ case $basic_machine in spur) basic_machine=spur-unknown ;; + st2000) + basic_machine=m68k-tandem + ;; + stratus) + basic_machine=i860-stratus + os=-sysv4 + ;; sun2) basic_machine=m68000-sun ;; @@ -554,10 +919,44 @@ case $basic_machine in sun386 | sun386i | roadrunner) basic_machine=i386-sun ;; + sv1) + basic_machine=sv1-cray + os=-unicos + ;; symmetry) basic_machine=i386-sequent os=-dynix ;; + t3e) + basic_machine=alphaev5-cray + os=-unicos + ;; + t90) + basic_machine=t90-cray + os=-unicos + ;; + tic54x | c54x*) + basic_machine=tic54x-unknown + os=-coff + ;; + tic55x | c55x*) + basic_machine=tic55x-unknown + os=-coff + ;; + tic6x | c6x*) + basic_machine=tic6x-unknown + os=-coff + ;; + tx39) + basic_machine=mipstx39-unknown + ;; + tx39el) + basic_machine=mipstx39el-unknown + ;; + toad1) + basic_machine=pdp10-xkl + os=-tops20 + ;; tower | tower-32) basic_machine=m68k-ncr ;; @@ -569,6 +968,10 @@ case $basic_machine in basic_machine=a29k-nyu os=-sym1 ;; + v810 | necv810) + basic_machine=v810-nec + os=-none + ;; vaxv) basic_machine=vax-dec os=-sysv @@ -577,9 +980,9 @@ case $basic_machine in basic_machine=vax-dec os=-vms ;; - vpp*|vx|vx-*) - basic_machine=f301-fujitsu - ;; + vpp*|vx|vx-*) + basic_machine=f301-fujitsu + ;; vxworks960) basic_machine=i960-wrs os=-vxworks @@ -592,12 +995,24 @@ case $basic_machine in basic_machine=a29k-wrs os=-vxworks ;; - xmp) - basic_machine=xmp-cray + w65*) + basic_machine=w65-wdc + os=-none + ;; + w89k-*) + basic_machine=hppa1.1-winbond + os=-proelf + ;; + xps | xps100) + basic_machine=xps100-honeywell + ;; + ymp) + basic_machine=ymp-cray os=-unicos ;; - xps | xps100) - basic_machine=xps100-honeywell + z8k-*-coff) + basic_machine=z8k-unknown + os=-sim ;; none) basic_machine=none-none @@ -606,8 +1021,14 @@ case $basic_machine in # Here we handle the default manufacturer of certain CPU types. It is in # some cases the only manufacturer, in others, it is the most popular. - mips) - basic_machine=mips-mips + w89k) + basic_machine=hppa1.1-winbond + ;; + op50n) + basic_machine=hppa1.1-oki + ;; + op60c) + basic_machine=hppa1.1-oki ;; romp) basic_machine=romp-ibm @@ -618,16 +1039,26 @@ case $basic_machine in vax) basic_machine=vax-dec ;; + pdp10) + # there are many clones, so DEC is not a safe bet + basic_machine=pdp10-unknown + ;; pdp11) basic_machine=pdp11-dec ;; we32k) basic_machine=we32k-att ;; - sparc) + sh3 | sh4 | sh[34]eb | sh[1234]le | sh[23]ele) + basic_machine=sh-unknown + ;; + sh64) + basic_machine=sh64-unknown + ;; + sparc | sparcv9 | sparcv9b) basic_machine=sparc-sun ;; - cydra) + cydra) basic_machine=cydra-cydrome ;; orion) @@ -636,6 +1067,15 @@ case $basic_machine in orion105) basic_machine=clipper-highlevel ;; + mac | mpw | mac-mpw) + basic_machine=m68k-apple + ;; + pmac | pmac-mpw) + basic_machine=powerpc-apple + ;; + *-unknown) + # Make sure to match an already-canonicalized machine name. + ;; *) echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 exit 1 @@ -668,9 +1108,12 @@ case $os in -solaris) os=-solaris2 ;; - -unixware* | svr4*) + -svr4*) os=-sysv4 ;; + -unixware*) + os=-sysv4.2uw + ;; -gnu/linux*) os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` ;; @@ -681,17 +1124,46 @@ case $os in -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \ - | -amigados* | -msdos* | -newsos* | -unicos* | -aof* | -aos* \ + | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ + | -aos* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ - | -hiux* | -386bsd* | -netbsd* | -openbsd* | -freebsd* | -riscix* \ - | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* \ + | -hiux* | -386bsd* | -netbsd* | -openbsd* | -kfreebsd* | -freebsd* | -riscix* \ + | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ - | -cygwin32* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ - | -linux-gnu* | -uxpv*) + | -chorusos* | -chorusrdb* \ + | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ + | -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \ + | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ + | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ + | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ + | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ + | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ + | -powermax* | -dnix* | -nx6 | -nx7 | -sei*) # Remember, each alternative MUST END IN *, to match a version number. ;; + -qnx*) + case $basic_machine in + x86-* | i*86-*) + ;; + *) + os=-nto$os + ;; + esac + ;; + -nto-qnx*) + ;; + -nto*) + os=`echo $os | sed -e 's|nto|nto-qnx|'` + ;; + -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ + | -windows* | -osx | -abug | -netware* | -os9* | -beos* \ + | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) + ;; + -mac*) + os=`echo $os | sed -e 's|mac|macos|'` + ;; -linux*) os=`echo $os | sed -e 's|linux|linux-gnu|'` ;; @@ -701,6 +1173,12 @@ case $os in -sunos6*) os=`echo $os | sed -e 's|sunos6|solaris3|'` ;; + -opened*) + os=-openedition + ;; + -wince*) + os=-wince + ;; -osfrose*) os=-osfrose ;; @@ -716,11 +1194,23 @@ case $os in -acis*) os=-aos ;; + -atheos*) + os=-atheos + ;; + -386bsd) + os=-bsd + ;; -ctix* | -uts*) os=-sysv ;; + -nova*) + os=-rtmk-nova + ;; -ns2 ) - os=-nextstep2 + os=-nextstep2 + ;; + -nsk*) + os=-nsk ;; # Preserve the version number of sinix5. -sinix5.*) @@ -747,9 +1237,24 @@ case $os in # This must come after -sysvr4. -sysv*) ;; + -ose*) + os=-ose + ;; + -es1800*) + os=-ose + ;; -xenix) os=-xenix ;; + -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) + os=-mint + ;; + -aros*) + os=-aros + ;; + -kaos*) + os=-kaos + ;; -none) ;; *) @@ -775,10 +1280,20 @@ case $basic_machine in *-acorn) os=-riscix1.2 ;; + arm*-rebel) + os=-linux + ;; arm*-semi) os=-aout ;; - pdp11-*) + c4x-* | tic4x-*) + os=-coff + ;; + # This must come before the *-dec entry. + pdp10-*) + os=-tops20 + ;; + pdp11-*) os=-none ;; *-dec | vax-*) @@ -796,15 +1311,39 @@ case $basic_machine in # default. # os=-sunos4 ;; + m68*-cisco) + os=-aout + ;; + mips*-cisco) + os=-elf + ;; + mips*-*) + os=-elf + ;; + or32-*) + os=-coff + ;; *-tti) # must be before sparc entry or we get the wrong os. os=-sysv3 ;; sparc-* | *-sun) os=-sunos4.1.1 ;; + *-be) + os=-beos + ;; *-ibm) os=-aix ;; + *-wec) + os=-proelf + ;; + *-winbond) + os=-proelf + ;; + *-oki) + os=-proelf + ;; *-hp) os=-hpux ;; @@ -815,7 +1354,7 @@ case $basic_machine in os=-sysv ;; *-cbm) - os=-amigados + os=-amigaos ;; *-dg) os=-dgux @@ -847,27 +1386,39 @@ case $basic_machine in *-next) os=-nextstep3 ;; - *-gould) + *-gould) os=-sysv ;; - *-highlevel) + *-highlevel) os=-bsd ;; *-encore) os=-bsd ;; - *-sgi) + *-sgi) os=-irix ;; - *-siemens) + *-siemens) os=-sysv4 ;; *-masscomp) os=-rtu ;; - f301-fujitsu) + f30[01]-fujitsu | f700-fujitsu) os=-uxpv ;; + *-rom68k) + os=-coff + ;; + *-*bug) + os=-coff + ;; + *-apple) + os=-macos + ;; + *-atari*) + os=-mint + ;; *) os=-none ;; @@ -889,9 +1440,15 @@ case $basic_machine in -aix*) vendor=ibm ;; + -beos*) + vendor=be + ;; -hpux*) vendor=hp ;; + -mpeix*) + vendor=hp + ;; -hiux*) vendor=hitachi ;; @@ -907,21 +1464,41 @@ case $basic_machine in -genix*) vendor=ns ;; - -mvs*) + -mvs* | -opened*) vendor=ibm ;; -ptx*) vendor=sequent ;; - -vxsim* | -vxworks*) + -vxsim* | -vxworks* | -windiss*) vendor=wrs ;; -aux*) vendor=apple ;; + -hms*) + vendor=hitachi + ;; + -mpw* | -macos*) + vendor=apple + ;; + -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) + vendor=atari + ;; + -vos*) + vendor=stratus + ;; esac basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` ;; esac echo $basic_machine$os +exit 0 + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "timestamp='" +# time-stamp-format: "%:y-%02m-%02d" +# time-stamp-end: "'" +# End: diff --git a/contrib/nslint-3.0a2/configure b/contrib/nslint-3.0a2/configure new file mode 100755 index 0000000000..cdaf382285 --- /dev/null +++ b/contrib/nslint-3.0a2/configure @@ -0,0 +1,6885 @@ +#! /bin/sh +# From configure.in @(#) Id (LBL). +# Guess values for system-dependent variables and create Makefiles. +# Generated by GNU Autoconf 2.62. +# +# Copyright (c) 1995, 1996, 1997, 2006, 2009 +# The Regents of the University of California. All rights reserved. +# +# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, +# 2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# This configure script is free software; the Free Software Foundation +# gives unlimited permission to copy, distribute and modify it. +## --------------------- ## +## M4sh Initialization. ## +## --------------------- ## + +# Be more Bourne compatible +DUALCASE=1; export DUALCASE # for MKS sh +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in + *posix*) set -o posix ;; +esac + +fi + + + + +# PATH needs CR +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + +as_nl=' +' +export as_nl +# Printing a long string crashes Solaris 7 /usr/bin/printf. +as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo +if (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='printf %s\n' + as_echo_n='printf %s' +else + if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then + as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' + as_echo_n='/usr/ucb/echo -n' + else + as_echo_body='eval expr "X$1" : "X\\(.*\\)"' + as_echo_n_body='eval + arg=$1; + case $arg in + *"$as_nl"*) + expr "X$arg" : "X\\(.*\\)$as_nl"; + arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; + esac; + expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" + ' + export as_echo_n_body + as_echo_n='sh -c $as_echo_n_body as_echo' + fi + export as_echo_body + as_echo='sh -c $as_echo_body as_echo' +fi + +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { + (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || + PATH_SEPARATOR=';' + } +fi + +# Support unset when possible. +if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then + as_unset=unset +else + as_unset=false +fi + + +# IFS +# We need space, tab and new line, in precisely that order. Quoting is +# there to prevent editors from complaining about space-tab. +# (If _AS_PATH_WALK were called with IFS unset, it would disable word +# splitting by setting IFS to empty value.) +IFS=" "" $as_nl" + +# Find who we are. Look in the path if we contain no directory separator. +case $0 in + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break +done +IFS=$as_save_IFS + + ;; +esac +# We did not find ourselves, most probably we were run as `sh COMMAND' +# in which case we are not to be found in the path. +if test "x$as_myself" = x; then + as_myself=$0 +fi +if test ! -f "$as_myself"; then + $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 + { (exit 1); exit 1; } +fi + +# Work around bugs in pre-3.0 UWIN ksh. +for as_var in ENV MAIL MAILPATH +do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var +done +PS1='$ ' +PS2='> ' +PS4='+ ' + +# NLS nuisances. +LC_ALL=C +export LC_ALL +LANGUAGE=C +export LANGUAGE + +# Required to use basename. +if expr a : '\(a\)' >/dev/null 2>&1 && + test "X`expr 00001 : '.*\(...\)'`" = X001; then + as_expr=expr +else + as_expr=false +fi + +if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi + + +# Name of the executable. +as_me=`$as_basename -- "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ + s//\1/ + q + } + /^X\/\(\/\/\)$/{ + s//\1/ + q + } + /^X\/\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + +# CDPATH. +$as_unset CDPATH + + +if test "x$CONFIG_SHELL" = x; then + if (eval ":") 2>/dev/null; then + as_have_required=yes +else + as_have_required=no +fi + + if test $as_have_required = yes && (eval ": +(as_func_return () { + (exit \$1) +} +as_func_success () { + as_func_return 0 +} +as_func_failure () { + as_func_return 1 +} +as_func_ret_success () { + return 0 +} +as_func_ret_failure () { + return 1 +} + +exitcode=0 +if as_func_success; then + : +else + exitcode=1 + echo as_func_success failed. +fi + +if as_func_failure; then + exitcode=1 + echo as_func_failure succeeded. +fi + +if as_func_ret_success; then + : +else + exitcode=1 + echo as_func_ret_success failed. +fi + +if as_func_ret_failure; then + exitcode=1 + echo as_func_ret_failure succeeded. +fi + +if ( set x; as_func_ret_success y && test x = \"\$1\" ); then + : +else + exitcode=1 + echo positional parameters were not saved. +fi + +test \$exitcode = 0) || { (exit 1); exit 1; } + +( + as_lineno_1=\$LINENO + as_lineno_2=\$LINENO + test \"x\$as_lineno_1\" != \"x\$as_lineno_2\" && + test \"x\`expr \$as_lineno_1 + 1\`\" = \"x\$as_lineno_2\") || { (exit 1); exit 1; } +") 2> /dev/null; then + : +else + as_candidate_shells= + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + case $as_dir in + /*) + for as_base in sh bash ksh sh5; do + as_candidate_shells="$as_candidate_shells $as_dir/$as_base" + done;; + esac +done +IFS=$as_save_IFS + + + for as_shell in $as_candidate_shells $SHELL; do + # Try only shells that exist, to save several forks. + if { test -f "$as_shell" || test -f "$as_shell.exe"; } && + { ("$as_shell") 2> /dev/null <<\_ASEOF +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in + *posix*) set -o posix ;; +esac + +fi + + +: +_ASEOF +}; then + CONFIG_SHELL=$as_shell + as_have_required=yes + if { "$as_shell" 2> /dev/null <<\_ASEOF +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in + *posix*) set -o posix ;; +esac + +fi + + +: +(as_func_return () { + (exit $1) +} +as_func_success () { + as_func_return 0 +} +as_func_failure () { + as_func_return 1 +} +as_func_ret_success () { + return 0 +} +as_func_ret_failure () { + return 1 +} + +exitcode=0 +if as_func_success; then + : +else + exitcode=1 + echo as_func_success failed. +fi + +if as_func_failure; then + exitcode=1 + echo as_func_failure succeeded. +fi + +if as_func_ret_success; then + : +else + exitcode=1 + echo as_func_ret_success failed. +fi + +if as_func_ret_failure; then + exitcode=1 + echo as_func_ret_failure succeeded. +fi + +if ( set x; as_func_ret_success y && test x = "$1" ); then + : +else + exitcode=1 + echo positional parameters were not saved. +fi + +test $exitcode = 0) || { (exit 1); exit 1; } + +( + as_lineno_1=$LINENO + as_lineno_2=$LINENO + test "x$as_lineno_1" != "x$as_lineno_2" && + test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2") || { (exit 1); exit 1; } + +_ASEOF +}; then + break +fi + +fi + + done + + if test "x$CONFIG_SHELL" != x; then + for as_var in BASH_ENV ENV + do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var + done + export CONFIG_SHELL + exec "$CONFIG_SHELL" "$as_myself" ${1+"$@"} +fi + + + if test $as_have_required = no; then + echo This script requires a shell more modern than all the + echo shells that I found on your system. Please install a + echo modern shell, or manually run the script under such a + echo shell if you do have one. + { (exit 1); exit 1; } +fi + + +fi + +fi + + + +(eval "as_func_return () { + (exit \$1) +} +as_func_success () { + as_func_return 0 +} +as_func_failure () { + as_func_return 1 +} +as_func_ret_success () { + return 0 +} +as_func_ret_failure () { + return 1 +} + +exitcode=0 +if as_func_success; then + : +else + exitcode=1 + echo as_func_success failed. +fi + +if as_func_failure; then + exitcode=1 + echo as_func_failure succeeded. +fi + +if as_func_ret_success; then + : +else + exitcode=1 + echo as_func_ret_success failed. +fi + +if as_func_ret_failure; then + exitcode=1 + echo as_func_ret_failure succeeded. +fi + +if ( set x; as_func_ret_success y && test x = \"\$1\" ); then + : +else + exitcode=1 + echo positional parameters were not saved. +fi + +test \$exitcode = 0") || { + echo No shell found that supports shell functions. + echo Please tell bug-autoconf@gnu.org about your system, + echo including any error possibly output before this message. + echo This can help us improve future autoconf versions. + echo Configuration will now proceed without shell functions. +} + + + + as_lineno_1=$LINENO + as_lineno_2=$LINENO + test "x$as_lineno_1" != "x$as_lineno_2" && + test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || { + + # Create $as_me.lineno as a copy of $as_myself, but with $LINENO + # uniformly replaced by the line number. The first 'sed' inserts a + # line-number line after each line using $LINENO; the second 'sed' + # does the real work. The second script uses 'N' to pair each + # line-number line with the line containing $LINENO, and appends + # trailing '-' during substitution so that $LINENO is not a special + # case at line end. + # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the + # scripts with optimization help from Paolo Bonzini. Blame Lee + # E. McMahon (1931-1989) for sed's syntax. :-) + sed -n ' + p + /[$]LINENO/= + ' <$as_myself | + sed ' + s/[$]LINENO.*/&-/ + t lineno + b + :lineno + N + :loop + s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ + t loop + s/-\n.*// + ' >$as_me.lineno && + chmod +x "$as_me.lineno" || + { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2 + { (exit 1); exit 1; }; } + + # Don't try to exec as it changes $[0], causing all sort of problems + # (the dirname of $[0] is not the place where we might find the + # original and so on. Autoconf is especially sensitive to this). + . "./$as_me.lineno" + # Exit status is that of the last command. + exit +} + + +if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then + as_dirname=dirname +else + as_dirname=false +fi + +ECHO_C= ECHO_N= ECHO_T= +case `echo -n x` in +-n*) + case `echo 'x\c'` in + *c*) ECHO_T=' ';; # ECHO_T is single tab character. + *) ECHO_C='\c';; + esac;; +*) + ECHO_N='-n';; +esac +if expr a : '\(a\)' >/dev/null 2>&1 && + test "X`expr 00001 : '.*\(...\)'`" = X001; then + as_expr=expr +else + as_expr=false +fi + +rm -f conf$$ conf$$.exe conf$$.file +if test -d conf$$.dir; then + rm -f conf$$.dir/conf$$.file +else + rm -f conf$$.dir + mkdir conf$$.dir 2>/dev/null +fi +if (echo >conf$$.file) 2>/dev/null; then + if ln -s conf$$.file conf$$ 2>/dev/null; then + as_ln_s='ln -s' + # ... but there are two gotchas: + # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. + # In both cases, we have to default to `cp -p'. + ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || + as_ln_s='cp -p' + elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln + else + as_ln_s='cp -p' + fi +else + as_ln_s='cp -p' +fi +rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file +rmdir conf$$.dir 2>/dev/null + +if mkdir -p . 2>/dev/null; then + as_mkdir_p=: +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + +if test -x / >/dev/null 2>&1; then + as_test_x='test -x' +else + if ls -dL / >/dev/null 2>&1; then + as_ls_L_option=L + else + as_ls_L_option= + fi + as_test_x=' + eval sh -c '\'' + if test -d "$1"; then + test -d "$1/."; + else + case $1 in + -*)set "./$1";; + esac; + case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in + ???[sx]*):;;*)false;;esac;fi + '\'' sh + ' +fi +as_executable_p=$as_test_x + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + + + +exec 7<&0 &1 + +# Name of the host. +# hostname on some systems (SVR3.2, Linux) returns a bogus exit status, +# so uname gets run too. +ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` + +# +# Initializations. +# +ac_default_prefix=/usr/local +ac_clean_files= +ac_config_libobj_dir=. +LIBOBJS= +cross_compiling=no +subdirs= +MFLAGS= +MAKEFLAGS= +SHELL=${CONFIG_SHELL-/bin/sh} + +# Identity of this package. +PACKAGE_NAME= +PACKAGE_TARNAME= +PACKAGE_VERSION= +PACKAGE_STRING= +PACKAGE_BUGREPORT= + +ac_unique_file="nslint.c" +# Factoring default headers for most tests. +ac_includes_default="\ +#include +#ifdef HAVE_SYS_TYPES_H +# include +#endif +#ifdef HAVE_SYS_STAT_H +# include +#endif +#ifdef STDC_HEADERS +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif +#endif +#ifdef HAVE_STRING_H +# if !defined STDC_HEADERS && defined HAVE_MEMORY_H +# include +# endif +# include +#endif +#ifdef HAVE_STRINGS_H +# include +#endif +#ifdef HAVE_INTTYPES_H +# include +#endif +#ifdef HAVE_STDINT_H +# include +#endif +#ifdef HAVE_UNISTD_H +# include +#endif" + +ac_subst_vars='SHELL +PATH_SEPARATOR +PACKAGE_NAME +PACKAGE_TARNAME +PACKAGE_VERSION +PACKAGE_STRING +PACKAGE_BUGREPORT +exec_prefix +prefix +program_transform_name +bindir +sbindir +libexecdir +datarootdir +datadir +sysconfdir +sharedstatedir +localstatedir +includedir +oldincludedir +docdir +infodir +htmldir +dvidir +pdfdir +psdir +libdir +localedir +mandir +DEFS +ECHO_C +ECHO_N +ECHO_T +LIBS +build_alias +host_alias +target_alias +build +build_cpu +build_vendor +build_os +host +host_cpu +host_vendor +host_os +target +target_cpu +target_vendor +target_os +CC +CFLAGS +LDFLAGS +CPPFLAGS +ac_ct_CC +EXEEXT +OBJEXT +CPP +GREP +EGREP +SHLICC2 +INSTALL_PROGRAM +INSTALL_SCRIPT +INSTALL_DATA +LIBOBJS +V_CCOPT +V_INCLS +LTLIBOBJS' +ac_subst_files='' +ac_user_opts=' +enable_option_checking +enable_optimization +with_gcc +enable_largefile +' + ac_precious_vars='build_alias +host_alias +target_alias +CC +CFLAGS +LDFLAGS +LIBS +CPPFLAGS +CPP' + + +# Initialize some variables set by options. +ac_init_help= +ac_init_version=false +ac_unrecognized_opts= +ac_unrecognized_sep= +# The variables have the same names as the options, with +# dashes changed to underlines. +cache_file=/dev/null +exec_prefix=NONE +no_create= +no_recursion= +prefix=NONE +program_prefix=NONE +program_suffix=NONE +program_transform_name=s,x,x, +silent= +site= +srcdir= +verbose= +x_includes=NONE +x_libraries=NONE + +# Installation directory options. +# These are left unexpanded so users can "make install exec_prefix=/foo" +# and all the variables that are supposed to be based on exec_prefix +# by default will actually change. +# Use braces instead of parens because sh, perl, etc. also accept them. +# (The list follows the same order as the GNU Coding Standards.) +bindir='${exec_prefix}/bin' +sbindir='${exec_prefix}/sbin' +libexecdir='${exec_prefix}/libexec' +datarootdir='${prefix}/share' +datadir='${datarootdir}' +sysconfdir='${prefix}/etc' +sharedstatedir='${prefix}/com' +localstatedir='${prefix}/var' +includedir='${prefix}/include' +oldincludedir='/usr/include' +docdir='${datarootdir}/doc/${PACKAGE}' +infodir='${datarootdir}/info' +htmldir='${docdir}' +dvidir='${docdir}' +pdfdir='${docdir}' +psdir='${docdir}' +libdir='${exec_prefix}/lib' +localedir='${datarootdir}/locale' +mandir='${datarootdir}/man' + +ac_prev= +ac_dashdash= +for ac_option +do + # If the previous option needs an argument, assign it. + if test -n "$ac_prev"; then + eval $ac_prev=\$ac_option + ac_prev= + continue + fi + + case $ac_option in + *=*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; + *) ac_optarg=yes ;; + esac + + # Accept the important Cygnus configure options, so we can diagnose typos. + + case $ac_dashdash$ac_option in + --) + ac_dashdash=yes ;; + + -bindir | --bindir | --bindi | --bind | --bin | --bi) + ac_prev=bindir ;; + -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) + bindir=$ac_optarg ;; + + -build | --build | --buil | --bui | --bu) + ac_prev=build_alias ;; + -build=* | --build=* | --buil=* | --bui=* | --bu=*) + build_alias=$ac_optarg ;; + + -cache-file | --cache-file | --cache-fil | --cache-fi \ + | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) + ac_prev=cache_file ;; + -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ + | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) + cache_file=$ac_optarg ;; + + --config-cache | -C) + cache_file=config.cache ;; + + -datadir | --datadir | --datadi | --datad) + ac_prev=datadir ;; + -datadir=* | --datadir=* | --datadi=* | --datad=*) + datadir=$ac_optarg ;; + + -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \ + | --dataroo | --dataro | --datar) + ac_prev=datarootdir ;; + -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \ + | --dataroot=* | --dataroo=* | --dataro=* | --datar=*) + datarootdir=$ac_optarg ;; + + -disable-* | --disable-*) + ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + { $as_echo "$as_me: error: invalid feature name: $ac_useropt" >&2 + { (exit 1); exit 1; }; } + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"enable_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval enable_$ac_useropt=no ;; + + -docdir | --docdir | --docdi | --doc | --do) + ac_prev=docdir ;; + -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*) + docdir=$ac_optarg ;; + + -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv) + ac_prev=dvidir ;; + -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*) + dvidir=$ac_optarg ;; + + -enable-* | --enable-*) + ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + { $as_echo "$as_me: error: invalid feature name: $ac_useropt" >&2 + { (exit 1); exit 1; }; } + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"enable_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval enable_$ac_useropt=\$ac_optarg ;; + + -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ + | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ + | --exec | --exe | --ex) + ac_prev=exec_prefix ;; + -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ + | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ + | --exec=* | --exe=* | --ex=*) + exec_prefix=$ac_optarg ;; + + -gas | --gas | --ga | --g) + # Obsolete; use --with-gas. + with_gas=yes ;; + + -help | --help | --hel | --he | -h) + ac_init_help=long ;; + -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) + ac_init_help=recursive ;; + -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) + ac_init_help=short ;; + + -host | --host | --hos | --ho) + ac_prev=host_alias ;; + -host=* | --host=* | --hos=* | --ho=*) + host_alias=$ac_optarg ;; + + -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht) + ac_prev=htmldir ;; + -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \ + | --ht=*) + htmldir=$ac_optarg ;; + + -includedir | --includedir | --includedi | --included | --include \ + | --includ | --inclu | --incl | --inc) + ac_prev=includedir ;; + -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ + | --includ=* | --inclu=* | --incl=* | --inc=*) + includedir=$ac_optarg ;; + + -infodir | --infodir | --infodi | --infod | --info | --inf) + ac_prev=infodir ;; + -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) + infodir=$ac_optarg ;; + + -libdir | --libdir | --libdi | --libd) + ac_prev=libdir ;; + -libdir=* | --libdir=* | --libdi=* | --libd=*) + libdir=$ac_optarg ;; + + -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ + | --libexe | --libex | --libe) + ac_prev=libexecdir ;; + -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ + | --libexe=* | --libex=* | --libe=*) + libexecdir=$ac_optarg ;; + + -localedir | --localedir | --localedi | --localed | --locale) + ac_prev=localedir ;; + -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*) + localedir=$ac_optarg ;; + + -localstatedir | --localstatedir | --localstatedi | --localstated \ + | --localstate | --localstat | --localsta | --localst | --locals) + ac_prev=localstatedir ;; + -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ + | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*) + localstatedir=$ac_optarg ;; + + -mandir | --mandir | --mandi | --mand | --man | --ma | --m) + ac_prev=mandir ;; + -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) + mandir=$ac_optarg ;; + + -nfp | --nfp | --nf) + # Obsolete; use --without-fp. + with_fp=no ;; + + -no-create | --no-create | --no-creat | --no-crea | --no-cre \ + | --no-cr | --no-c | -n) + no_create=yes ;; + + -no-recursion | --no-recursion | --no-recursio | --no-recursi \ + | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) + no_recursion=yes ;; + + -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ + | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ + | --oldin | --oldi | --old | --ol | --o) + ac_prev=oldincludedir ;; + -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ + | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ + | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) + oldincludedir=$ac_optarg ;; + + -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) + ac_prev=prefix ;; + -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) + prefix=$ac_optarg ;; + + -program-prefix | --program-prefix | --program-prefi | --program-pref \ + | --program-pre | --program-pr | --program-p) + ac_prev=program_prefix ;; + -program-prefix=* | --program-prefix=* | --program-prefi=* \ + | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) + program_prefix=$ac_optarg ;; + + -program-suffix | --program-suffix | --program-suffi | --program-suff \ + | --program-suf | --program-su | --program-s) + ac_prev=program_suffix ;; + -program-suffix=* | --program-suffix=* | --program-suffi=* \ + | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) + program_suffix=$ac_optarg ;; + + -program-transform-name | --program-transform-name \ + | --program-transform-nam | --program-transform-na \ + | --program-transform-n | --program-transform- \ + | --program-transform | --program-transfor \ + | --program-transfo | --program-transf \ + | --program-trans | --program-tran \ + | --progr-tra | --program-tr | --program-t) + ac_prev=program_transform_name ;; + -program-transform-name=* | --program-transform-name=* \ + | --program-transform-nam=* | --program-transform-na=* \ + | --program-transform-n=* | --program-transform-=* \ + | --program-transform=* | --program-transfor=* \ + | --program-transfo=* | --program-transf=* \ + | --program-trans=* | --program-tran=* \ + | --progr-tra=* | --program-tr=* | --program-t=*) + program_transform_name=$ac_optarg ;; + + -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd) + ac_prev=pdfdir ;; + -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*) + pdfdir=$ac_optarg ;; + + -psdir | --psdir | --psdi | --psd | --ps) + ac_prev=psdir ;; + -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*) + psdir=$ac_optarg ;; + + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + silent=yes ;; + + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) + ac_prev=sbindir ;; + -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ + | --sbi=* | --sb=*) + sbindir=$ac_optarg ;; + + -sharedstatedir | --sharedstatedir | --sharedstatedi \ + | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ + | --sharedst | --shareds | --shared | --share | --shar \ + | --sha | --sh) + ac_prev=sharedstatedir ;; + -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ + | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ + | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ + | --sha=* | --sh=*) + sharedstatedir=$ac_optarg ;; + + -site | --site | --sit) + ac_prev=site ;; + -site=* | --site=* | --sit=*) + site=$ac_optarg ;; + + -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) + ac_prev=srcdir ;; + -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) + srcdir=$ac_optarg ;; + + -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ + | --syscon | --sysco | --sysc | --sys | --sy) + ac_prev=sysconfdir ;; + -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ + | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) + sysconfdir=$ac_optarg ;; + + -target | --target | --targe | --targ | --tar | --ta | --t) + ac_prev=target_alias ;; + -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) + target_alias=$ac_optarg ;; + + -v | -verbose | --verbose | --verbos | --verbo | --verb) + verbose=yes ;; + + -version | --version | --versio | --versi | --vers | -V) + ac_init_version=: ;; + + -with-* | --with-*) + ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + { $as_echo "$as_me: error: invalid package name: $ac_useropt" >&2 + { (exit 1); exit 1; }; } + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"with_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval with_$ac_useropt=\$ac_optarg ;; + + -without-* | --without-*) + ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + { $as_echo "$as_me: error: invalid package name: $ac_useropt" >&2 + { (exit 1); exit 1; }; } + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"with_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval with_$ac_useropt=no ;; + + --x) + # Obsolete; use --with-x. + with_x=yes ;; + + -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ + | --x-incl | --x-inc | --x-in | --x-i) + ac_prev=x_includes ;; + -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ + | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) + x_includes=$ac_optarg ;; + + -x-libraries | --x-libraries | --x-librarie | --x-librari \ + | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) + ac_prev=x_libraries ;; + -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ + | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) + x_libraries=$ac_optarg ;; + + -*) { $as_echo "$as_me: error: unrecognized option: $ac_option +Try \`$0 --help' for more information." >&2 + { (exit 1); exit 1; }; } + ;; + + *=*) + ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` + # Reject names that are not valid shell variable names. + expr "x$ac_envvar" : ".*[^_$as_cr_alnum]" >/dev/null && + { $as_echo "$as_me: error: invalid variable name: $ac_envvar" >&2 + { (exit 1); exit 1; }; } + eval $ac_envvar=\$ac_optarg + export $ac_envvar ;; + + *) + # FIXME: should be removed in autoconf 3.0. + $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2 + expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && + $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2 + : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option} + ;; + + esac +done + +if test -n "$ac_prev"; then + ac_option=--`echo $ac_prev | sed 's/_/-/g'` + { $as_echo "$as_me: error: missing argument to $ac_option" >&2 + { (exit 1); exit 1; }; } +fi + +if test -n "$ac_unrecognized_opts"; then + case $enable_option_checking in + no) ;; + fatal) { $as_echo "$as_me: error: Unrecognized options: $ac_unrecognized_opts" >&2 + { (exit 1); exit 1; }; } ;; + *) $as_echo "$as_me: WARNING: Unrecognized options: $ac_unrecognized_opts" >&2 ;; + esac +fi + +# Check all directory arguments for consistency. +for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ + datadir sysconfdir sharedstatedir localstatedir includedir \ + oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ + libdir localedir mandir +do + eval ac_val=\$$ac_var + # Remove trailing slashes. + case $ac_val in + */ ) + ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'` + eval $ac_var=\$ac_val;; + esac + # Be sure to have absolute directory names. + case $ac_val in + [\\/$]* | ?:[\\/]* ) continue;; + NONE | '' ) case $ac_var in *prefix ) continue;; esac;; + esac + { $as_echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2 + { (exit 1); exit 1; }; } +done + +# There might be people who depend on the old broken behavior: `$host' +# used to hold the argument of --host etc. +# FIXME: To remove some day. +build=$build_alias +host=$host_alias +target=$target_alias + +# FIXME: To remove some day. +if test "x$host_alias" != x; then + if test "x$build_alias" = x; then + cross_compiling=maybe + $as_echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host. + If a cross compiler is detected then cross compile mode will be used." >&2 + elif test "x$build_alias" != "x$host_alias"; then + cross_compiling=yes + fi +fi + +ac_tool_prefix= +test -n "$host_alias" && ac_tool_prefix=$host_alias- + +test "$silent" = yes && exec 6>/dev/null + + +ac_pwd=`pwd` && test -n "$ac_pwd" && +ac_ls_di=`ls -di .` && +ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || + { $as_echo "$as_me: error: Working directory cannot be determined" >&2 + { (exit 1); exit 1; }; } +test "X$ac_ls_di" = "X$ac_pwd_ls_di" || + { $as_echo "$as_me: error: pwd does not report name of working directory" >&2 + { (exit 1); exit 1; }; } + + +# Find the source files, if location was not specified. +if test -z "$srcdir"; then + ac_srcdir_defaulted=yes + # Try the directory containing this script, then the parent directory. + ac_confdir=`$as_dirname -- "$as_myself" || +$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_myself" : 'X\(//\)[^/]' \| \ + X"$as_myself" : 'X\(//\)$' \| \ + X"$as_myself" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_myself" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + srcdir=$ac_confdir + if test ! -r "$srcdir/$ac_unique_file"; then + srcdir=.. + fi +else + ac_srcdir_defaulted=no +fi +if test ! -r "$srcdir/$ac_unique_file"; then + test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." + { $as_echo "$as_me: error: cannot find sources ($ac_unique_file) in $srcdir" >&2 + { (exit 1); exit 1; }; } +fi +ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" +ac_abs_confdir=`( + cd "$srcdir" && test -r "./$ac_unique_file" || { $as_echo "$as_me: error: $ac_msg" >&2 + { (exit 1); exit 1; }; } + pwd)` +# When building in place, set srcdir=. +if test "$ac_abs_confdir" = "$ac_pwd"; then + srcdir=. +fi +# Remove unnecessary trailing slashes from srcdir. +# Double slashes in file names in object file debugging info +# mess up M-x gdb in Emacs. +case $srcdir in +*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;; +esac +for ac_var in $ac_precious_vars; do + eval ac_env_${ac_var}_set=\${${ac_var}+set} + eval ac_env_${ac_var}_value=\$${ac_var} + eval ac_cv_env_${ac_var}_set=\${${ac_var}+set} + eval ac_cv_env_${ac_var}_value=\$${ac_var} +done + +# +# Report the --help message. +# +if test "$ac_init_help" = "long"; then + # Omit some internal or obsolete options to make the list less imposing. + # This message is too long to be a string in the A/UX 3.1 sh. + cat <<_ACEOF +\`configure' configures this package to adapt to many kinds of systems. + +Usage: $0 [OPTION]... [VAR=VALUE]... + +To assign environment variables (e.g., CC, CFLAGS...), specify them as +VAR=VALUE. See below for descriptions of some of the useful variables. + +Defaults for the options are specified in brackets. + +Configuration: + -h, --help display this help and exit + --help=short display options specific to this package + --help=recursive display the short help of all the included packages + -V, --version display version information and exit + -q, --quiet, --silent do not print \`checking...' messages + --cache-file=FILE cache test results in FILE [disabled] + -C, --config-cache alias for \`--cache-file=config.cache' + -n, --no-create do not create output files + --srcdir=DIR find the sources in DIR [configure dir or \`..'] + +Installation directories: + --prefix=PREFIX install architecture-independent files in PREFIX + [$ac_default_prefix] + --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX + [PREFIX] + +By default, \`make install' will install all the files in +\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify +an installation prefix other than \`$ac_default_prefix' using \`--prefix', +for instance \`--prefix=\$HOME'. + +For better control, use the options below. + +Fine tuning of the installation directories: + --bindir=DIR user executables [EPREFIX/bin] + --sbindir=DIR system admin executables [EPREFIX/sbin] + --libexecdir=DIR program executables [EPREFIX/libexec] + --sysconfdir=DIR read-only single-machine data [PREFIX/etc] + --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] + --localstatedir=DIR modifiable single-machine data [PREFIX/var] + --libdir=DIR object code libraries [EPREFIX/lib] + --includedir=DIR C header files [PREFIX/include] + --oldincludedir=DIR C header files for non-gcc [/usr/include] + --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] + --datadir=DIR read-only architecture-independent data [DATAROOTDIR] + --infodir=DIR info documentation [DATAROOTDIR/info] + --localedir=DIR locale-dependent data [DATAROOTDIR/locale] + --mandir=DIR man documentation [DATAROOTDIR/man] + --docdir=DIR documentation root [DATAROOTDIR/doc/PACKAGE] + --htmldir=DIR html documentation [DOCDIR] + --dvidir=DIR dvi documentation [DOCDIR] + --pdfdir=DIR pdf documentation [DOCDIR] + --psdir=DIR ps documentation [DOCDIR] +_ACEOF + + cat <<\_ACEOF + +System types: + --build=BUILD configure for building on BUILD [guessed] + --host=HOST cross-compile to build programs to run on HOST [BUILD] + --target=TARGET configure for building compilers for TARGET [HOST] +_ACEOF +fi + +if test -n "$ac_init_help"; then + + cat <<\_ACEOF + +Optional Features: + --disable-option-checking ignore unrecognized --enable/--with options + --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) + --enable-FEATURE[=ARG] include FEATURE [ARG=yes] + --disable-optimization turn off gcc optimization + --disable-largefile omit support for large files + +Optional Packages: + --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] + --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) + --without-gcc don't use gcc + +Some influential environment variables: + CC C compiler command + CFLAGS C compiler flags + LDFLAGS linker flags, e.g. -L if you have libraries in a + nonstandard directory + LIBS libraries to pass to the linker, e.g. -l + CPPFLAGS C/C++/Objective C preprocessor flags, e.g. -I if + you have headers in a nonstandard directory + CPP C preprocessor + +Use these variables to override the choices made by `configure' or to help +it to find libraries and programs with nonstandard names/locations. + +_ACEOF +ac_status=$? +fi + +if test "$ac_init_help" = "recursive"; then + # If there are subdirs, report their specific --help. + for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue + test -d "$ac_dir" || + { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } || + continue + ac_builddir=. + +case "$ac_dir" in +.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; +*) + ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` + # A ".." for each directory in $ac_dir_suffix. + ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` + case $ac_top_builddir_sub in + "") ac_top_builddir_sub=. ac_top_build_prefix= ;; + *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; + esac ;; +esac +ac_abs_top_builddir=$ac_pwd +ac_abs_builddir=$ac_pwd$ac_dir_suffix +# for backward compatibility: +ac_top_builddir=$ac_top_build_prefix + +case $srcdir in + .) # We are building in place. + ac_srcdir=. + ac_top_srcdir=$ac_top_builddir_sub + ac_abs_top_srcdir=$ac_pwd ;; + [\\/]* | ?:[\\/]* ) # Absolute name. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir + ac_abs_top_srcdir=$srcdir ;; + *) # Relative name. + ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_build_prefix$srcdir + ac_abs_top_srcdir=$ac_pwd/$srcdir ;; +esac +ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix + + cd "$ac_dir" || { ac_status=$?; continue; } + # Check for guested configure. + if test -f "$ac_srcdir/configure.gnu"; then + echo && + $SHELL "$ac_srcdir/configure.gnu" --help=recursive + elif test -f "$ac_srcdir/configure"; then + echo && + $SHELL "$ac_srcdir/configure" --help=recursive + else + $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 + fi || ac_status=$? + cd "$ac_pwd" || { ac_status=$?; break; } + done +fi + +test -n "$ac_init_help" && exit $ac_status +if $ac_init_version; then + cat <<\_ACEOF +configure +generated by GNU Autoconf 2.62 + +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, +2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +This configure script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it. + +Copyright (c) 1995, 1996, 1997, 2006, 2009 + The Regents of the University of California. All rights reserved. +_ACEOF + exit +fi +cat >config.log <<_ACEOF +This file contains any messages produced by compilers while +running configure, to aid debugging if configure makes a mistake. + +It was created by $as_me, which was +generated by GNU Autoconf 2.62. Invocation command line was + + $ $0 $@ + +_ACEOF +exec 5>>config.log +{ +cat <<_ASUNAME +## --------- ## +## Platform. ## +## --------- ## + +hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` +uname -m = `(uname -m) 2>/dev/null || echo unknown` +uname -r = `(uname -r) 2>/dev/null || echo unknown` +uname -s = `(uname -s) 2>/dev/null || echo unknown` +uname -v = `(uname -v) 2>/dev/null || echo unknown` + +/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` +/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` + +/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` +/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` +/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` +/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown` +/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` +/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` +/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` + +_ASUNAME + +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + $as_echo "PATH: $as_dir" +done +IFS=$as_save_IFS + +} >&5 + +cat >&5 <<_ACEOF + + +## ----------- ## +## Core tests. ## +## ----------- ## + +_ACEOF + + +# Keep a trace of the command line. +# Strip out --no-create and --no-recursion so they do not pile up. +# Strip out --silent because we don't want to record it for future runs. +# Also quote any args containing shell meta-characters. +# Make two passes to allow for proper duplicate-argument suppression. +ac_configure_args= +ac_configure_args0= +ac_configure_args1= +ac_must_keep_next=false +for ac_pass in 1 2 +do + for ac_arg + do + case $ac_arg in + -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + continue ;; + *\'*) + ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + case $ac_pass in + 1) ac_configure_args0="$ac_configure_args0 '$ac_arg'" ;; + 2) + ac_configure_args1="$ac_configure_args1 '$ac_arg'" + if test $ac_must_keep_next = true; then + ac_must_keep_next=false # Got value, back to normal. + else + case $ac_arg in + *=* | --config-cache | -C | -disable-* | --disable-* \ + | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ + | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ + | -with-* | --with-* | -without-* | --without-* | --x) + case "$ac_configure_args0 " in + "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; + esac + ;; + -* ) ac_must_keep_next=true ;; + esac + fi + ac_configure_args="$ac_configure_args '$ac_arg'" + ;; + esac + done +done +$as_unset ac_configure_args0 || test "${ac_configure_args0+set}" != set || { ac_configure_args0=; export ac_configure_args0; } +$as_unset ac_configure_args1 || test "${ac_configure_args1+set}" != set || { ac_configure_args1=; export ac_configure_args1; } + +# When interrupted or exit'd, cleanup temporary files, and complete +# config.log. We remove comments because anyway the quotes in there +# would cause problems or look ugly. +# WARNING: Use '\'' to represent an apostrophe within the trap. +# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug. +trap 'exit_status=$? + # Save into config.log some information that might help in debugging. + { + echo + + cat <<\_ASBOX +## ---------------- ## +## Cache variables. ## +## ---------------- ## +_ASBOX + echo + # The following way of writing the cache mishandles newlines in values, +( + for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do + eval ac_val=\$$ac_var + case $ac_val in #( + *${as_nl}*) + case $ac_var in #( + *_cv_*) { $as_echo "$as_me:$LINENO: WARNING: Cache variable $ac_var contains a newline." >&5 +$as_echo "$as_me: WARNING: Cache variable $ac_var contains a newline." >&2;} ;; + esac + case $ac_var in #( + _ | IFS | as_nl) ;; #( + BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( + *) $as_unset $ac_var ;; + esac ;; + esac + done + (set) 2>&1 | + case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #( + *${as_nl}ac_space=\ *) + sed -n \ + "s/'\''/'\''\\\\'\'''\''/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p" + ;; #( + *) + sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" + ;; + esac | + sort +) + echo + + cat <<\_ASBOX +## ----------------- ## +## Output variables. ## +## ----------------- ## +_ASBOX + echo + for ac_var in $ac_subst_vars + do + eval ac_val=\$$ac_var + case $ac_val in + *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; + esac + $as_echo "$ac_var='\''$ac_val'\''" + done | sort + echo + + if test -n "$ac_subst_files"; then + cat <<\_ASBOX +## ------------------- ## +## File substitutions. ## +## ------------------- ## +_ASBOX + echo + for ac_var in $ac_subst_files + do + eval ac_val=\$$ac_var + case $ac_val in + *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; + esac + $as_echo "$ac_var='\''$ac_val'\''" + done | sort + echo + fi + + if test -s confdefs.h; then + cat <<\_ASBOX +## ----------- ## +## confdefs.h. ## +## ----------- ## +_ASBOX + echo + cat confdefs.h + echo + fi + test "$ac_signal" != 0 && + $as_echo "$as_me: caught signal $ac_signal" + $as_echo "$as_me: exit $exit_status" + } >&5 + rm -f core *.core core.conftest.* && + rm -f -r conftest* confdefs* conf$$* $ac_clean_files && + exit $exit_status +' 0 +for ac_signal in 1 2 13 15; do + trap 'ac_signal='$ac_signal'; { (exit 1); exit 1; }' $ac_signal +done +ac_signal=0 + +# confdefs.h avoids OS command line length limits that DEFS can exceed. +rm -f -r conftest* confdefs.h + +# Predefined preprocessor variables. + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_NAME "$PACKAGE_NAME" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_TARNAME "$PACKAGE_TARNAME" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_VERSION "$PACKAGE_VERSION" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_STRING "$PACKAGE_STRING" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" +_ACEOF + + +# Let the site file select an alternate cache file if it wants to. +# Prefer an explicitly selected file to automatically selected ones. +ac_site_file1=NONE +ac_site_file2=NONE +if test -n "$CONFIG_SITE"; then + ac_site_file1=$CONFIG_SITE +elif test "x$prefix" != xNONE; then + ac_site_file1=$prefix/share/config.site + ac_site_file2=$prefix/etc/config.site +else + ac_site_file1=$ac_default_prefix/share/config.site + ac_site_file2=$ac_default_prefix/etc/config.site +fi +for ac_site_file in "$ac_site_file1" "$ac_site_file2" +do + test "x$ac_site_file" = xNONE && continue + if test -r "$ac_site_file"; then + { $as_echo "$as_me:$LINENO: loading site script $ac_site_file" >&5 +$as_echo "$as_me: loading site script $ac_site_file" >&6;} + sed 's/^/| /' "$ac_site_file" >&5 + . "$ac_site_file" + fi +done + +if test -r "$cache_file"; then + # Some versions of bash will fail to source /dev/null (special + # files actually), so we avoid doing that. + if test -f "$cache_file"; then + { $as_echo "$as_me:$LINENO: loading cache $cache_file" >&5 +$as_echo "$as_me: loading cache $cache_file" >&6;} + case $cache_file in + [\\/]* | ?:[\\/]* ) . "$cache_file";; + *) . "./$cache_file";; + esac + fi +else + { $as_echo "$as_me:$LINENO: creating cache $cache_file" >&5 +$as_echo "$as_me: creating cache $cache_file" >&6;} + >$cache_file +fi + +# Check that the precious variables saved in the cache have kept the same +# value. +ac_cache_corrupted=false +for ac_var in $ac_precious_vars; do + eval ac_old_set=\$ac_cv_env_${ac_var}_set + eval ac_new_set=\$ac_env_${ac_var}_set + eval ac_old_val=\$ac_cv_env_${ac_var}_value + eval ac_new_val=\$ac_env_${ac_var}_value + case $ac_old_set,$ac_new_set in + set,) + { $as_echo "$as_me:$LINENO: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 +$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,set) + { $as_echo "$as_me:$LINENO: error: \`$ac_var' was not set in the previous run" >&5 +$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,);; + *) + if test "x$ac_old_val" != "x$ac_new_val"; then + # differences in whitespace do not lead to failure. + ac_old_val_w=`echo x $ac_old_val` + ac_new_val_w=`echo x $ac_new_val` + if test "$ac_old_val_w" != "$ac_new_val_w"; then + { $as_echo "$as_me:$LINENO: error: \`$ac_var' has changed since the previous run:" >&5 +$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} + ac_cache_corrupted=: + else + { $as_echo "$as_me:$LINENO: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 +$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} + eval $ac_var=\$ac_old_val + fi + { $as_echo "$as_me:$LINENO: former value: \`$ac_old_val'" >&5 +$as_echo "$as_me: former value: \`$ac_old_val'" >&2;} + { $as_echo "$as_me:$LINENO: current value: \`$ac_new_val'" >&5 +$as_echo "$as_me: current value: \`$ac_new_val'" >&2;} + fi;; + esac + # Pass precious variables to config.status. + if test "$ac_new_set" = set; then + case $ac_new_val in + *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; + *) ac_arg=$ac_var=$ac_new_val ;; + esac + case " $ac_configure_args " in + *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. + *) ac_configure_args="$ac_configure_args '$ac_arg'" ;; + esac + fi +done +if $ac_cache_corrupted; then + { $as_echo "$as_me:$LINENO: error: changes in the environment can compromise the build" >&5 +$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;} + { { $as_echo "$as_me:$LINENO: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&5 +$as_echo "$as_me: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&2;} + { (exit 1); exit 1; }; } +fi + + + + + + + + + + + + + + + + + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + + + +ac_aux_dir= +for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do + if test -f "$ac_dir/install-sh"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install-sh -c" + break + elif test -f "$ac_dir/install.sh"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install.sh -c" + break + elif test -f "$ac_dir/shtool"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/shtool install -c" + break + fi +done +if test -z "$ac_aux_dir"; then + { { $as_echo "$as_me:$LINENO: error: cannot find install-sh or install.sh in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" >&5 +$as_echo "$as_me: error: cannot find install-sh or install.sh in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" >&2;} + { (exit 1); exit 1; }; } +fi + +# These three variables are undocumented and unsupported, +# and are intended to be withdrawn in a future Autoconf release. +# They can cause serious problems if a builder's source tree is in a directory +# whose full name contains unusual characters. +ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var. +ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var. +ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. + + +# Make sure we can run config.sub. +$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 || + { { $as_echo "$as_me:$LINENO: error: cannot run $SHELL $ac_aux_dir/config.sub" >&5 +$as_echo "$as_me: error: cannot run $SHELL $ac_aux_dir/config.sub" >&2;} + { (exit 1); exit 1; }; } + +{ $as_echo "$as_me:$LINENO: checking build system type" >&5 +$as_echo_n "checking build system type... " >&6; } +if test "${ac_cv_build+set}" = set; then + $as_echo_n "(cached) " >&6 +else + ac_build_alias=$build_alias +test "x$ac_build_alias" = x && + ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"` +test "x$ac_build_alias" = x && + { { $as_echo "$as_me:$LINENO: error: cannot guess build type; you must specify one" >&5 +$as_echo "$as_me: error: cannot guess build type; you must specify one" >&2;} + { (exit 1); exit 1; }; } +ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` || + { { $as_echo "$as_me:$LINENO: error: $SHELL $ac_aux_dir/config.sub $ac_build_alias failed" >&5 +$as_echo "$as_me: error: $SHELL $ac_aux_dir/config.sub $ac_build_alias failed" >&2;} + { (exit 1); exit 1; }; } + +fi +{ $as_echo "$as_me:$LINENO: result: $ac_cv_build" >&5 +$as_echo "$ac_cv_build" >&6; } +case $ac_cv_build in +*-*-*) ;; +*) { { $as_echo "$as_me:$LINENO: error: invalid value of canonical build" >&5 +$as_echo "$as_me: error: invalid value of canonical build" >&2;} + { (exit 1); exit 1; }; };; +esac +build=$ac_cv_build +ac_save_IFS=$IFS; IFS='-' +set x $ac_cv_build +shift +build_cpu=$1 +build_vendor=$2 +shift; shift +# Remember, the first character of IFS is used to create $*, +# except with old shells: +build_os=$* +IFS=$ac_save_IFS +case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac + + +{ $as_echo "$as_me:$LINENO: checking host system type" >&5 +$as_echo_n "checking host system type... " >&6; } +if test "${ac_cv_host+set}" = set; then + $as_echo_n "(cached) " >&6 +else + if test "x$host_alias" = x; then + ac_cv_host=$ac_cv_build +else + ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` || + { { $as_echo "$as_me:$LINENO: error: $SHELL $ac_aux_dir/config.sub $host_alias failed" >&5 +$as_echo "$as_me: error: $SHELL $ac_aux_dir/config.sub $host_alias failed" >&2;} + { (exit 1); exit 1; }; } +fi + +fi +{ $as_echo "$as_me:$LINENO: result: $ac_cv_host" >&5 +$as_echo "$ac_cv_host" >&6; } +case $ac_cv_host in +*-*-*) ;; +*) { { $as_echo "$as_me:$LINENO: error: invalid value of canonical host" >&5 +$as_echo "$as_me: error: invalid value of canonical host" >&2;} + { (exit 1); exit 1; }; };; +esac +host=$ac_cv_host +ac_save_IFS=$IFS; IFS='-' +set x $ac_cv_host +shift +host_cpu=$1 +host_vendor=$2 +shift; shift +# Remember, the first character of IFS is used to create $*, +# except with old shells: +host_os=$* +IFS=$ac_save_IFS +case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac + + +{ $as_echo "$as_me:$LINENO: checking target system type" >&5 +$as_echo_n "checking target system type... " >&6; } +if test "${ac_cv_target+set}" = set; then + $as_echo_n "(cached) " >&6 +else + if test "x$target_alias" = x; then + ac_cv_target=$ac_cv_host +else + ac_cv_target=`$SHELL "$ac_aux_dir/config.sub" $target_alias` || + { { $as_echo "$as_me:$LINENO: error: $SHELL $ac_aux_dir/config.sub $target_alias failed" >&5 +$as_echo "$as_me: error: $SHELL $ac_aux_dir/config.sub $target_alias failed" >&2;} + { (exit 1); exit 1; }; } +fi + +fi +{ $as_echo "$as_me:$LINENO: result: $ac_cv_target" >&5 +$as_echo "$ac_cv_target" >&6; } +case $ac_cv_target in +*-*-*) ;; +*) { { $as_echo "$as_me:$LINENO: error: invalid value of canonical target" >&5 +$as_echo "$as_me: error: invalid value of canonical target" >&2;} + { (exit 1); exit 1; }; };; +esac +target=$ac_cv_target +ac_save_IFS=$IFS; IFS='-' +set x $ac_cv_target +shift +target_cpu=$1 +target_vendor=$2 +shift; shift +# Remember, the first character of IFS is used to create $*, +# except with old shells: +target_os=$* +IFS=$ac_save_IFS +case $target_os in *\ *) target_os=`echo "$target_os" | sed 's/ /-/g'`;; esac + + +# The aliases save the names the user supplied, while $host etc. +# will get canonicalized. +test -n "$target_alias" && + test "$program_prefix$program_suffix$program_transform_name" = \ + NONENONEs,x,x, && + program_prefix=${target_alias}- + +umask 002 + +if test -z "$PWD" ; then + PWD=`pwd` +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. +set dummy ${ac_tool_prefix}gcc; ac_word=$2 +{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_CC+set}" = set; then + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_CC="${ac_tool_prefix}gcc" + $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:$LINENO: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:$LINENO: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_CC"; then + ac_ct_CC=$CC + # Extract the first word of "gcc", so it can be a program name with args. +set dummy gcc; ac_word=$2 +{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_ac_ct_CC+set}" = set; then + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_CC="gcc" + $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + { $as_echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 +$as_echo "$ac_ct_CC" >&6; } +else + { $as_echo "$as_me:$LINENO: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_CC" = x; then + CC="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools +whose name does not start with the host triplet. If you think this +configuration is useful to you, please write to autoconf@gnu.org." >&5 +$as_echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools +whose name does not start with the host triplet. If you think this +configuration is useful to you, please write to autoconf@gnu.org." >&2;} +ac_tool_warned=yes ;; +esac + CC=$ac_ct_CC + fi +else + CC="$ac_cv_prog_CC" +fi + +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. +set dummy ${ac_tool_prefix}cc; ac_word=$2 +{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_CC+set}" = set; then + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_CC="${ac_tool_prefix}cc" + $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:$LINENO: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:$LINENO: result: no" >&5 +$as_echo "no" >&6; } +fi + + + fi +fi +if test -z "$CC"; then + # Extract the first word of "cc", so it can be a program name with args. +set dummy cc; ac_word=$2 +{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_CC+set}" = set; then + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + ac_prog_rejected=no +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then + ac_prog_rejected=yes + continue + fi + ac_cv_prog_CC="cc" + $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +if test $ac_prog_rejected = yes; then + # We found a bogon in the path, so make sure we never use it. + set dummy $ac_cv_prog_CC + shift + if test $# != 0; then + # We chose a different compiler from the bogus one. + # However, it has the same basename, so the bogon will be chosen + # first if we set CC to just the basename; use the full file name. + shift + ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" + fi +fi +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:$LINENO: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:$LINENO: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + for ac_prog in cl.exe + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_CC+set}" = set; then + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_CC="$ac_tool_prefix$ac_prog" + $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:$LINENO: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:$LINENO: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$CC" && break + done +fi +if test -z "$CC"; then + ac_ct_CC=$CC + for ac_prog in cl.exe +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_ac_ct_CC+set}" = set; then + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_CC="$ac_prog" + $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + { $as_echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 +$as_echo "$ac_ct_CC" >&6; } +else + { $as_echo "$as_me:$LINENO: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$ac_ct_CC" && break +done + + if test "x$ac_ct_CC" = x; then + CC="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools +whose name does not start with the host triplet. If you think this +configuration is useful to you, please write to autoconf@gnu.org." >&5 +$as_echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools +whose name does not start with the host triplet. If you think this +configuration is useful to you, please write to autoconf@gnu.org." >&2;} +ac_tool_warned=yes ;; +esac + CC=$ac_ct_CC + fi +fi + +fi + + +test -z "$CC" && { { $as_echo "$as_me:$LINENO: error: no acceptable C compiler found in \$PATH +See \`config.log' for more details." >&5 +$as_echo "$as_me: error: no acceptable C compiler found in \$PATH +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } + +# Provide some information about the compiler. +$as_echo "$as_me:$LINENO: checking for C compiler version" >&5 +set X $ac_compile +ac_compiler=$2 +{ (ac_try="$ac_compiler --version >&5" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compiler --version >&5") 2>&5 + ac_status=$? + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } +{ (ac_try="$ac_compiler -v >&5" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compiler -v >&5") 2>&5 + ac_status=$? + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } +{ (ac_try="$ac_compiler -V >&5" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compiler -V >&5") 2>&5 + ac_status=$? + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } + +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out" +# Try to create an executable without -o first, disregard a.out. +# It will help us diagnose broken compilers, and finding out an intuition +# of exeext. +{ $as_echo "$as_me:$LINENO: checking for C compiler default output file name" >&5 +$as_echo_n "checking for C compiler default output file name... " >&6; } +ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` + +# The possible output files: +ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*" + +ac_rmfiles= +for ac_file in $ac_files +do + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; + * ) ac_rmfiles="$ac_rmfiles $ac_file";; + esac +done +rm -f $ac_rmfiles + +if { (ac_try="$ac_link_default" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_link_default") 2>&5 + ac_status=$? + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; then + # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. +# So ignore a value of `no', otherwise this would lead to `EXEEXT = no' +# in a Makefile. We should not override ac_cv_exeext if it was cached, +# so that the user can short-circuit this test for compilers unknown to +# Autoconf. +for ac_file in $ac_files '' +do + test -f "$ac_file" || continue + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) + ;; + [ab].out ) + # We found the default executable, but exeext='' is most + # certainly right. + break;; + *.* ) + if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no; + then :; else + ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + fi + # We set ac_cv_exeext here because the later test for it is not + # safe: cross compilers may not add the suffix if given an `-o' + # argument, so we may need to know it at that point already. + # Even if this section looks crufty: it has the advantage of + # actually working. + break;; + * ) + break;; + esac +done +test "$ac_cv_exeext" = no && ac_cv_exeext= + +else + ac_file='' +fi + +{ $as_echo "$as_me:$LINENO: result: $ac_file" >&5 +$as_echo "$ac_file" >&6; } +if test -z "$ac_file"; then + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +{ { $as_echo "$as_me:$LINENO: error: C compiler cannot create executables +See \`config.log' for more details." >&5 +$as_echo "$as_me: error: C compiler cannot create executables +See \`config.log' for more details." >&2;} + { (exit 77); exit 77; }; } +fi + +ac_exeext=$ac_cv_exeext + +# Check that the compiler produces executables we can run. If not, either +# the compiler is broken, or we cross compile. +{ $as_echo "$as_me:$LINENO: checking whether the C compiler works" >&5 +$as_echo_n "checking whether the C compiler works... " >&6; } +# FIXME: These cross compiler hacks should be removed for Autoconf 3.0 +# If not cross compiling, check that we can run a simple program. +if test "$cross_compiling" != yes; then + if { ac_try='./$ac_file' + { (case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + cross_compiling=no + else + if test "$cross_compiling" = maybe; then + cross_compiling=yes + else + { { $as_echo "$as_me:$LINENO: error: cannot run C compiled programs. +If you meant to cross compile, use \`--host'. +See \`config.log' for more details." >&5 +$as_echo "$as_me: error: cannot run C compiled programs. +If you meant to cross compile, use \`--host'. +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } + fi + fi +fi +{ $as_echo "$as_me:$LINENO: result: yes" >&5 +$as_echo "yes" >&6; } + +rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out +ac_clean_files=$ac_clean_files_save +# Check that the compiler produces executables we can run. If not, either +# the compiler is broken, or we cross compile. +{ $as_echo "$as_me:$LINENO: checking whether we are cross compiling" >&5 +$as_echo_n "checking whether we are cross compiling... " >&6; } +{ $as_echo "$as_me:$LINENO: result: $cross_compiling" >&5 +$as_echo "$cross_compiling" >&6; } + +{ $as_echo "$as_me:$LINENO: checking for suffix of executables" >&5 +$as_echo_n "checking for suffix of executables... " >&6; } +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; then + # If both `conftest.exe' and `conftest' are `present' (well, observable) +# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will +# work properly (i.e., refer to `conftest.exe'), while it won't with +# `rm'. +for ac_file in conftest.exe conftest conftest.*; do + test -f "$ac_file" || continue + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; + *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + break;; + * ) break;; + esac +done +else + { { $as_echo "$as_me:$LINENO: error: cannot compute suffix of executables: cannot compile and link +See \`config.log' for more details." >&5 +$as_echo "$as_me: error: cannot compute suffix of executables: cannot compile and link +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } +fi + +rm -f conftest$ac_cv_exeext +{ $as_echo "$as_me:$LINENO: result: $ac_cv_exeext" >&5 +$as_echo "$ac_cv_exeext" >&6; } + +rm -f conftest.$ac_ext +EXEEXT=$ac_cv_exeext +ac_exeext=$EXEEXT +{ $as_echo "$as_me:$LINENO: checking for suffix of object files" >&5 +$as_echo_n "checking for suffix of object files... " >&6; } +if test "${ac_cv_objext+set}" = set; then + $as_echo_n "(cached) " >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.o conftest.obj +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>&5 + ac_status=$? + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; then + for ac_file in conftest.o conftest.obj conftest.*; do + test -f "$ac_file" || continue; + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; + *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` + break;; + esac +done +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +{ { $as_echo "$as_me:$LINENO: error: cannot compute suffix of object files: cannot compile +See \`config.log' for more details." >&5 +$as_echo "$as_me: error: cannot compute suffix of object files: cannot compile +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } +fi + +rm -f conftest.$ac_cv_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:$LINENO: result: $ac_cv_objext" >&5 +$as_echo "$ac_cv_objext" >&6; } +OBJEXT=$ac_cv_objext +ac_objext=$OBJEXT +{ $as_echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5 +$as_echo_n "checking whether we are using the GNU C compiler... " >&6; } +if test "${ac_cv_c_compiler_gnu+set}" = set; then + $as_echo_n "(cached) " >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ +#ifndef __GNUC__ + choke me +#endif + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_compiler_gnu=yes +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_compiler_gnu=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +ac_cv_c_compiler_gnu=$ac_compiler_gnu + +fi +{ $as_echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5 +$as_echo "$ac_cv_c_compiler_gnu" >&6; } +if test $ac_compiler_gnu = yes; then + GCC=yes +else + GCC= +fi +ac_test_CFLAGS=${CFLAGS+set} +ac_save_CFLAGS=$CFLAGS +{ $as_echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5 +$as_echo_n "checking whether $CC accepts -g... " >&6; } +if test "${ac_cv_prog_cc_g+set}" = set; then + $as_echo_n "(cached) " >&6 +else + ac_save_c_werror_flag=$ac_c_werror_flag + ac_c_werror_flag=yes + ac_cv_prog_cc_g=no + CFLAGS="-g" + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_prog_cc_g=yes +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + CFLAGS="" + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + : +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_c_werror_flag=$ac_save_c_werror_flag + CFLAGS="-g" + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_prog_cc_g=yes +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ac_c_werror_flag=$ac_save_c_werror_flag +fi +{ $as_echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5 +$as_echo "$ac_cv_prog_cc_g" >&6; } +if test "$ac_test_CFLAGS" = set; then + CFLAGS=$ac_save_CFLAGS +elif test $ac_cv_prog_cc_g = yes; then + if test "$GCC" = yes; then + CFLAGS="-g -O2" + else + CFLAGS="-g" + fi +else + if test "$GCC" = yes; then + CFLAGS="-O2" + else + CFLAGS= + fi +fi +{ $as_echo "$as_me:$LINENO: checking for $CC option to accept ISO C89" >&5 +$as_echo_n "checking for $CC option to accept ISO C89... " >&6; } +if test "${ac_cv_prog_cc_c89+set}" = set; then + $as_echo_n "(cached) " >&6 +else + ac_cv_prog_cc_c89=no +ac_save_CC=$CC +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +#include +#include +#include +/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ +struct buf { int x; }; +FILE * (*rcsopen) (struct buf *, struct stat *, int); +static char *e (p, i) + char **p; + int i; +{ + return p[i]; +} +static char *f (char * (*g) (char **, int), char **p, ...) +{ + char *s; + va_list v; + va_start (v,p); + s = g (p, va_arg (v,int)); + va_end (v); + return s; +} + +/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has + function prototypes and stuff, but not '\xHH' hex character constants. + These don't provoke an error unfortunately, instead are silently treated + as 'x'. The following induces an error, until -std is added to get + proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an + array size at least. It's necessary to write '\x00'==0 to get something + that's true only with -std. */ +int osf4_cc_array ['\x00' == 0 ? 1 : -1]; + +/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters + inside strings and character constants. */ +#define FOO(x) 'x' +int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; + +int test (int i, double x); +struct s1 {int (*f) (int a);}; +struct s2 {int (*f) (double a);}; +int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); +int argc; +char **argv; +int +main () +{ +return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; + ; + return 0; +} +_ACEOF +for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ + -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" +do + CC="$ac_save_CC $ac_arg" + rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_prog_cc_c89=$ac_arg +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + +fi + +rm -f core conftest.err conftest.$ac_objext + test "x$ac_cv_prog_cc_c89" != "xno" && break +done +rm -f conftest.$ac_ext +CC=$ac_save_CC + +fi +# AC_CACHE_VAL +case "x$ac_cv_prog_cc_c89" in + x) + { $as_echo "$as_me:$LINENO: result: none needed" >&5 +$as_echo "none needed" >&6; } ;; + xno) + { $as_echo "$as_me:$LINENO: result: unsupported" >&5 +$as_echo "unsupported" >&6; } ;; + *) + CC="$CC $ac_cv_prog_cc_c89" + { $as_echo "$as_me:$LINENO: result: $ac_cv_prog_cc_c89" >&5 +$as_echo "$ac_cv_prog_cc_c89" >&6; } ;; +esac + + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +{ $as_echo "$as_me:$LINENO: checking how to run the C preprocessor" >&5 +$as_echo_n "checking how to run the C preprocessor... " >&6; } +# On Suns, sometimes $CPP names a directory. +if test -n "$CPP" && test -d "$CPP"; then + CPP= +fi +if test -z "$CPP"; then + if test "${ac_cv_prog_CPP+set}" = set; then + $as_echo_n "(cached) " >&6 +else + # Double quotes because CPP needs to be expanded + for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" + do + ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer to if __STDC__ is defined, since + # exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#ifdef __STDC__ +# include +#else +# include +#endif + Syntax error +_ACEOF +if { (ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null && { + test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || + test ! -s conftest.err + }; then + : +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + # Broken: fails on valid input. +continue +fi + +rm -f conftest.err conftest.$ac_ext + + # OK, works on sane cases. Now check whether nonexistent headers + # can be detected and how. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +_ACEOF +if { (ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null && { + test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || + test ! -s conftest.err + }; then + # Broken: success on invalid input. +continue +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + # Passes both tests. +ac_preproc_ok=: +break +fi + +rm -f conftest.err conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.err conftest.$ac_ext +if $ac_preproc_ok; then + break +fi + + done + ac_cv_prog_CPP=$CPP + +fi + CPP=$ac_cv_prog_CPP +else + ac_cv_prog_CPP=$CPP +fi +{ $as_echo "$as_me:$LINENO: result: $CPP" >&5 +$as_echo "$CPP" >&6; } +ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer to if __STDC__ is defined, since + # exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#ifdef __STDC__ +# include +#else +# include +#endif + Syntax error +_ACEOF +if { (ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null && { + test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || + test ! -s conftest.err + }; then + : +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + # Broken: fails on valid input. +continue +fi + +rm -f conftest.err conftest.$ac_ext + + # OK, works on sane cases. Now check whether nonexistent headers + # can be detected and how. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +_ACEOF +if { (ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null && { + test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || + test ! -s conftest.err + }; then + # Broken: success on invalid input. +continue +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + # Passes both tests. +ac_preproc_ok=: +break +fi + +rm -f conftest.err conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.err conftest.$ac_ext +if $ac_preproc_ok; then + : +else + { { $as_echo "$as_me:$LINENO: error: C preprocessor \"$CPP\" fails sanity check +See \`config.log' for more details." >&5 +$as_echo "$as_me: error: C preprocessor \"$CPP\" fails sanity check +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + +{ $as_echo "$as_me:$LINENO: checking for grep that handles long lines and -e" >&5 +$as_echo_n "checking for grep that handles long lines and -e... " >&6; } +if test "${ac_cv_path_GREP+set}" = set; then + $as_echo_n "(cached) " >&6 +else + if test -z "$GREP"; then + ac_path_GREP_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in grep ggrep; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" + { test -f "$ac_path_GREP" && $as_test_x "$ac_path_GREP"; } || continue +# Check for GNU ac_path_GREP and select it if it is found. + # Check for GNU $ac_path_GREP +case `"$ac_path_GREP" --version 2>&1` in +*GNU*) + ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo 'GREP' >> "conftest.nl" + "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + ac_count=`expr $ac_count + 1` + if test $ac_count -gt ${ac_path_GREP_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_GREP="$ac_path_GREP" + ac_path_GREP_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_GREP_found && break 3 + done + done +done +IFS=$as_save_IFS + if test -z "$ac_cv_path_GREP"; then + { { $as_echo "$as_me:$LINENO: error: no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&5 +$as_echo "$as_me: error: no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&2;} + { (exit 1); exit 1; }; } + fi +else + ac_cv_path_GREP=$GREP +fi + +fi +{ $as_echo "$as_me:$LINENO: result: $ac_cv_path_GREP" >&5 +$as_echo "$ac_cv_path_GREP" >&6; } + GREP="$ac_cv_path_GREP" + + +{ $as_echo "$as_me:$LINENO: checking for egrep" >&5 +$as_echo_n "checking for egrep... " >&6; } +if test "${ac_cv_path_EGREP+set}" = set; then + $as_echo_n "(cached) " >&6 +else + if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 + then ac_cv_path_EGREP="$GREP -E" + else + if test -z "$EGREP"; then + ac_path_EGREP_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in egrep; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" + { test -f "$ac_path_EGREP" && $as_test_x "$ac_path_EGREP"; } || continue +# Check for GNU ac_path_EGREP and select it if it is found. + # Check for GNU $ac_path_EGREP +case `"$ac_path_EGREP" --version 2>&1` in +*GNU*) + ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo 'EGREP' >> "conftest.nl" + "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + ac_count=`expr $ac_count + 1` + if test $ac_count -gt ${ac_path_EGREP_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_EGREP="$ac_path_EGREP" + ac_path_EGREP_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_EGREP_found && break 3 + done + done +done +IFS=$as_save_IFS + if test -z "$ac_cv_path_EGREP"; then + { { $as_echo "$as_me:$LINENO: error: no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&5 +$as_echo "$as_me: error: no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&2;} + { (exit 1); exit 1; }; } + fi +else + ac_cv_path_EGREP=$EGREP +fi + + fi +fi +{ $as_echo "$as_me:$LINENO: result: $ac_cv_path_EGREP" >&5 +$as_echo "$ac_cv_path_EGREP" >&6; } + EGREP="$ac_cv_path_EGREP" + + +{ $as_echo "$as_me:$LINENO: checking for ANSI C header files" >&5 +$as_echo_n "checking for ANSI C header files... " >&6; } +if test "${ac_cv_header_stdc+set}" = set; then + $as_echo_n "(cached) " >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +#include +#include +#include + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_header_stdc=yes +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_cv_header_stdc=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +if test $ac_cv_header_stdc = yes; then + # SunOS 4.x string.h does not declare mem*, contrary to ANSI. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "memchr" >/dev/null 2>&1; then + : +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "free" >/dev/null 2>&1; then + : +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. + if test "$cross_compiling" = yes; then + : +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +#include +#if ((' ' & 0x0FF) == 0x020) +# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') +# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) +#else +# define ISLOWER(c) \ + (('a' <= (c) && (c) <= 'i') \ + || ('j' <= (c) && (c) <= 'r') \ + || ('s' <= (c) && (c) <= 'z')) +# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) +#endif + +#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) +int +main () +{ + int i; + for (i = 0; i < 256; i++) + if (XOR (islower (i), ISLOWER (i)) + || toupper (i) != TOUPPER (i)) + return 2; + return 0; +} +_ACEOF +rm -f conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { ac_try='./conftest$ac_exeext' + { (case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + : +else + $as_echo "$as_me: program exited with status $ac_status" >&5 +$as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +( exit $ac_status ) +ac_cv_header_stdc=no +fi +rm -rf conftest.dSYM +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +fi + + +fi +fi +{ $as_echo "$as_me:$LINENO: result: $ac_cv_header_stdc" >&5 +$as_echo "$ac_cv_header_stdc" >&6; } +if test $ac_cv_header_stdc = yes; then + +cat >>confdefs.h <<\_ACEOF +#define STDC_HEADERS 1 +_ACEOF + +fi + +# On IRIX 5.3, sys/types and inttypes.h are conflicting. + + + + + + + + + +for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ + inttypes.h stdint.h unistd.h +do +as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +{ $as_echo "$as_me:$LINENO: checking for $ac_header" >&5 +$as_echo_n "checking for $ac_header... " >&6; } +if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then + $as_echo_n "(cached) " >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default + +#include <$ac_header> +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + eval "$as_ac_Header=yes" +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + eval "$as_ac_Header=no" +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +ac_res=`eval 'as_val=${'$as_ac_Header'} + $as_echo "$as_val"'` + { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +if test `eval 'as_val=${'$as_ac_Header'} + $as_echo "$as_val"'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + + + # Check whether --enable-optimization was given. +if test "${enable_optimization+set}" = set; then + enableval=$enable_optimization; ac_cv_without_optimization=${withval} +fi + + + + + +# Check whether --with-gcc was given. +if test "${with_gcc+set}" = set; then + withval=$with_gcc; +fi + + + if test "${ac_cv_header_minix_config_h+set}" = set; then + { $as_echo "$as_me:$LINENO: checking for minix/config.h" >&5 +$as_echo_n "checking for minix/config.h... " >&6; } +if test "${ac_cv_header_minix_config_h+set}" = set; then + $as_echo_n "(cached) " >&6 +fi +{ $as_echo "$as_me:$LINENO: result: $ac_cv_header_minix_config_h" >&5 +$as_echo "$ac_cv_header_minix_config_h" >&6; } +else + # Is the header compilable? +{ $as_echo "$as_me:$LINENO: checking minix/config.h usability" >&5 +$as_echo_n "checking minix/config.h usability... " >&6; } +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +#include +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_header_compiler=yes +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_compiler=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +{ $as_echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 +$as_echo "$ac_header_compiler" >&6; } + +# Is the header present? +{ $as_echo "$as_me:$LINENO: checking minix/config.h presence" >&5 +$as_echo_n "checking minix/config.h presence... " >&6; } +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +_ACEOF +if { (ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null && { + test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || + test ! -s conftest.err + }; then + ac_header_preproc=yes +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_preproc=no +fi + +rm -f conftest.err conftest.$ac_ext +{ $as_echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 +$as_echo "$ac_header_preproc" >&6; } + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in + yes:no: ) + { $as_echo "$as_me:$LINENO: WARNING: minix/config.h: accepted by the compiler, rejected by the preprocessor!" >&5 +$as_echo "$as_me: WARNING: minix/config.h: accepted by the compiler, rejected by the preprocessor!" >&2;} + { $as_echo "$as_me:$LINENO: WARNING: minix/config.h: proceeding with the compiler's result" >&5 +$as_echo "$as_me: WARNING: minix/config.h: proceeding with the compiler's result" >&2;} + ac_header_preproc=yes + ;; + no:yes:* ) + { $as_echo "$as_me:$LINENO: WARNING: minix/config.h: present but cannot be compiled" >&5 +$as_echo "$as_me: WARNING: minix/config.h: present but cannot be compiled" >&2;} + { $as_echo "$as_me:$LINENO: WARNING: minix/config.h: check for missing prerequisite headers?" >&5 +$as_echo "$as_me: WARNING: minix/config.h: check for missing prerequisite headers?" >&2;} + { $as_echo "$as_me:$LINENO: WARNING: minix/config.h: see the Autoconf documentation" >&5 +$as_echo "$as_me: WARNING: minix/config.h: see the Autoconf documentation" >&2;} + { $as_echo "$as_me:$LINENO: WARNING: minix/config.h: section \"Present But Cannot Be Compiled\"" >&5 +$as_echo "$as_me: WARNING: minix/config.h: section \"Present But Cannot Be Compiled\"" >&2;} + { $as_echo "$as_me:$LINENO: WARNING: minix/config.h: proceeding with the preprocessor's result" >&5 +$as_echo "$as_me: WARNING: minix/config.h: proceeding with the preprocessor's result" >&2;} + { $as_echo "$as_me:$LINENO: WARNING: minix/config.h: in the future, the compiler will take precedence" >&5 +$as_echo "$as_me: WARNING: minix/config.h: in the future, the compiler will take precedence" >&2;} + + ;; +esac +{ $as_echo "$as_me:$LINENO: checking for minix/config.h" >&5 +$as_echo_n "checking for minix/config.h... " >&6; } +if test "${ac_cv_header_minix_config_h+set}" = set; then + $as_echo_n "(cached) " >&6 +else + ac_cv_header_minix_config_h=$ac_header_preproc +fi +{ $as_echo "$as_me:$LINENO: result: $ac_cv_header_minix_config_h" >&5 +$as_echo "$ac_cv_header_minix_config_h" >&6; } + +fi +if test $ac_cv_header_minix_config_h = yes; then + MINIX=yes +else + MINIX= +fi + + + if test "$MINIX" = yes; then + +cat >>confdefs.h <<\_ACEOF +#define _POSIX_SOURCE 1 +_ACEOF + + +cat >>confdefs.h <<\_ACEOF +#define _POSIX_1_SOURCE 2 +_ACEOF + + +cat >>confdefs.h <<\_ACEOF +#define _MINIX 1 +_ACEOF + + fi + + + + { $as_echo "$as_me:$LINENO: checking whether it is safe to define __EXTENSIONS__" >&5 +$as_echo_n "checking whether it is safe to define __EXTENSIONS__... " >&6; } +if test "${ac_cv_safe_to_define___extensions__+set}" = set; then + $as_echo_n "(cached) " >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +# define __EXTENSIONS__ 1 + $ac_includes_default +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_safe_to_define___extensions__=yes +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_cv_safe_to_define___extensions__=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:$LINENO: result: $ac_cv_safe_to_define___extensions__" >&5 +$as_echo "$ac_cv_safe_to_define___extensions__" >&6; } + test $ac_cv_safe_to_define___extensions__ = yes && + cat >>confdefs.h <<\_ACEOF +#define __EXTENSIONS__ 1 +_ACEOF + + cat >>confdefs.h <<\_ACEOF +#define _ALL_SOURCE 1 +_ACEOF + + cat >>confdefs.h <<\_ACEOF +#define _GNU_SOURCE 1 +_ACEOF + + cat >>confdefs.h <<\_ACEOF +#define _POSIX_PTHREAD_SEMANTICS 1 +_ACEOF + + cat >>confdefs.h <<\_ACEOF +#define _TANDEM_SOURCE 1 +_ACEOF + + + V_CCOPT="" + if test "${ac_cv_without_optimization+set}" != set; then + V_CCOPT="-O" + fi + V_INCLS="" + if test "${srcdir}" != "." ; then + V_INCLS="-I\$\(srcdir\)" + fi + if test -z "$CC" ; then + case "$target_os" in + + bsdi*) + # Extract the first word of "shlicc2", so it can be a program name with args. +set dummy shlicc2; ac_word=$2 +{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_SHLICC2+set}" = set; then + $as_echo_n "(cached) " >&6 +else + if test -n "$SHLICC2"; then + ac_cv_prog_SHLICC2="$SHLICC2" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_SHLICC2="yes" + $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + + test -z "$ac_cv_prog_SHLICC2" && ac_cv_prog_SHLICC2="no" +fi +fi +SHLICC2=$ac_cv_prog_SHLICC2 +if test -n "$SHLICC2"; then + { $as_echo "$as_me:$LINENO: result: $SHLICC2" >&5 +$as_echo "$SHLICC2" >&6; } +else + { $as_echo "$as_me:$LINENO: result: no" >&5 +$as_echo "no" >&6; } +fi + + + if test $SHLICC2 = yes ; then + CC=shlicc2 + export CC + fi + ;; + esac + fi + if test -z "$CC" -a "$with_gcc" = no ; then + CC=cc + export CC + fi + ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. +set dummy ${ac_tool_prefix}gcc; ac_word=$2 +{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_CC+set}" = set; then + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_CC="${ac_tool_prefix}gcc" + $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:$LINENO: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:$LINENO: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_CC"; then + ac_ct_CC=$CC + # Extract the first word of "gcc", so it can be a program name with args. +set dummy gcc; ac_word=$2 +{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_ac_ct_CC+set}" = set; then + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_CC="gcc" + $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + { $as_echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 +$as_echo "$ac_ct_CC" >&6; } +else + { $as_echo "$as_me:$LINENO: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_CC" = x; then + CC="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools +whose name does not start with the host triplet. If you think this +configuration is useful to you, please write to autoconf@gnu.org." >&5 +$as_echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools +whose name does not start with the host triplet. If you think this +configuration is useful to you, please write to autoconf@gnu.org." >&2;} +ac_tool_warned=yes ;; +esac + CC=$ac_ct_CC + fi +else + CC="$ac_cv_prog_CC" +fi + +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. +set dummy ${ac_tool_prefix}cc; ac_word=$2 +{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_CC+set}" = set; then + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_CC="${ac_tool_prefix}cc" + $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:$LINENO: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:$LINENO: result: no" >&5 +$as_echo "no" >&6; } +fi + + + fi +fi +if test -z "$CC"; then + # Extract the first word of "cc", so it can be a program name with args. +set dummy cc; ac_word=$2 +{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_CC+set}" = set; then + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + ac_prog_rejected=no +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then + ac_prog_rejected=yes + continue + fi + ac_cv_prog_CC="cc" + $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +if test $ac_prog_rejected = yes; then + # We found a bogon in the path, so make sure we never use it. + set dummy $ac_cv_prog_CC + shift + if test $# != 0; then + # We chose a different compiler from the bogus one. + # However, it has the same basename, so the bogon will be chosen + # first if we set CC to just the basename; use the full file name. + shift + ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" + fi +fi +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:$LINENO: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:$LINENO: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + for ac_prog in cl.exe + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_CC+set}" = set; then + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_CC="$ac_tool_prefix$ac_prog" + $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:$LINENO: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:$LINENO: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$CC" && break + done +fi +if test -z "$CC"; then + ac_ct_CC=$CC + for ac_prog in cl.exe +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_ac_ct_CC+set}" = set; then + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_CC="$ac_prog" + $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + { $as_echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 +$as_echo "$ac_ct_CC" >&6; } +else + { $as_echo "$as_me:$LINENO: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$ac_ct_CC" && break +done + + if test "x$ac_ct_CC" = x; then + CC="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools +whose name does not start with the host triplet. If you think this +configuration is useful to you, please write to autoconf@gnu.org." >&5 +$as_echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools +whose name does not start with the host triplet. If you think this +configuration is useful to you, please write to autoconf@gnu.org." >&2;} +ac_tool_warned=yes ;; +esac + CC=$ac_ct_CC + fi +fi + +fi + + +test -z "$CC" && { { $as_echo "$as_me:$LINENO: error: no acceptable C compiler found in \$PATH +See \`config.log' for more details." >&5 +$as_echo "$as_me: error: no acceptable C compiler found in \$PATH +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } + +# Provide some information about the compiler. +$as_echo "$as_me:$LINENO: checking for C compiler version" >&5 +set X $ac_compile +ac_compiler=$2 +{ (ac_try="$ac_compiler --version >&5" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compiler --version >&5") 2>&5 + ac_status=$? + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } +{ (ac_try="$ac_compiler -v >&5" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compiler -v >&5") 2>&5 + ac_status=$? + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } +{ (ac_try="$ac_compiler -V >&5" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compiler -V >&5") 2>&5 + ac_status=$? + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } + +{ $as_echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5 +$as_echo_n "checking whether we are using the GNU C compiler... " >&6; } +if test "${ac_cv_c_compiler_gnu+set}" = set; then + $as_echo_n "(cached) " >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ +#ifndef __GNUC__ + choke me +#endif + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_compiler_gnu=yes +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_compiler_gnu=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +ac_cv_c_compiler_gnu=$ac_compiler_gnu + +fi +{ $as_echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5 +$as_echo "$ac_cv_c_compiler_gnu" >&6; } +if test $ac_compiler_gnu = yes; then + GCC=yes +else + GCC= +fi +ac_test_CFLAGS=${CFLAGS+set} +ac_save_CFLAGS=$CFLAGS +{ $as_echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5 +$as_echo_n "checking whether $CC accepts -g... " >&6; } +if test "${ac_cv_prog_cc_g+set}" = set; then + $as_echo_n "(cached) " >&6 +else + ac_save_c_werror_flag=$ac_c_werror_flag + ac_c_werror_flag=yes + ac_cv_prog_cc_g=no + CFLAGS="-g" + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_prog_cc_g=yes +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + CFLAGS="" + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + : +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_c_werror_flag=$ac_save_c_werror_flag + CFLAGS="-g" + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_prog_cc_g=yes +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ac_c_werror_flag=$ac_save_c_werror_flag +fi +{ $as_echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5 +$as_echo "$ac_cv_prog_cc_g" >&6; } +if test "$ac_test_CFLAGS" = set; then + CFLAGS=$ac_save_CFLAGS +elif test $ac_cv_prog_cc_g = yes; then + if test "$GCC" = yes; then + CFLAGS="-g -O2" + else + CFLAGS="-g" + fi +else + if test "$GCC" = yes; then + CFLAGS="-O2" + else + CFLAGS= + fi +fi +{ $as_echo "$as_me:$LINENO: checking for $CC option to accept ISO C89" >&5 +$as_echo_n "checking for $CC option to accept ISO C89... " >&6; } +if test "${ac_cv_prog_cc_c89+set}" = set; then + $as_echo_n "(cached) " >&6 +else + ac_cv_prog_cc_c89=no +ac_save_CC=$CC +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +#include +#include +#include +/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ +struct buf { int x; }; +FILE * (*rcsopen) (struct buf *, struct stat *, int); +static char *e (p, i) + char **p; + int i; +{ + return p[i]; +} +static char *f (char * (*g) (char **, int), char **p, ...) +{ + char *s; + va_list v; + va_start (v,p); + s = g (p, va_arg (v,int)); + va_end (v); + return s; +} + +/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has + function prototypes and stuff, but not '\xHH' hex character constants. + These don't provoke an error unfortunately, instead are silently treated + as 'x'. The following induces an error, until -std is added to get + proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an + array size at least. It's necessary to write '\x00'==0 to get something + that's true only with -std. */ +int osf4_cc_array ['\x00' == 0 ? 1 : -1]; + +/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters + inside strings and character constants. */ +#define FOO(x) 'x' +int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; + +int test (int i, double x); +struct s1 {int (*f) (int a);}; +struct s2 {int (*f) (double a);}; +int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); +int argc; +char **argv; +int +main () +{ +return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; + ; + return 0; +} +_ACEOF +for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ + -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" +do + CC="$ac_save_CC $ac_arg" + rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_prog_cc_c89=$ac_arg +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + +fi + +rm -f core conftest.err conftest.$ac_objext + test "x$ac_cv_prog_cc_c89" != "xno" && break +done +rm -f conftest.$ac_ext +CC=$ac_save_CC + +fi +# AC_CACHE_VAL +case "x$ac_cv_prog_cc_c89" in + x) + { $as_echo "$as_me:$LINENO: result: none needed" >&5 +$as_echo "none needed" >&6; } ;; + xno) + { $as_echo "$as_me:$LINENO: result: unsupported" >&5 +$as_echo "unsupported" >&6; } ;; + *) + CC="$CC $ac_cv_prog_cc_c89" + { $as_echo "$as_me:$LINENO: result: $ac_cv_prog_cc_c89" >&5 +$as_echo "$ac_cv_prog_cc_c89" >&6; } ;; +esac + + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + # Check whether --enable-largefile was given. +if test "${enable_largefile+set}" = set; then + enableval=$enable_largefile; +fi + +if test "$enable_largefile" != no; then + + { $as_echo "$as_me:$LINENO: checking for special C compiler options needed for large files" >&5 +$as_echo_n "checking for special C compiler options needed for large files... " >&6; } +if test "${ac_cv_sys_largefile_CC+set}" = set; then + $as_echo_n "(cached) " >&6 +else + ac_cv_sys_largefile_CC=no + if test "$GCC" != yes; then + ac_save_CC=$CC + while :; do + # IRIX 6.2 and later do not support large files by default, + # so use the C compiler's -n32 option if that helps. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +int +main () +{ + + ; + return 0; +} +_ACEOF + rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + break +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + +fi + +rm -f core conftest.err conftest.$ac_objext + CC="$CC -n32" + rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_sys_largefile_CC=' -n32'; break +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + +fi + +rm -f core conftest.err conftest.$ac_objext + break + done + CC=$ac_save_CC + rm -f conftest.$ac_ext + fi +fi +{ $as_echo "$as_me:$LINENO: result: $ac_cv_sys_largefile_CC" >&5 +$as_echo "$ac_cv_sys_largefile_CC" >&6; } + if test "$ac_cv_sys_largefile_CC" != no; then + CC=$CC$ac_cv_sys_largefile_CC + fi + + { $as_echo "$as_me:$LINENO: checking for _FILE_OFFSET_BITS value needed for large files" >&5 +$as_echo_n "checking for _FILE_OFFSET_BITS value needed for large files... " >&6; } +if test "${ac_cv_sys_file_offset_bits+set}" = set; then + $as_echo_n "(cached) " >&6 +else + while :; do + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_sys_file_offset_bits=no; break +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#define _FILE_OFFSET_BITS 64 +#include + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_sys_file_offset_bits=64; break +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ac_cv_sys_file_offset_bits=unknown + break +done +fi +{ $as_echo "$as_me:$LINENO: result: $ac_cv_sys_file_offset_bits" >&5 +$as_echo "$ac_cv_sys_file_offset_bits" >&6; } +case $ac_cv_sys_file_offset_bits in #( + no | unknown) ;; + *) +cat >>confdefs.h <<_ACEOF +#define _FILE_OFFSET_BITS $ac_cv_sys_file_offset_bits +_ACEOF +;; +esac +rm -rf conftest* + if test $ac_cv_sys_file_offset_bits = unknown; then + { $as_echo "$as_me:$LINENO: checking for _LARGE_FILES value needed for large files" >&5 +$as_echo_n "checking for _LARGE_FILES value needed for large files... " >&6; } +if test "${ac_cv_sys_large_files+set}" = set; then + $as_echo_n "(cached) " >&6 +else + while :; do + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_sys_large_files=no; break +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#define _LARGE_FILES 1 +#include + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_sys_large_files=1; break +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ac_cv_sys_large_files=unknown + break +done +fi +{ $as_echo "$as_me:$LINENO: result: $ac_cv_sys_large_files" >&5 +$as_echo "$ac_cv_sys_large_files" >&6; } +case $ac_cv_sys_large_files in #( + no | unknown) ;; + *) +cat >>confdefs.h <<_ACEOF +#define _LARGE_FILES $ac_cv_sys_large_files +_ACEOF +;; +esac +rm -rf conftest* + fi +fi + + if test "$GCC" != yes ; then + { $as_echo "$as_me:$LINENO: checking that $CC handles ansi prototypes" >&5 +$as_echo_n "checking that $CC handles ansi prototypes... " >&6; } + if test "${ac_cv_lbl_cc_ansi_prototypes+set}" = set; then + $as_echo_n "(cached) " >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +int +main () +{ +int frob(int, char *) + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_lbl_cc_ansi_prototypes=yes +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_cv_lbl_cc_ansi_prototypes=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi + + { $as_echo "$as_me:$LINENO: result: $ac_cv_lbl_cc_ansi_prototypes" >&5 +$as_echo "$ac_cv_lbl_cc_ansi_prototypes" >&6; } + if test $ac_cv_lbl_cc_ansi_prototypes = no ; then + case "$target_os" in + + hpux*) + { $as_echo "$as_me:$LINENO: checking for HP-UX ansi compiler ($CC -Aa -D_HPUX_SOURCE)" >&5 +$as_echo_n "checking for HP-UX ansi compiler ($CC -Aa -D_HPUX_SOURCE)... " >&6; } + savedcflags="$CFLAGS" + CFLAGS="-Aa -D_HPUX_SOURCE $CFLAGS" + if test "${ac_cv_lbl_cc_hpux_cc_aa+set}" = set; then + $as_echo_n "(cached) " >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +int +main () +{ +int frob(int, char *) + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_lbl_cc_hpux_cc_aa=yes +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_cv_lbl_cc_hpux_cc_aa=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi + + { $as_echo "$as_me:$LINENO: result: $ac_cv_lbl_cc_hpux_cc_aa" >&5 +$as_echo "$ac_cv_lbl_cc_hpux_cc_aa" >&6; } + if test $ac_cv_lbl_cc_hpux_cc_aa = no ; then + { { $as_echo "$as_me:$LINENO: error: see the INSTALL doc for more info" >&5 +$as_echo "$as_me: error: see the INSTALL doc for more info" >&2;} + { (exit 1); exit 1; }; } + fi + CFLAGS="$savedcflags" + V_CCOPT="-Aa $V_CCOPT" + +cat >>confdefs.h <<\_ACEOF +#define _HPUX_SOURCE /**/ +_ACEOF + + ;; + + *) + { { $as_echo "$as_me:$LINENO: error: see the INSTALL doc for more info" >&5 +$as_echo "$as_me: error: see the INSTALL doc for more info" >&2;} + { (exit 1); exit 1; }; } + ;; + esac + fi + V_INCLS="$V_INCLS -I/usr/local/include" + LDFLAGS="$LDFLAGS -L/usr/local/lib" + + case "$target_os" in + + irix*) + V_CCOPT="$V_CCOPT -xansi -signed -g3" + ;; + + osf*) + V_CCOPT="$V_CCOPT -std1 -g3" + ;; + + ultrix*) + { $as_echo "$as_me:$LINENO: checking that Ultrix $CC hacks const in prototypes" >&5 +$as_echo_n "checking that Ultrix $CC hacks const in prototypes... " >&6; } + if test "${ac_cv_lbl_cc_const_proto+set}" = set; then + $as_echo_n "(cached) " >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +int +main () +{ +struct a { int b; }; + void c(const struct a *) + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_lbl_cc_const_proto=yes +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_cv_lbl_cc_const_proto=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi + + { $as_echo "$as_me:$LINENO: result: $ac_cv_lbl_cc_const_proto" >&5 +$as_echo "$ac_cv_lbl_cc_const_proto" >&6; } + if test $ac_cv_lbl_cc_const_proto = no ; then + +cat >>confdefs.h <<\_ACEOF +#define const /**/ +_ACEOF + + fi + ;; + esac + fi + +# Find a good install program. We prefer a C program (faster), +# so one script is as good as another. But avoid the broken or +# incompatible versions: +# SysV /etc/install, /usr/sbin/install +# SunOS /usr/etc/install +# IRIX /sbin/install +# AIX /bin/install +# AmigaOS /C/install, which installs bootblocks on floppy discs +# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag +# AFS /usr/afsws/bin/install, which mishandles nonexistent args +# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" +# OS/2's system install, which has a completely different semantic +# ./install, which can be erroneously created by make from ./install.sh. +# Reject install programs that cannot install multiple files. +{ $as_echo "$as_me:$LINENO: checking for a BSD-compatible install" >&5 +$as_echo_n "checking for a BSD-compatible install... " >&6; } +if test -z "$INSTALL"; then +if test "${ac_cv_path_install+set}" = set; then + $as_echo_n "(cached) " >&6 +else + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + # Account for people who put trailing slashes in PATH elements. +case $as_dir/ in + ./ | .// | /cC/* | \ + /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ + ?:\\/os2\\/install\\/* | ?:\\/OS2\\/INSTALL\\/* | \ + /usr/ucb/* ) ;; + *) + # OSF1 and SCO ODT 3.0 have their own names for install. + # Don't use installbsd from OSF since it installs stuff as root + # by default. + for ac_prog in ginstall scoinst install; do + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; }; then + if test $ac_prog = install && + grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then + # AIX install. It has an incompatible calling convention. + : + elif test $ac_prog = install && + grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then + # program-specific install script used by HP pwplus--don't use. + : + else + rm -rf conftest.one conftest.two conftest.dir + echo one > conftest.one + echo two > conftest.two + mkdir conftest.dir + if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" && + test -s conftest.one && test -s conftest.two && + test -s conftest.dir/conftest.one && + test -s conftest.dir/conftest.two + then + ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" + break 3 + fi + fi + fi + done + done + ;; +esac + +done +IFS=$as_save_IFS + +rm -rf conftest.one conftest.two conftest.dir + +fi + if test "${ac_cv_path_install+set}" = set; then + INSTALL=$ac_cv_path_install + else + # As a last resort, use the slow shell script. Don't cache a + # value for INSTALL within a source directory, because that will + # break other packages using the cache if that directory is + # removed, or if the value is a relative name. + INSTALL=$ac_install_sh + fi +fi +{ $as_echo "$as_me:$LINENO: result: $INSTALL" >&5 +$as_echo "$INSTALL" >&6; } + +# Use test -z because SunOS4 sh mishandles braces in ${var-val}. +# It thinks the first close brace ends the variable substitution. +test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' + +test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' + +test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' + + + + +for ac_header in fcntl.h memory.h +do +as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then + { $as_echo "$as_me:$LINENO: checking for $ac_header" >&5 +$as_echo_n "checking for $ac_header... " >&6; } +if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then + $as_echo_n "(cached) " >&6 +fi +ac_res=`eval 'as_val=${'$as_ac_Header'} + $as_echo "$as_val"'` + { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +else + # Is the header compilable? +{ $as_echo "$as_me:$LINENO: checking $ac_header usability" >&5 +$as_echo_n "checking $ac_header usability... " >&6; } +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +#include <$ac_header> +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_header_compiler=yes +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_compiler=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +{ $as_echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 +$as_echo "$ac_header_compiler" >&6; } + +# Is the header present? +{ $as_echo "$as_me:$LINENO: checking $ac_header presence" >&5 +$as_echo_n "checking $ac_header presence... " >&6; } +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <$ac_header> +_ACEOF +if { (ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null && { + test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || + test ! -s conftest.err + }; then + ac_header_preproc=yes +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_preproc=no +fi + +rm -f conftest.err conftest.$ac_ext +{ $as_echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 +$as_echo "$ac_header_preproc" >&6; } + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in + yes:no: ) + { $as_echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 +$as_echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} + { $as_echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 +$as_echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} + ac_header_preproc=yes + ;; + no:yes:* ) + { $as_echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 +$as_echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} + { $as_echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 +$as_echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} + { $as_echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 +$as_echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} + { $as_echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 +$as_echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} + { $as_echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 +$as_echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} + { $as_echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 +$as_echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} + + ;; +esac +{ $as_echo "$as_me:$LINENO: checking for $ac_header" >&5 +$as_echo_n "checking for $ac_header... " >&6; } +if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then + $as_echo_n "(cached) " >&6 +else + eval "$as_ac_Header=\$ac_header_preproc" +fi +ac_res=`eval 'as_val=${'$as_ac_Header'} + $as_echo "$as_val"'` + { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + +fi +if test `eval 'as_val=${'$as_ac_Header'} + $as_echo "$as_val"'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + + +for ac_func in strerror +do +as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +{ $as_echo "$as_me:$LINENO: checking for $ac_func" >&5 +$as_echo_n "checking for $ac_func... " >&6; } +if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then + $as_echo_n "(cached) " >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +/* Define $ac_func to an innocuous variant, in case declares $ac_func. + For example, HP-UX 11i declares gettimeofday. */ +#define $ac_func innocuous_$ac_func + +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func (); below. + Prefer to if __STDC__ is defined, since + exists even on freestanding compilers. */ + +#ifdef __STDC__ +# include +#else +# include +#endif + +#undef $ac_func + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char $ac_func (); +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined __stub_$ac_func || defined __stub___$ac_func +choke me +#endif + +int +main () +{ +return $ac_func (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_link") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && { + test "$cross_compiling" = yes || + $as_test_x conftest$ac_exeext + }; then + eval "$as_ac_var=yes" +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + eval "$as_ac_var=no" +fi + +rm -rf conftest.dSYM +rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ + conftest$ac_exeext conftest.$ac_ext +fi +ac_res=`eval 'as_val=${'$as_ac_var'} + $as_echo "$as_val"'` + { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +if test `eval 'as_val=${'$as_ac_var'} + $as_echo "$as_val"'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +else + case " $LIBOBJS " in + *" $ac_func.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS $ac_func.$ac_objext" + ;; +esac + +fi +done + + + +{ $as_echo "$as_me:$LINENO: checking for main in -lnsl" >&5 +$as_echo_n "checking for main in -lnsl... " >&6; } +if test "${ac_cv_lib_nsl_main+set}" = set; then + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lnsl $LIBS" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + + +int +main () +{ +return main (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_link") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && { + test "$cross_compiling" = yes || + $as_test_x conftest$ac_exeext + }; then + ac_cv_lib_nsl_main=yes +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_cv_lib_nsl_main=no +fi + +rm -rf conftest.dSYM +rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:$LINENO: result: $ac_cv_lib_nsl_main" >&5 +$as_echo "$ac_cv_lib_nsl_main" >&6; } +if test $ac_cv_lib_nsl_main = yes; then + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBNSL 1 +_ACEOF + + LIBS="-lnsl $LIBS" + +fi + + +{ $as_echo "$as_me:$LINENO: checking for main in -lsocket" >&5 +$as_echo_n "checking for main in -lsocket... " >&6; } +if test "${ac_cv_lib_socket_main+set}" = set; then + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lsocket $LIBS" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + + +int +main () +{ +return main (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_link") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && { + test "$cross_compiling" = yes || + $as_test_x conftest$ac_exeext + }; then + ac_cv_lib_socket_main=yes +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_cv_lib_socket_main=no +fi + +rm -rf conftest.dSYM +rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:$LINENO: result: $ac_cv_lib_socket_main" >&5 +$as_echo "$ac_cv_lib_socket_main" >&6; } +if test $ac_cv_lib_socket_main = yes; then + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBSOCKET 1 +_ACEOF + + LIBS="-lsocket $LIBS" + +fi + + +{ $as_echo "$as_me:$LINENO: checking for int32_t using $CC" >&5 +$as_echo_n "checking for int32_t using $CC... " >&6; } + if test "${ac_cv_lbl_have_int32_t+set}" = set; then + $as_echo_n "(cached) " >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +# include "confdefs.h" +# include +# if STDC_HEADERS +# include +# include +# endif +int +main () +{ +int32_t i + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_lbl_have_int32_t=yes +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_cv_lbl_have_int32_t=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi + + { $as_echo "$as_me:$LINENO: result: $ac_cv_lbl_have_int32_t" >&5 +$as_echo "$ac_cv_lbl_have_int32_t" >&6; } + if test $ac_cv_lbl_have_int32_t = no ; then + +cat >>confdefs.h <<\_ACEOF +#define int32_t int +_ACEOF + + fi +{ $as_echo "$as_me:$LINENO: checking for u_int32_t using $CC" >&5 +$as_echo_n "checking for u_int32_t using $CC... " >&6; } + if test "${ac_cv_lbl_have_u_int32_t+set}" = set; then + $as_echo_n "(cached) " >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +# include "confdefs.h" +# include +# if STDC_HEADERS +# include +# include +# endif +int +main () +{ +u_int32_t i + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_lbl_have_u_int32_t=yes +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_cv_lbl_have_u_int32_t=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi + + { $as_echo "$as_me:$LINENO: result: $ac_cv_lbl_have_u_int32_t" >&5 +$as_echo "$ac_cv_lbl_have_u_int32_t" >&6; } + if test $ac_cv_lbl_have_u_int32_t = no ; then + +cat >>confdefs.h <<\_ACEOF +#define u_int32_t u_int +_ACEOF + + fi + + + + rm -f os-proto.h + if test -f .devel ; then + if test "$GCC" = yes ; then + if test "$SHLICC2" = yes ; then + ac_cv_lbl_gcc_vers=2 + V_CCOPT="`echo $V_CCOPT | sed -e 's/-O/-O3/'`" + else + { $as_echo "$as_me:$LINENO: checking gcc version" >&5 +$as_echo_n "checking gcc version... " >&6; } + if test "${ac_cv_lbl_gcc_vers+set}" = set; then + $as_echo_n "(cached) " >&6 +else + # Gag, the gcc folks keep changing the output... + # try to grab N.N.N + ac_cv_lbl_gcc_vers=`$CC --version 2>&1 | + sed -e '1!d' -e 's/[^0-9]*\([0-9][0-9]*\)\.[0-9\][0-9]*\.[0-9][0-9]*.*/\1/'` +fi + + { $as_echo "$as_me:$LINENO: result: $ac_cv_lbl_gcc_vers" >&5 +$as_echo "$ac_cv_lbl_gcc_vers" >&6; } + if test "$ac_cv_lbl_gcc_vers" -gt 1 ; then + V_CCOPT="`echo $V_CCOPT | sed -e 's/-O/-O3/'`" + fi + fi + if test "$ac_cv_prog_cc_g" = yes ; then + V_CCOPT="-g $V_CCOPT" + fi + V_CCOPT="$V_CCOPT -Wall" + if test "$ac_cv_lbl_gcc_vers" -gt 1 ; then + V_CCOPT="$V_CCOPT -Wmissing-prototypes -Wstrict-prototypes" + if [ "`uname -s`" = "FreeBSD" ]; then + V_CCOPT="$V_CCOPT -Werror" + fi + fi + else + case "$target_os" in + + irix6*) + V_CCOPT="$V_CCOPT -fullwarn -n32" + ;; + + *) + ;; + esac + fi + os=`echo $target_os | sed -e 's/\([0-9][0-9]*\)[^0-9].*$/\1/'` + name="lbl/os-$os.h" + if test -f $name ; then + ln -s $name os-proto.h + +cat >>confdefs.h <<\_ACEOF +#define HAVE_OS_PROTO_H /**/ +_ACEOF + + else + { $as_echo "$as_me:$LINENO: WARNING: can't find $name" >&5 +$as_echo "$as_me: WARNING: can't find $name" >&2;} + fi + fi + +if test -r lbl/gnuc.h ; then + rm -f gnuc.h + ln -s lbl/gnuc.h gnuc.h +fi + + + + + + + +ac_config_files="$ac_config_files Makefile" + +cat >confcache <<\_ACEOF +# This file is a shell script that caches the results of configure +# tests run on this system so they can be shared between configure +# scripts and configure runs, see configure's option --config-cache. +# It is not useful on other systems. If it contains results you don't +# want to keep, you may remove or edit it. +# +# config.status only pays attention to the cache file if you give it +# the --recheck option to rerun configure. +# +# `ac_cv_env_foo' variables (set or unset) will be overridden when +# loading this file, other *unset* `ac_cv_foo' will be assigned the +# following values. + +_ACEOF + +# The following way of writing the cache mishandles newlines in values, +# but we know of no workaround that is simple, portable, and efficient. +# So, we kill variables containing newlines. +# Ultrix sh set writes to stderr and can't be redirected directly, +# and sets the high bit in the cache file unless we assign to the vars. +( + for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do + eval ac_val=\$$ac_var + case $ac_val in #( + *${as_nl}*) + case $ac_var in #( + *_cv_*) { $as_echo "$as_me:$LINENO: WARNING: Cache variable $ac_var contains a newline." >&5 +$as_echo "$as_me: WARNING: Cache variable $ac_var contains a newline." >&2;} ;; + esac + case $ac_var in #( + _ | IFS | as_nl) ;; #( + BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( + *) $as_unset $ac_var ;; + esac ;; + esac + done + + (set) 2>&1 | + case $as_nl`(ac_space=' '; set) 2>&1` in #( + *${as_nl}ac_space=\ *) + # `set' does not quote correctly, so add quotes (double-quote + # substitution turns \\\\ into \\, and sed turns \\ into \). + sed -n \ + "s/'/'\\\\''/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" + ;; #( + *) + # `set' quotes correctly as required by POSIX, so do not add quotes. + sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" + ;; + esac | + sort +) | + sed ' + /^ac_cv_env_/b end + t clear + :clear + s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ + t end + s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ + :end' >>confcache +if diff "$cache_file" confcache >/dev/null 2>&1; then :; else + if test -w "$cache_file"; then + test "x$cache_file" != "x/dev/null" && + { $as_echo "$as_me:$LINENO: updating cache $cache_file" >&5 +$as_echo "$as_me: updating cache $cache_file" >&6;} + cat confcache >$cache_file + else + { $as_echo "$as_me:$LINENO: not updating unwritable cache $cache_file" >&5 +$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;} + fi +fi +rm -f confcache + +test "x$prefix" = xNONE && prefix=$ac_default_prefix +# Let make expand exec_prefix. +test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' + +# Transform confdefs.h into DEFS. +# Protect against shell expansion while executing Makefile rules. +# Protect against Makefile macro expansion. +# +# If the first sed substitution is executed (which looks for macros that +# take arguments), then branch to the quote section. Otherwise, +# look for a macro that doesn't take arguments. +ac_script=' +:mline +/\\$/{ + N + s,\\\n,, + b mline +} +t clear +:clear +s/^[ ]*#[ ]*define[ ][ ]*\([^ (][^ (]*([^)]*)\)[ ]*\(.*\)/-D\1=\2/g +t quote +s/^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)/-D\1=\2/g +t quote +b any +:quote +s/[ `~#$^&*(){}\\|;'\''"<>?]/\\&/g +s/\[/\\&/g +s/\]/\\&/g +s/\$/$$/g +H +:any +${ + g + s/^\n// + s/\n/ /g + p +} +' +DEFS=`sed -n "$ac_script" confdefs.h` + + +ac_libobjs= +ac_ltlibobjs= +for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue + # 1. Remove the extension, and $U if already installed. + ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' + ac_i=`$as_echo "$ac_i" | sed "$ac_script"` + # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR + # will be set to the directory where LIBOBJS objects are built. + ac_libobjs="$ac_libobjs \${LIBOBJDIR}$ac_i\$U.$ac_objext" + ac_ltlibobjs="$ac_ltlibobjs \${LIBOBJDIR}$ac_i"'$U.lo' +done +LIBOBJS=$ac_libobjs + +LTLIBOBJS=$ac_ltlibobjs + + + +: ${CONFIG_STATUS=./config.status} +ac_write_fail=0 +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files $CONFIG_STATUS" +{ $as_echo "$as_me:$LINENO: creating $CONFIG_STATUS" >&5 +$as_echo "$as_me: creating $CONFIG_STATUS" >&6;} +cat >$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +#! $SHELL +# Generated by $as_me. +# Run this file to recreate the current configuration. +# Compiler output produced by configure, useful for debugging +# configure, is in config.log if it exists. + +debug=false +ac_cs_recheck=false +ac_cs_silent=false +SHELL=\${CONFIG_SHELL-$SHELL} +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +## --------------------- ## +## M4sh Initialization. ## +## --------------------- ## + +# Be more Bourne compatible +DUALCASE=1; export DUALCASE # for MKS sh +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in + *posix*) set -o posix ;; +esac + +fi + + + + +# PATH needs CR +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + +as_nl=' +' +export as_nl +# Printing a long string crashes Solaris 7 /usr/bin/printf. +as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo +if (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='printf %s\n' + as_echo_n='printf %s' +else + if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then + as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' + as_echo_n='/usr/ucb/echo -n' + else + as_echo_body='eval expr "X$1" : "X\\(.*\\)"' + as_echo_n_body='eval + arg=$1; + case $arg in + *"$as_nl"*) + expr "X$arg" : "X\\(.*\\)$as_nl"; + arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; + esac; + expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" + ' + export as_echo_n_body + as_echo_n='sh -c $as_echo_n_body as_echo' + fi + export as_echo_body + as_echo='sh -c $as_echo_body as_echo' +fi + +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { + (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || + PATH_SEPARATOR=';' + } +fi + +# Support unset when possible. +if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then + as_unset=unset +else + as_unset=false +fi + + +# IFS +# We need space, tab and new line, in precisely that order. Quoting is +# there to prevent editors from complaining about space-tab. +# (If _AS_PATH_WALK were called with IFS unset, it would disable word +# splitting by setting IFS to empty value.) +IFS=" "" $as_nl" + +# Find who we are. Look in the path if we contain no directory separator. +case $0 in + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break +done +IFS=$as_save_IFS + + ;; +esac +# We did not find ourselves, most probably we were run as `sh COMMAND' +# in which case we are not to be found in the path. +if test "x$as_myself" = x; then + as_myself=$0 +fi +if test ! -f "$as_myself"; then + $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 + { (exit 1); exit 1; } +fi + +# Work around bugs in pre-3.0 UWIN ksh. +for as_var in ENV MAIL MAILPATH +do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var +done +PS1='$ ' +PS2='> ' +PS4='+ ' + +# NLS nuisances. +LC_ALL=C +export LC_ALL +LANGUAGE=C +export LANGUAGE + +# Required to use basename. +if expr a : '\(a\)' >/dev/null 2>&1 && + test "X`expr 00001 : '.*\(...\)'`" = X001; then + as_expr=expr +else + as_expr=false +fi + +if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi + + +# Name of the executable. +as_me=`$as_basename -- "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ + s//\1/ + q + } + /^X\/\(\/\/\)$/{ + s//\1/ + q + } + /^X\/\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + +# CDPATH. +$as_unset CDPATH + + + + as_lineno_1=$LINENO + as_lineno_2=$LINENO + test "x$as_lineno_1" != "x$as_lineno_2" && + test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || { + + # Create $as_me.lineno as a copy of $as_myself, but with $LINENO + # uniformly replaced by the line number. The first 'sed' inserts a + # line-number line after each line using $LINENO; the second 'sed' + # does the real work. The second script uses 'N' to pair each + # line-number line with the line containing $LINENO, and appends + # trailing '-' during substitution so that $LINENO is not a special + # case at line end. + # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the + # scripts with optimization help from Paolo Bonzini. Blame Lee + # E. McMahon (1931-1989) for sed's syntax. :-) + sed -n ' + p + /[$]LINENO/= + ' <$as_myself | + sed ' + s/[$]LINENO.*/&-/ + t lineno + b + :lineno + N + :loop + s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ + t loop + s/-\n.*// + ' >$as_me.lineno && + chmod +x "$as_me.lineno" || + { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2 + { (exit 1); exit 1; }; } + + # Don't try to exec as it changes $[0], causing all sort of problems + # (the dirname of $[0] is not the place where we might find the + # original and so on. Autoconf is especially sensitive to this). + . "./$as_me.lineno" + # Exit status is that of the last command. + exit +} + + +if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then + as_dirname=dirname +else + as_dirname=false +fi + +ECHO_C= ECHO_N= ECHO_T= +case `echo -n x` in +-n*) + case `echo 'x\c'` in + *c*) ECHO_T=' ';; # ECHO_T is single tab character. + *) ECHO_C='\c';; + esac;; +*) + ECHO_N='-n';; +esac +if expr a : '\(a\)' >/dev/null 2>&1 && + test "X`expr 00001 : '.*\(...\)'`" = X001; then + as_expr=expr +else + as_expr=false +fi + +rm -f conf$$ conf$$.exe conf$$.file +if test -d conf$$.dir; then + rm -f conf$$.dir/conf$$.file +else + rm -f conf$$.dir + mkdir conf$$.dir 2>/dev/null +fi +if (echo >conf$$.file) 2>/dev/null; then + if ln -s conf$$.file conf$$ 2>/dev/null; then + as_ln_s='ln -s' + # ... but there are two gotchas: + # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. + # In both cases, we have to default to `cp -p'. + ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || + as_ln_s='cp -p' + elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln + else + as_ln_s='cp -p' + fi +else + as_ln_s='cp -p' +fi +rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file +rmdir conf$$.dir 2>/dev/null + +if mkdir -p . 2>/dev/null; then + as_mkdir_p=: +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + +if test -x / >/dev/null 2>&1; then + as_test_x='test -x' +else + if ls -dL / >/dev/null 2>&1; then + as_ls_L_option=L + else + as_ls_L_option= + fi + as_test_x=' + eval sh -c '\'' + if test -d "$1"; then + test -d "$1/."; + else + case $1 in + -*)set "./$1";; + esac; + case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in + ???[sx]*):;;*)false;;esac;fi + '\'' sh + ' +fi +as_executable_p=$as_test_x + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + + +exec 6>&1 + +# Save the log message, to keep $[0] and so on meaningful, and to +# report actual input values of CONFIG_FILES etc. instead of their +# values after options handling. +ac_log=" +This file was extended by $as_me, which was +generated by GNU Autoconf 2.62. Invocation command line was + + CONFIG_FILES = $CONFIG_FILES + CONFIG_HEADERS = $CONFIG_HEADERS + CONFIG_LINKS = $CONFIG_LINKS + CONFIG_COMMANDS = $CONFIG_COMMANDS + $ $0 $@ + +on `(hostname || uname -n) 2>/dev/null | sed 1q` +" + +_ACEOF + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +# Files that config.status was made for. +config_files="$ac_config_files" + +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +ac_cs_usage="\ +\`$as_me' instantiates files from templates according to the +current configuration. + +Usage: $0 [OPTIONS] [FILE]... + + -h, --help print this help, then exit + -V, --version print version number and configuration settings, then exit + -q, --quiet do not print progress messages + -d, --debug don't remove temporary files + --recheck update $as_me by reconfiguring in the same conditions + --file=FILE[:TEMPLATE] + instantiate the configuration file FILE + +Configuration files: +$config_files + +Report bugs to ." + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +ac_cs_version="\\ +config.status +configured by $0, generated by GNU Autoconf 2.62, + with options \\"`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\" + +Copyright (C) 2008 Free Software Foundation, Inc. +This config.status script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it." + +ac_pwd='$ac_pwd' +srcdir='$srcdir' +INSTALL='$INSTALL' +test -n "\$AWK" || AWK=awk +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# The default lists apply if the user does not specify any file. +ac_need_defaults=: +while test $# != 0 +do + case $1 in + --*=*) + ac_option=`expr "X$1" : 'X\([^=]*\)='` + ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` + ac_shift=: + ;; + *) + ac_option=$1 + ac_optarg=$2 + ac_shift=shift + ;; + esac + + case $ac_option in + # Handling of the options. + -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) + ac_cs_recheck=: ;; + --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) + $as_echo "$ac_cs_version"; exit ;; + --debug | --debu | --deb | --de | --d | -d ) + debug=: ;; + --file | --fil | --fi | --f ) + $ac_shift + case $ac_optarg in + *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + CONFIG_FILES="$CONFIG_FILES '$ac_optarg'" + ac_need_defaults=false;; + --he | --h | --help | --hel | -h ) + $as_echo "$ac_cs_usage"; exit ;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil | --si | --s) + ac_cs_silent=: ;; + + # This is an error. + -*) { $as_echo "$as_me: error: unrecognized option: $1 +Try \`$0 --help' for more information." >&2 + { (exit 1); exit 1; }; } ;; + + *) ac_config_targets="$ac_config_targets $1" + ac_need_defaults=false ;; + + esac + shift +done + +ac_configure_extra_args= + +if $ac_cs_silent; then + exec 6>/dev/null + ac_configure_extra_args="$ac_configure_extra_args --silent" +fi + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +if \$ac_cs_recheck; then + set X '$SHELL' '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion + shift + \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6 + CONFIG_SHELL='$SHELL' + export CONFIG_SHELL + exec "\$@" +fi + +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +exec 5>>config.log +{ + echo + sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX +## Running $as_me. ## +_ASBOX + $as_echo "$ac_log" +} >&5 + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 + +# Handling of arguments. +for ac_config_target in $ac_config_targets +do + case $ac_config_target in + "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; + + *) { { $as_echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5 +$as_echo "$as_me: error: invalid argument: $ac_config_target" >&2;} + { (exit 1); exit 1; }; };; + esac +done + + +# If the user did not use the arguments to specify the items to instantiate, +# then the envvar interface is used. Set only those that are not. +# We use the long form for the default assignment because of an extremely +# bizarre bug on SunOS 4.1.3. +if $ac_need_defaults; then + test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files +fi + +# Have a temporary directory for convenience. Make it in the build tree +# simply because there is no reason against having it here, and in addition, +# creating and moving files from /tmp can sometimes cause problems. +# Hook for its removal unless debugging. +# Note that there is a small window in which the directory will not be cleaned: +# after its creation but before its name has been assigned to `$tmp'. +$debug || +{ + tmp= + trap 'exit_status=$? + { test -z "$tmp" || test ! -d "$tmp" || rm -fr "$tmp"; } && exit $exit_status +' 0 + trap '{ (exit 1); exit 1; }' 1 2 13 15 +} +# Create a (secure) tmp directory for tmp files. + +{ + tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && + test -n "$tmp" && test -d "$tmp" +} || +{ + tmp=./conf$$-$RANDOM + (umask 077 && mkdir "$tmp") +} || +{ + $as_echo "$as_me: cannot create a temporary directory in ." >&2 + { (exit 1); exit 1; } +} + +# Set up the scripts for CONFIG_FILES section. +# No need to generate them if there are no CONFIG_FILES. +# This happens for instance with `./config.status config.h'. +if test -n "$CONFIG_FILES"; then + + +ac_cr=' ' +ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' /dev/null` +if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then + ac_cs_awk_cr='\\r' +else + ac_cs_awk_cr=$ac_cr +fi + +echo 'BEGIN {' >"$tmp/subs1.awk" && +_ACEOF + + +{ + echo "cat >conf$$subs.awk <<_ACEOF" && + echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' && + echo "_ACEOF" +} >conf$$subs.sh || + { { $as_echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5 +$as_echo "$as_me: error: could not make $CONFIG_STATUS" >&2;} + { (exit 1); exit 1; }; } +ac_delim_num=`echo "$ac_subst_vars" | grep -c '$'` +ac_delim='%!_!# ' +for ac_last_try in false false false false false :; do + . ./conf$$subs.sh || + { { $as_echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5 +$as_echo "$as_me: error: could not make $CONFIG_STATUS" >&2;} + { (exit 1); exit 1; }; } + + if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X` = $ac_delim_num; then + break + elif $ac_last_try; then + { { $as_echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5 +$as_echo "$as_me: error: could not make $CONFIG_STATUS" >&2;} + { (exit 1); exit 1; }; } + else + ac_delim="$ac_delim!$ac_delim _$ac_delim!! " + fi +done +rm -f conf$$subs.sh + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +cat >>"\$tmp/subs1.awk" <<\\_ACAWK && +_ACEOF +sed -n ' +h +s/^/S["/; s/!.*/"]=/ +p +g +s/^[^!]*!// +:repl +t repl +s/'"$ac_delim"'$// +t delim +:nl +h +s/\(.\{148\}\).*/\1/ +t more1 +s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/ +p +n +b repl +:more1 +s/["\\]/\\&/g; s/^/"/; s/$/"\\/ +p +g +s/.\{148\}// +t nl +:delim +h +s/\(.\{148\}\).*/\1/ +t more2 +s/["\\]/\\&/g; s/^/"/; s/$/"/ +p +b +:more2 +s/["\\]/\\&/g; s/^/"/; s/$/"\\/ +p +g +s/.\{148\}// +t delim +' >$CONFIG_STATUS || ac_write_fail=1 +rm -f conf$$subs.awk +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +_ACAWK +cat >>"\$tmp/subs1.awk" <<_ACAWK && + for (key in S) S_is_set[key] = 1 + FS = "" + +} +{ + line = $ 0 + nfields = split(line, field, "@") + substed = 0 + len = length(field[1]) + for (i = 2; i < nfields; i++) { + key = field[i] + keylen = length(key) + if (S_is_set[key]) { + value = S[key] + line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3) + len += length(value) + length(field[++i]) + substed = 1 + } else + len += 1 + keylen + } + + print line +} + +_ACAWK +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then + sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g" +else + cat +fi < "$tmp/subs1.awk" > "$tmp/subs.awk" \ + || { { $as_echo "$as_me:$LINENO: error: could not setup config files machinery" >&5 +$as_echo "$as_me: error: could not setup config files machinery" >&2;} + { (exit 1); exit 1; }; } +_ACEOF + +# VPATH may cause trouble with some makes, so we remove $(srcdir), +# ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and +# trailing colons and then remove the whole line if VPATH becomes empty +# (actually we leave an empty line to preserve line numbers). +if test "x$srcdir" = x.; then + ac_vpsub='/^[ ]*VPATH[ ]*=/{ +s/:*\$(srcdir):*/:/ +s/:*\${srcdir}:*/:/ +s/:*@srcdir@:*/:/ +s/^\([^=]*=[ ]*\):*/\1/ +s/:*$// +s/^[^=]*=[ ]*$// +}' +fi + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +fi # test -n "$CONFIG_FILES" + + +eval set X " :F $CONFIG_FILES " +shift +for ac_tag +do + case $ac_tag in + :[FHLC]) ac_mode=$ac_tag; continue;; + esac + case $ac_mode$ac_tag in + :[FHL]*:*);; + :L* | :C*:*) { { $as_echo "$as_me:$LINENO: error: Invalid tag $ac_tag." >&5 +$as_echo "$as_me: error: Invalid tag $ac_tag." >&2;} + { (exit 1); exit 1; }; };; + :[FH]-) ac_tag=-:-;; + :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; + esac + ac_save_IFS=$IFS + IFS=: + set x $ac_tag + IFS=$ac_save_IFS + shift + ac_file=$1 + shift + + case $ac_mode in + :L) ac_source=$1;; + :[FH]) + ac_file_inputs= + for ac_f + do + case $ac_f in + -) ac_f="$tmp/stdin";; + *) # Look for the file first in the build tree, then in the source tree + # (if the path is not absolute). The absolute path cannot be DOS-style, + # because $ac_f cannot contain `:'. + test -f "$ac_f" || + case $ac_f in + [\\/$]*) false;; + *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; + esac || + { { $as_echo "$as_me:$LINENO: error: cannot find input file: $ac_f" >&5 +$as_echo "$as_me: error: cannot find input file: $ac_f" >&2;} + { (exit 1); exit 1; }; };; + esac + case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac + ac_file_inputs="$ac_file_inputs '$ac_f'" + done + + # Let's still pretend it is `configure' which instantiates (i.e., don't + # use $as_me), people would be surprised to read: + # /* config.h. Generated by config.status. */ + configure_input='Generated from '` + $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' + `' by configure.' + if test x"$ac_file" != x-; then + configure_input="$ac_file. $configure_input" + { $as_echo "$as_me:$LINENO: creating $ac_file" >&5 +$as_echo "$as_me: creating $ac_file" >&6;} + fi + # Neutralize special characters interpreted by sed in replacement strings. + case $configure_input in #( + *\&* | *\|* | *\\* ) + ac_sed_conf_input=`$as_echo "$configure_input" | + sed 's/[\\\\&|]/\\\\&/g'`;; #( + *) ac_sed_conf_input=$configure_input;; + esac + + case $ac_tag in + *:-:* | *:-) cat >"$tmp/stdin" \ + || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5 +$as_echo "$as_me: error: could not create $ac_file" >&2;} + { (exit 1); exit 1; }; } ;; + esac + ;; + esac + + ac_dir=`$as_dirname -- "$ac_file" || +$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$ac_file" : 'X\(//\)[^/]' \| \ + X"$ac_file" : 'X\(//\)$' \| \ + X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$ac_file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + { as_dir="$ac_dir" + case $as_dir in #( + -*) as_dir=./$as_dir;; + esac + test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || { + as_dirs= + while :; do + case $as_dir in #( + *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( + *) as_qdir=$as_dir;; + esac + as_dirs="'$as_qdir' $as_dirs" + as_dir=`$as_dirname -- "$as_dir" || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + test -d "$as_dir" && break + done + test -z "$as_dirs" || eval "mkdir $as_dirs" + } || test -d "$as_dir" || { { $as_echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5 +$as_echo "$as_me: error: cannot create directory $as_dir" >&2;} + { (exit 1); exit 1; }; }; } + ac_builddir=. + +case "$ac_dir" in +.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; +*) + ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` + # A ".." for each directory in $ac_dir_suffix. + ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` + case $ac_top_builddir_sub in + "") ac_top_builddir_sub=. ac_top_build_prefix= ;; + *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; + esac ;; +esac +ac_abs_top_builddir=$ac_pwd +ac_abs_builddir=$ac_pwd$ac_dir_suffix +# for backward compatibility: +ac_top_builddir=$ac_top_build_prefix + +case $srcdir in + .) # We are building in place. + ac_srcdir=. + ac_top_srcdir=$ac_top_builddir_sub + ac_abs_top_srcdir=$ac_pwd ;; + [\\/]* | ?:[\\/]* ) # Absolute name. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir + ac_abs_top_srcdir=$srcdir ;; + *) # Relative name. + ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_build_prefix$srcdir + ac_abs_top_srcdir=$ac_pwd/$srcdir ;; +esac +ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix + + + case $ac_mode in + :F) + # + # CONFIG_FILE + # + + case $INSTALL in + [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; + *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;; + esac +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# If the template does not know about datarootdir, expand it. +# FIXME: This hack should be removed a few years after 2.60. +ac_datarootdir_hack=; ac_datarootdir_seen= + +ac_sed_dataroot=' +/datarootdir/ { + p + q +} +/@datadir@/p +/@docdir@/p +/@infodir@/p +/@localedir@/p +/@mandir@/p +' +case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in +*datarootdir*) ac_datarootdir_seen=yes;; +*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) + { $as_echo "$as_me:$LINENO: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 +$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 + ac_datarootdir_hack=' + s&@datadir@&$datadir&g + s&@docdir@&$docdir&g + s&@infodir@&$infodir&g + s&@localedir@&$localedir&g + s&@mandir@&$mandir&g + s&\\\${datarootdir}&$datarootdir&g' ;; +esac +_ACEOF + +# Neutralize VPATH when `$srcdir' = `.'. +# Shell code in configure.ac might set extrasub. +# FIXME: do we really want to maintain this feature? +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +ac_sed_extra="$ac_vpsub +$extrasub +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +:t +/@[a-zA-Z_][a-zA-Z_0-9]*@/!b +s|@configure_input@|$ac_sed_conf_input|;t t +s&@top_builddir@&$ac_top_builddir_sub&;t t +s&@top_build_prefix@&$ac_top_build_prefix&;t t +s&@srcdir@&$ac_srcdir&;t t +s&@abs_srcdir@&$ac_abs_srcdir&;t t +s&@top_srcdir@&$ac_top_srcdir&;t t +s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t +s&@builddir@&$ac_builddir&;t t +s&@abs_builddir@&$ac_abs_builddir&;t t +s&@abs_top_builddir@&$ac_abs_top_builddir&;t t +s&@INSTALL@&$ac_INSTALL&;t t +$ac_datarootdir_hack +" +eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$tmp/subs.awk" >$tmp/out \ + || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5 +$as_echo "$as_me: error: could not create $ac_file" >&2;} + { (exit 1); exit 1; }; } + +test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && + { ac_out=`sed -n '/\${datarootdir}/p' "$tmp/out"`; test -n "$ac_out"; } && + { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' "$tmp/out"`; test -z "$ac_out"; } && + { $as_echo "$as_me:$LINENO: WARNING: $ac_file contains a reference to the variable \`datarootdir' +which seems to be undefined. Please make sure it is defined." >&5 +$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' +which seems to be undefined. Please make sure it is defined." >&2;} + + rm -f "$tmp/stdin" + case $ac_file in + -) cat "$tmp/out" && rm -f "$tmp/out";; + *) rm -f "$ac_file" && mv "$tmp/out" "$ac_file";; + esac \ + || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5 +$as_echo "$as_me: error: could not create $ac_file" >&2;} + { (exit 1); exit 1; }; } + ;; + + + + esac + +done # for ac_tag + + +{ (exit 0); exit 0; } +_ACEOF +chmod +x $CONFIG_STATUS +ac_clean_files=$ac_clean_files_save + +test $ac_write_fail = 0 || + { { $as_echo "$as_me:$LINENO: error: write failure creating $CONFIG_STATUS" >&5 +$as_echo "$as_me: error: write failure creating $CONFIG_STATUS" >&2;} + { (exit 1); exit 1; }; } + + +# configure is writing to config.log, and then calls config.status. +# config.status does its own redirection, appending to config.log. +# Unfortunately, on DOS this fails, as config.log is still kept open +# by configure, so config.status won't be able to write to it; its +# output is simply discarded. So we exec the FD to /dev/null, +# effectively closing config.log, so it can be properly (re)opened and +# appended to by config.status. When coming back to configure, we +# need to make the FD available again. +if test "$no_create" != yes; then + ac_cs_success=: + ac_config_status_args= + test "$silent" = yes && + ac_config_status_args="$ac_config_status_args --quiet" + exec 5>/dev/null + $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false + exec 5>>config.log + # Use ||, not &&, to avoid exiting from the if with $? = 1, which + # would make configure fail if this is the last instruction. + $ac_cs_success || { (exit 1); exit 1; } +fi +if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then + { $as_echo "$as_me:$LINENO: WARNING: Unrecognized options: $ac_unrecognized_opts" >&5 +$as_echo "$as_me: WARNING: Unrecognized options: $ac_unrecognized_opts" >&2;} +fi + + +if test -f .devel ; then + make depend +fi +exit 0 diff --git a/contrib/nslint-3.0a2/configure.in b/contrib/nslint-3.0a2/configure.in new file mode 100644 index 0000000000..aa8a6b07f5 --- /dev/null +++ b/contrib/nslint-3.0a2/configure.in @@ -0,0 +1,51 @@ +AC_REVISION([@(#) $Id: configure.in 241 2009-10-10 23:31:13Z leres $ (LBL)]) +dnl +AC_COPYRIGHT([Copyright (c) 1995, 1996, 1997, 2006, 2009 + The Regents of the University of California. All rights reserved.]) +dnl +dnl Process this file with autoconf to produce a configure script. +dnl + +AC_INIT +AC_CONFIG_SRCDIR(nslint.c) + +AC_CANONICAL_TARGET + +umask 002 + +if test -z "$PWD" ; then + PWD=`pwd` +fi + +AC_LBL_C_INIT(V_CCOPT, V_INCLS) +AC_PROG_INSTALL + +AC_CHECK_HEADERS(fcntl.h memory.h) + +AC_REPLACE_FUNCS(strerror) +AC_CHECK_LIB(nsl, main) +AC_CHECK_LIB(socket, main) + +AC_LBL_CHECK_TYPE(int32_t, int) +AC_LBL_CHECK_TYPE(u_int32_t, u_int) + +AC_LBL_DEVEL(V_CCOPT) + +if test -r lbl/gnuc.h ; then + rm -f gnuc.h + ln -s lbl/gnuc.h gnuc.h +fi + +AC_SUBST(CFLAGS) +AC_SUBST(LDFLAGS) +AC_SUBST(LIBS) +AC_SUBST(V_CCOPT) +AC_SUBST(V_INCLS) + +AC_CONFIG_FILES(Makefile) +AC_OUTPUT + +if test -f .devel ; then + make depend +fi +exit 0 diff --git a/contrib/nslint-3.0a2/install-sh b/contrib/nslint-3.0a2/install-sh new file mode 100755 index 0000000000..a5897de6ea --- /dev/null +++ b/contrib/nslint-3.0a2/install-sh @@ -0,0 +1,519 @@ +#!/bin/sh +# install - install a program, script, or datafile + +scriptversion=2006-12-25.00 + +# This originates from X11R5 (mit/util/scripts/install.sh), which was +# later released in X11R6 (xc/config/util/install.sh) with the +# following copyright and license. +# +# Copyright (C) 1994 X Consortium +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to +# deal in the Software without restriction, including without limitation the +# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or +# sell copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN +# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC- +# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +# +# Except as contained in this notice, the name of the X Consortium shall not +# be used in advertising or otherwise to promote the sale, use or other deal- +# ings in this Software without prior written authorization from the X Consor- +# tium. +# +# +# FSF changes to this file are in the public domain. +# +# Calling this script install-sh is preferred over install.sh, to prevent +# `make' implicit rules from creating a file called install from it +# when there is no Makefile. +# +# This script is compatible with the BSD install script, but was written +# from scratch. + +nl=' +' +IFS=" "" $nl" + +# set DOITPROG to echo to test this script + +# Don't use :- since 4.3BSD and earlier shells don't like it. +doit=${DOITPROG-} +if test -z "$doit"; then + doit_exec=exec +else + doit_exec=$doit +fi + +# Put in absolute file names if you don't have them in your path; +# or use environment vars. + +chgrpprog=${CHGRPPROG-chgrp} +chmodprog=${CHMODPROG-chmod} +chownprog=${CHOWNPROG-chown} +cmpprog=${CMPPROG-cmp} +cpprog=${CPPROG-cp} +mkdirprog=${MKDIRPROG-mkdir} +mvprog=${MVPROG-mv} +rmprog=${RMPROG-rm} +stripprog=${STRIPPROG-strip} + +posix_glob='?' +initialize_posix_glob=' + test "$posix_glob" != "?" || { + if (set -f) 2>/dev/null; then + posix_glob= + else + posix_glob=: + fi + } +' + +posix_mkdir= + +# Desired mode of installed file. +mode=0755 + +chgrpcmd= +chmodcmd=$chmodprog +chowncmd= +mvcmd=$mvprog +rmcmd="$rmprog -f" +stripcmd= + +src= +dst= +dir_arg= +dst_arg= + +copy_on_change=false +no_target_directory= + +usage="\ +Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE + or: $0 [OPTION]... SRCFILES... DIRECTORY + or: $0 [OPTION]... -t DIRECTORY SRCFILES... + or: $0 [OPTION]... -d DIRECTORIES... + +In the 1st form, copy SRCFILE to DSTFILE. +In the 2nd and 3rd, copy all SRCFILES to DIRECTORY. +In the 4th, create DIRECTORIES. + +Options: + --help display this help and exit. + --version display version info and exit. + + -c (ignored) + -C install only if different (preserve the last data modification time) + -d create directories instead of installing files. + -g GROUP $chgrpprog installed files to GROUP. + -m MODE $chmodprog installed files to MODE. + -o USER $chownprog installed files to USER. + -s $stripprog installed files. + -t DIRECTORY install into DIRECTORY. + -T report an error if DSTFILE is a directory. + +Environment variables override the default commands: + CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG + RMPROG STRIPPROG +" + +while test $# -ne 0; do + case $1 in + -c) ;; + + -C) copy_on_change=true;; + + -d) dir_arg=true;; + + -g) chgrpcmd="$chgrpprog $2" + shift;; + + --help) echo "$usage"; exit $?;; + + -m) mode=$2 + case $mode in + *' '* | *' '* | *' +'* | *'*'* | *'?'* | *'['*) + echo "$0: invalid mode: $mode" >&2 + exit 1;; + esac + shift;; + + -o) chowncmd="$chownprog $2" + shift;; + + -s) stripcmd=$stripprog;; + + -t) dst_arg=$2 + shift;; + + -T) no_target_directory=true;; + + --version) echo "$0 $scriptversion"; exit $?;; + + --) shift + break;; + + -*) echo "$0: invalid option: $1" >&2 + exit 1;; + + *) break;; + esac + shift +done + +if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then + # When -d is used, all remaining arguments are directories to create. + # When -t is used, the destination is already specified. + # Otherwise, the last argument is the destination. Remove it from $@. + for arg + do + if test -n "$dst_arg"; then + # $@ is not empty: it contains at least $arg. + set fnord "$@" "$dst_arg" + shift # fnord + fi + shift # arg + dst_arg=$arg + done +fi + +if test $# -eq 0; then + if test -z "$dir_arg"; then + echo "$0: no input file specified." >&2 + exit 1 + fi + # It's OK to call `install-sh -d' without argument. + # This can happen when creating conditional directories. + exit 0 +fi + +if test -z "$dir_arg"; then + trap '(exit $?); exit' 1 2 13 15 + + # Set umask so as not to create temps with too-generous modes. + # However, 'strip' requires both read and write access to temps. + case $mode in + # Optimize common cases. + *644) cp_umask=133;; + *755) cp_umask=22;; + + *[0-7]) + if test -z "$stripcmd"; then + u_plus_rw= + else + u_plus_rw='% 200' + fi + cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;; + *) + if test -z "$stripcmd"; then + u_plus_rw= + else + u_plus_rw=,u+rw + fi + cp_umask=$mode$u_plus_rw;; + esac +fi + +for src +do + # Protect names starting with `-'. + case $src in + -*) src=./$src;; + esac + + if test -n "$dir_arg"; then + dst=$src + dstdir=$dst + test -d "$dstdir" + dstdir_status=$? + else + + # Waiting for this to be detected by the "$cpprog $src $dsttmp" command + # might cause directories to be created, which would be especially bad + # if $src (and thus $dsttmp) contains '*'. + if test ! -f "$src" && test ! -d "$src"; then + echo "$0: $src does not exist." >&2 + exit 1 + fi + + if test -z "$dst_arg"; then + echo "$0: no destination specified." >&2 + exit 1 + fi + + dst=$dst_arg + # Protect names starting with `-'. + case $dst in + -*) dst=./$dst;; + esac + + # If destination is a directory, append the input filename; won't work + # if double slashes aren't ignored. + if test -d "$dst"; then + if test -n "$no_target_directory"; then + echo "$0: $dst_arg: Is a directory" >&2 + exit 1 + fi + dstdir=$dst + dst=$dstdir/`basename "$src"` + dstdir_status=0 + else + # Prefer dirname, but fall back on a substitute if dirname fails. + dstdir=` + (dirname "$dst") 2>/dev/null || + expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$dst" : 'X\(//\)[^/]' \| \ + X"$dst" : 'X\(//\)$' \| \ + X"$dst" : 'X\(/\)' \| . 2>/dev/null || + echo X"$dst" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q' + ` + + test -d "$dstdir" + dstdir_status=$? + fi + fi + + obsolete_mkdir_used=false + + if test $dstdir_status != 0; then + case $posix_mkdir in + '') + # Create intermediate dirs using mode 755 as modified by the umask. + # This is like FreeBSD 'install' as of 1997-10-28. + umask=`umask` + case $stripcmd.$umask in + # Optimize common cases. + *[2367][2367]) mkdir_umask=$umask;; + .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;; + + *[0-7]) + mkdir_umask=`expr $umask + 22 \ + - $umask % 100 % 40 + $umask % 20 \ + - $umask % 10 % 4 + $umask % 2 + `;; + *) mkdir_umask=$umask,go-w;; + esac + + # With -d, create the new directory with the user-specified mode. + # Otherwise, rely on $mkdir_umask. + if test -n "$dir_arg"; then + mkdir_mode=-m$mode + else + mkdir_mode= + fi + + posix_mkdir=false + case $umask in + *[123567][0-7][0-7]) + # POSIX mkdir -p sets u+wx bits regardless of umask, which + # is incompatible with FreeBSD 'install' when (umask & 300) != 0. + ;; + *) + tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$ + trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0 + + if (umask $mkdir_umask && + exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1 + then + if test -z "$dir_arg" || { + # Check for POSIX incompatibilities with -m. + # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or + # other-writeable bit of parent directory when it shouldn't. + # FreeBSD 6.1 mkdir -m -p sets mode of existing directory. + ls_ld_tmpdir=`ls -ld "$tmpdir"` + case $ls_ld_tmpdir in + d????-?r-*) different_mode=700;; + d????-?--*) different_mode=755;; + *) false;; + esac && + $mkdirprog -m$different_mode -p -- "$tmpdir" && { + ls_ld_tmpdir_1=`ls -ld "$tmpdir"` + test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1" + } + } + then posix_mkdir=: + fi + rmdir "$tmpdir/d" "$tmpdir" + else + # Remove any dirs left behind by ancient mkdir implementations. + rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null + fi + trap '' 0;; + esac;; + esac + + if + $posix_mkdir && ( + umask $mkdir_umask && + $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir" + ) + then : + else + + # The umask is ridiculous, or mkdir does not conform to POSIX, + # or it failed possibly due to a race condition. Create the + # directory the slow way, step by step, checking for races as we go. + + case $dstdir in + /*) prefix='/';; + -*) prefix='./';; + *) prefix='';; + esac + + eval "$initialize_posix_glob" + + oIFS=$IFS + IFS=/ + $posix_glob set -f + set fnord $dstdir + shift + $posix_glob set +f + IFS=$oIFS + + prefixes= + + for d + do + test -z "$d" && continue + + prefix=$prefix$d + if test -d "$prefix"; then + prefixes= + else + if $posix_mkdir; then + (umask=$mkdir_umask && + $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break + # Don't fail if two instances are running concurrently. + test -d "$prefix" || exit 1 + else + case $prefix in + *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;; + *) qprefix=$prefix;; + esac + prefixes="$prefixes '$qprefix'" + fi + fi + prefix=$prefix/ + done + + if test -n "$prefixes"; then + # Don't fail if two instances are running concurrently. + (umask $mkdir_umask && + eval "\$doit_exec \$mkdirprog $prefixes") || + test -d "$dstdir" || exit 1 + obsolete_mkdir_used=true + fi + fi + fi + + if test -n "$dir_arg"; then + { test -z "$chowncmd" || $doit $chowncmd "$dst"; } && + { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } && + { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false || + test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1 + else + + # Make a couple of temp file names in the proper directory. + dsttmp=$dstdir/_inst.$$_ + rmtmp=$dstdir/_rm.$$_ + + # Trap to clean up those temp files at exit. + trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0 + + # Copy the file name to the temp name. + (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") && + + # and set any options; do chmod last to preserve setuid bits. + # + # If any of these fail, we abort the whole thing. If we want to + # ignore errors from any of these, just make sure not to ignore + # errors from the above "$doit $cpprog $src $dsttmp" command. + # + { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } && + { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } && + { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } && + { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } && + + # If -C, don't bother to copy if it wouldn't change the file. + if $copy_on_change && + old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` && + new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` && + + eval "$initialize_posix_glob" && + $posix_glob set -f && + set X $old && old=:$2:$4:$5:$6 && + set X $new && new=:$2:$4:$5:$6 && + $posix_glob set +f && + + test "$old" = "$new" && + $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1 + then + rm -f "$dsttmp" + else + # Rename the file to the real destination. + $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null || + + # The rename failed, perhaps because mv can't rename something else + # to itself, or perhaps because mv is so ancient that it does not + # support -f. + { + # Now remove or move aside any old file at destination location. + # We try this two ways since rm can't unlink itself on some + # systems and the destination file might be busy for other + # reasons. In this case, the final cleanup might fail but the new + # file should still install successfully. + { + test ! -f "$dst" || + $doit $rmcmd -f "$dst" 2>/dev/null || + { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null && + { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; } + } || + { echo "$0: cannot unlink or rename $dst" >&2 + (exit 1); exit 1 + } + } && + + # Now rename the file to the real destination. + $doit $mvcmd "$dsttmp" "$dst" + } + fi || exit 1 + + trap '' 0 + fi +done + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-end: "$" +# End: diff --git a/contrib/nslint-2.1a3/lbl/gnuc.h b/contrib/nslint-3.0a2/lbl/gnuc.h similarity index 72% rename from contrib/nslint-2.1a3/lbl/gnuc.h rename to contrib/nslint-3.0a2/lbl/gnuc.h index aa56c3d4fc..3c6b8f8d9e 100644 --- a/contrib/nslint-2.1a3/lbl/gnuc.h +++ b/contrib/nslint-3.0a2/lbl/gnuc.h @@ -1,4 +1,4 @@ -/* @(#) $Header: /u0/home/explorer/proj/ISC/git-conversion/cvsroot/bind9/contrib/nslint-2.1a3/lbl/gnuc.h,v 1.1 2001/12/21 04:12:05 marka Exp $ (LBL) */ +/* @(#) $Id: gnuc.h,v 1.4 2006/04/30 03:58:45 leres Exp $ (LBL) */ /* Define __P() macro, if necessary */ #ifndef __P @@ -21,12 +21,18 @@ * * For example: * - * __dead void foo(void) __attribute__((volatile)); + * __dead void foo(void) __attribute__((noreturn)); * */ #ifdef __GNUC__ #ifndef __dead +#if __GNUC__ >= 4 +#define __dead +#define noreturn __noreturn__ +#else #define __dead volatile +#define noreturn volatile +#endif #endif #if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 5) #ifndef __attribute__ diff --git a/contrib/nslint-2.1a3/mkdep b/contrib/nslint-3.0a2/mkdep old mode 100644 new mode 100755 similarity index 100% rename from contrib/nslint-2.1a3/mkdep rename to contrib/nslint-3.0a2/mkdep diff --git a/contrib/nslint-2.1a3/nslint.8 b/contrib/nslint-3.0a2/nslint.8 similarity index 84% rename from contrib/nslint-2.1a3/nslint.8 rename to contrib/nslint-3.0a2/nslint.8 index 98c1ebeab0..92515ea449 100644 --- a/contrib/nslint-2.1a3/nslint.8 +++ b/contrib/nslint-3.0a2/nslint.8 @@ -1,6 +1,6 @@ -.\" @(#) $Id: nslint.8,v 1.1 2001/12/21 04:12:03 marka Exp $ (LBL) +.\" @(#) $Id: nslint.8 238 2009-03-14 05:43:37Z leres $ (LBL) .\" -.\" Copyright (c) 1994, 1996, 1997, 1999, 2001 +.\" Copyright (c) 1994, 1996, 1997, 1999, 2001, 2002, 2009 .\" The Regents of the University of California. All rights reserved. .\" All rights reserved. .\" @@ -20,7 +20,7 @@ .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. .\" -.TH nslint 8 "20 March 2001" +.TH nslint 8 "2 May 2002" .UC 4 .SH NAME nslint - perform consistency checks on dns files @@ -29,23 +29,23 @@ nslint - perform consistency checks on dns files [ .B -d ] [ -.B -b -.I named.boot -] [ -.B -B -.I nslint.boot -] -.br -.B nslint -[ -.B -d -] [ .B -c .I named.conf ] [ .B -C .I nslint.conf ] +.br +.B nslint +[ +.B -d +] [ +.B -b +.I named.boot +] [ +.B -B +.I nslint.boot +] .SH DESCRIPTION .B Nslint reads the nameserver configuration files and performs a number of @@ -56,7 +56,7 @@ and .B nslint exits with a non-zero status. .LP -Here is a short list of errors +Here is a partial list of errors .B nslint detects: .IP @@ -93,7 +93,7 @@ Unknown service and/or protocol keywords in .B WKS records. .IP -Missing quotes. +Missing semicolons and quotes. .LP .SH OPTIONS .TP @@ -150,25 +150,31 @@ displayed on .IR stdout . .LP .B Nslint -knows how to read old style -.I named.boot -and BIND 8's new +knows how to read +BIND 8 and 9's .I named.conf -files. If both files exist, +configuration file and also +older BIND's +.I named.boot +file. If both files exist, .B nslint will prefer .I named.conf (on the theory that you forgot to delete .I named.boot -when you upgraded to BIND 8). +when you upgraded BIND). .LP .SH "ADVANCED CONFIGURATION" There are some cases where it is necessary to use the advanced configuration features of .BR nslint . Advanced configuration is done with the +.I nslint.conf +file. (You can also use .I nslint.boot -file. +which has a syntax similar to +.I named.boot +but is not described here.) .LP The most common is when a site has a demilitarized zone (DMZ). The problem here is that the DMZ network will have @@ -198,14 +204,19 @@ but we will get errors because there is no record defined for .IR gateway.es.net . The solution is to create a -.I nslint.boot +.I nslint.conf file (in the same directory as the other dns files) with: .LP .RS .nf .sp .5 -primary es.net nslint.es.net +zone "es.net" { +.RS +type master; +file "nslint.es.net"; +.RE +}; .sp .5 .fi .RE @@ -242,7 +253,12 @@ In this case we would need: .RS .nf .sp .5 -primary es.net nslint.es.net +zone "es.net" { +.RS +type master; +file "nslint.es.net"; +.RE +}; .sp .5 .fi .RE @@ -292,14 +308,25 @@ To suppress these warnings, add you would the lines: .RS .nf .sp .5 -primary lbl.gov nslint.lbl.gov -primary 0.128.in-addr.arpa nslint.128.0.rev +zone "lbl.gov" { +.RS +type master; +file "nslint.lbl.gov"; +.RE +}; +.LP +zone "0.128.in-addr.arpa" { +.RS +type master; +file "nslint.128.0.rev"; +.RE +}; .sp .5 .fi .RE .LP to -.I nslint.boot +.I nslint.conf and create .I nslint.lbl.gov with: @@ -340,7 +367,7 @@ to be shared by and .IR jerry.lbl.gov . .LP -One last +Another .B nslint feature helps detect hosts that have mistakenly had two ip addresses assigned on the same subnet. This can happen when two different @@ -361,6 +388,19 @@ containing something similar to: nslint { .RS network "128.0.6/22"; +.RE +}; +.sp .5 +.fi +.RE +.LP +or: +.LP +.RS +.nf +.sp .5 +nslint { +.RS network "128.0.6 255.255.252.0"; .RE }; @@ -368,26 +408,11 @@ network "128.0.6 255.255.252.0"; .fi .RE .LP -The two network lines in this example are equivalent ways of saying the same -thing; that subnet +These two examples are are equivalent ways of saying the same thing; +that subnet .I 128.0.6 has a 22 bit wide subnet mask. .LP -If you are using -.IR nslint.boot , -the syntax would be: -.LP -.RS -.nf -.sp .5 -network 128.0.6/22 -network 128.0.6 255.255.252.0 -.sp .5 -.fi -.RE -.LP -Again this shows two ways of saying the same thing. -.LP Using information from the above .B network statement, @@ -409,21 +434,42 @@ Note that if you specify any .B network lines in your .I nslint.conf -or -.I nslint.boot -files, +file, .B nslint requires you to include lines for all networks; otherwise you might forget to add .B network lines for new networks. .LP +Sometimes you have a zone that +.B nslint +just can't deal with. A good example is +a dynamic dns zone. To handle this, you can +add the following to +.IB nslint.com : +.LP +.RS +.nf +.sp .5 +nslint { +.RS +ignorezone "dhcp.lbl.gov"; +.RE +}; +.sp .5 +.fi +.RE +.LP +This will suppress "name referenced without other records" warnings. +.LP .SH FILES .na .nh .nf -/etc/named.boot - default named configuration file -nslint.boot - default nslint configuration file +/etc/named.conf - default named configuration file +/etc/named.boot - old style named configuration file +nslint.conf - default nslint configuration file +nslint.boot - old style nslint configuration file .ad .hy .fi diff --git a/contrib/nslint-2.1a3/nslint.c b/contrib/nslint-3.0a2/nslint.c similarity index 60% rename from contrib/nslint-2.1a3/nslint.c rename to contrib/nslint-3.0a2/nslint.c index 4d9eeb8e1e..9708c58a38 100644 --- a/contrib/nslint-2.1a3/nslint.c +++ b/contrib/nslint-3.0a2/nslint.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 + * Copyright (c) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2005, 2006, 2007, 2008, 2009 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -20,10 +20,10 @@ */ #ifndef lint static const char copyright[] = - "@(#) Copyright (c) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001\n\ + "@(#) Copyright (c) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2005, 2006, 2007, 2008, 2009\n\ The Regents of the University of California. All rights reserved.\n"; static const char rcsid[] = - "@(#) $Id: nslint.c,v 1.2 2011/11/30 00:48:51 marka Exp $ (LBL)"; + "@(#) $Id: nslint.c 247 2009-10-14 17:54:05Z leres $ (LBL)"; #endif /* * nslint - perform consistency checks on dns files @@ -31,6 +31,7 @@ static const char rcsid[] = #include #include +#include #include @@ -41,9 +42,6 @@ static const char rcsid[] = #ifdef HAVE_FCNTL_H #include #endif -#ifdef HAVE_MALLOC_H -#include -#endif #ifdef HAVE_MEMORY_H #include #endif @@ -55,6 +53,7 @@ static const char rcsid[] = #include #include "savestr.h" +#include "version.h" #include "gnuc.h" #ifdef HAVE_OS_PROTO_H @@ -64,32 +63,91 @@ static const char rcsid[] = #define NSLINTBOOT "nslint.boot" /* default nslint.boot file */ #define NSLINTCONF "nslint.conf" /* default nslint.conf file */ -/* item struct */ +/* Is the string just a dot by itself? */ +#define CHECKDOT(p) (p[0] == '.' && p[1] == '\0') + +/* Address (network order) */ +struct addr { + u_int family; + union { + struct in_addr _a_addr4; + struct in6_addr _a_addr6; + } addr; +}; +#define a_addr4 addr._a_addr4.s_addr +#define a_addr6 addr._a_addr6.s6_addr + +/* Network */ +struct network { + u_int family; + union { + struct in_addr _n_addr4; + struct in6_addr _n_addr6; + } addr; + union { + struct in_addr _n_mask4; + struct in6_addr _n_mask6; + } mask; +}; +#define n_addr4 addr._n_addr4.s_addr +#define n_mask4 mask._n_mask4.s_addr +#define n_addr6 addr._n_addr6.s6_addr +#define n_mask6 mask._n_mask6.s6_addr + +/* Item struct */ struct item { char *host; /* pointer to hostname */ - u_int32_t addr; /* ip address */ + struct addr addr; /* ip address */ u_int ttl; /* ttl of A records */ int records; /* resource records seen */ int flags; /* flags word */ }; +/* Ignored zone struct */ +struct ignoredzone { + char *zone; /* zone name */ + int len; /* length of zone */ +}; + /* Resource records seen */ #define REC_A 0x0001 -#define REC_PTR 0x0002 -#define REC_WKS 0x0004 -#define REC_HINFO 0x0008 -#define REC_MX 0x0010 -#define REC_CNAME 0x0020 -#define REC_NS 0x0040 -#define REC_SOA 0x0080 -#define REC_RP 0x0100 -#define REC_TXT 0x0200 -#define REC_SRV 0x0400 +#define REC_AAAA 0x0002 +#define REC_PTR 0x0004 +#define REC_WKS 0x0008 +#define REC_HINFO 0x0010 +#define REC_MX 0x0020 +#define REC_CNAME 0x0040 +#define REC_NS 0x0080 +#define REC_SOA 0x0100 +#define REC_RP 0x0200 +#define REC_TXT 0x0400 +#define REC_SRV 0x0800 /* These aren't real records */ -#define REC_OTHER 0x0800 -#define REC_REF 0x1000 -#define REC_UNKNOWN 0x2000 +#define REC_OTHER 0x1000 +#define REC_REF 0x2000 +#define REC_UNKNOWN 0x4000 + +/* resource record types for parsing */ +enum rrtype { + RR_UNDEF = 0, + RR_A, + RR_AAAA, + RR_ALLOWDUPA, + RR_CNAME, + RR_DNSKEY, + RR_HINFO, + RR_MX, + RR_NS, + RR_PTR, + RR_RP, + RR_SOA, + RR_SRV, + RR_TXT, + RR_WKS, + RR_RRSIG, + RR_NSEC, +}; /* Test for records we want to map to REC_OTHER */ #define MASK_TEST_REC (REC_WKS | REC_HINFO | \ @@ -97,11 +155,11 @@ struct item { /* Mask away records we don't care about in the final processing to REC_OTHER */ #define MASK_CHECK_REC \ - (REC_A | REC_PTR | REC_CNAME | REC_REF | REC_OTHER) + (REC_A | REC_AAAA | REC_PTR | REC_CNAME | REC_REF | REC_OTHER) /* Test for records we want to check for duplicate name detection */ #define MASK_TEST_DUP \ - (REC_A | REC_HINFO) + (REC_A | REC_AAAA | REC_HINFO | REC_CNAME) /* Flags */ #define FLG_SELFMX 0x001 /* mx record refers to self */ @@ -109,14 +167,15 @@ struct item { #define FLG_SMTPWKS 0x004 /* saw wks with smtp/tcp */ #define FLG_ALLOWDUPA 0x008 /* allow duplicate a records */ +/* doconf() and doboot() flags */ +#define CONF_MUSTEXIST 0x001 /* fatal for files to not exist */ +#define CONF_NOZONE 0x002 /* do not parse zone files */ + /* Test for smtp problems */ #define MASK_TEST_SMTP \ (FLG_SELFMX | FLG_SMTPWKS) - #define ITEMSIZE (1 << 17) /* power of two */ -#define ITEMHASH(str, h, p) \ - for (p = str, h = 0; *p != '.' && *p != '\0';) h = (h << 5) - h + *p++ struct item items[ITEMSIZE]; int itemcnt; /* count of items */ @@ -128,19 +187,34 @@ int strsize; /* size of space left in pool */ int debug; int errors; +#ifdef __FreeBSD__ +char *bootfile = "/etc/namedb/named.boot"; +char *conffile = "/etc/namedb/named.conf"; +#else char *bootfile = "/etc/named.boot"; char *conffile = "/etc/named.conf"; +#endif char *nslintboot; char *nslintconf; char *prog; char *cwd = "."; +static struct network *netlist; +static u_int netlistsize; /* size of array */ +static u_int netlistcnt; /* next free element */ + char **protoserv; /* valid protocol/service names */ int protoserv_init; int protoserv_last; int protoserv_len; static char inaddr[] = ".in-addr.arpa."; +static char inaddr6[] = ".ip6.arpa."; + +/* XXX should be dynamic */ +static struct ignoredzone ignoredzones[10]; +static int numignoredzones = 0; +#define SIZEIGNOREDZONES (sizeof(ignoredzones) / sizeof(ignoredzones[0])) /* SOA record */ #define SOA_SERIAL 0 @@ -154,57 +228,49 @@ static int nsoaval; #define NSOAVAL (sizeof(soaval) / sizeof(soaval[0])) /* Forwards */ -static inline void add_domain(char *, const char *); -int checkdots(const char *); -void checkdups(struct item *, int); -int checkserv(const char *, char **p); -int checkwks(FILE *, char *, int *, char **); -int cmpaddr(const void *, const void *); -int cmphost(const void *, const void *); -int doboot(const char *, int); -int doconf(const char *, int); -void initprotoserv(void); -char *intoa(u_int32_t); -int main(int, char **); -int nslint(void); -int parseinaddr(const char *, u_int32_t *, u_int32_t *); -int parsenetwork(const char *, char **); -u_int32_t parseptr(const char *, u_int32_t, u_int32_t, char **); -char *parsequoted(char *); -int parsesoa(const char *, char **); -void process(const char *, const char *, const char *); -int rfc1034host(const char *, int); -int updateitem(const char *, u_int32_t, int, u_int, int); -__dead void usage(void) __attribute__((volatile)); +void add_domain(char *, const char *); +const char *addr2str(struct addr *); +int checkaddr(const char *); +int checkdots(const char *); +void checkdups(struct item *, int); +int checkignoredzone(const char *); +int checkserv(const char *, char **p); +int checkwks(FILE *, char *, int *, char **); +int cmpaddr(const void *, const void *); +int cmpitemaddr(const void *, const void *); +int cmpitemhost(const void *, const void *); +int cmpnetwork(const void *, const void *); +void doboot(const char *, int); +void doconf(const char *, int); +const char *extractaddr(const char *, struct addr *); +const char *extractnetwork(const char *, struct network *); +struct network *findnetwork(struct addr *); +void initprotoserv(void); +int main(int, char **); +int maskwidth(struct network *); +const char *network2str(struct network *); +void nslint(void); +const char *parsenetwork(const char *); +const char *parseptr(const char *, struct addr *); +char *parsequoted(char *); +int parserrsig(const char *, char **); +int parsesoa(const char *, char **); +void process(const char *, const char *, const char *); +int rfc1034host(const char *, int); +enum rrtype txt2rrtype(const char *); +int samesubnet(struct addr *, struct addr *, struct network *); +void setmaskwidth(u_int w, struct network *); +int updateitem(const char *, struct addr *, int, u_int, int); +void usage(void) __attribute__((noreturn)); extern char *optarg; extern int optind, opterr; -/* add domain if necessary */ -static inline void -add_domain(register char *name, register const char *domain) -{ - register char *cp; - - /* Kill trailing white space and convert to lowercase */ - for (cp = name; *cp != '\0' && !isspace(*cp); ++cp) - if (isupper(*cp)) - *cp = tolower(*cp); - *cp-- = '\0'; - /* If necessary, append domain */ - if (cp >= name && *cp++ != '.') { - if (*domain != '.') - *cp++ = '.'; - (void)strcpy(cp, domain); - } - /* XXX should we insure a trailing dot? */ -} - int main(int argc, char **argv) { - register char *cp; - register int op, status, i, donamedboot, donamedconf; + char *cp; + int op, donamedboot, donamedconf; if ((cp = strrchr(argv[0], '/')) != NULL) prog = cp + 1; @@ -246,180 +312,409 @@ main(int argc, char **argv) if (optind != argc || (donamedboot && donamedconf)) usage(); - if (donamedboot) - status = doboot(bootfile, 1); - else if (donamedconf) - status = doconf(conffile, 1); - else { - status = doconf(conffile, 0); - if (status < 0) { - status = doboot(bootfile, 1); - ++donamedboot; - } else + /* Find config file if not manually specified */ + if (!donamedboot && !donamedconf) { + if (access(conffile, R_OK) >= 0) ++donamedconf; - } + if (access(bootfile, R_OK) >= 0) + ++donamedboot; - if (donamedboot) { - if (nslintboot != NULL) - status |= doboot(nslintboot, 1); - else if ((i = doboot(NSLINTBOOT, 0)) > 0) - status |= i; - } else { - if (nslintconf != NULL) - status |= doconf(nslintconf, 1); - else if ((i = doconf(NSLINTCONF, 0)) > 0) - status |= i; - } - status |= nslint(); - exit (status); -} - -struct netlist { - u_int32_t net; - u_int32_t mask; -}; - -static struct netlist *netlist; -static u_int netlistsize; /* size of array */ -static u_int netlistcnt; /* next free element */ - -static u_int32_t -findmask(u_int32_t addr) -{ - register int i; - - for (i = 0; i < netlistcnt; ++i) - if ((addr & netlist[i].mask) == netlist[i].net) - return (netlist[i].mask); - return (0); -} - -int -parsenetwork(register const char *cp, register char **errstrp) -{ - register int i, w; - register u_int32_t net, mask; - register u_int32_t o; - register int shift; - static char errstr[132]; - - while (isspace(*cp)) - ++cp; - net = 0; - mask = 0; - shift = 24; - while (isdigit(*cp) && shift >= 0) { - o = 0; - do { - o = o * 10 + (*cp++ - '0'); - } while (isdigit(*cp)); - net |= o << shift; - shift -= 8; - if (*cp != '.') - break; - ++cp; - } - - - if (isspace(*cp)) { - ++cp; - while (isspace(*cp)) - ++cp; - mask = htonl(inet_addr(cp)); - if ((int)mask == -1) { - *errstrp = errstr; - (void)sprintf(errstr, "bad mask \"%s\"", cp); - return (0); - } - i = 0; - while (isdigit(*cp)) - ++cp; - for (i = 0; i < 3 && *cp == '.'; ++i) { - ++cp; - while (isdigit(*cp)) - ++cp; - } - if (i != 3) { - *errstrp = "wrong number of dots in mask"; - return (0); - } - } else if (*cp == '/') { - ++cp; - w = atoi(cp); - do { - ++cp; - } while (isdigit(*cp)); - if (w < 1 || w > 32) { - *errstrp = "bad mask width"; - return (0); - } - mask = 0xffffffff << (32 - w); - } else { - *errstrp = "garbage after net"; - return (0); - } - - while (isspace(*cp)) - ++cp; - - if (*cp != '\0') { - *errstrp = "trailing garbage"; - return (0); - } - - /* Finaly sanity checks */ - if ((net & ~ mask) != 0) { - *errstrp = errstr; - (void)sprintf(errstr, "host bits set in net \"%s\"", - intoa(net)); - return (0); - } - - /* Make sure there's room */ - if (netlistsize <= netlistcnt) { - if (netlistsize == 0) { - netlistsize = 32; - netlist = (struct netlist *) - malloc(netlistsize * sizeof(*netlist)); - } else { - netlistsize <<= 1; - netlist = (struct netlist *) - realloc(netlist, netlistsize * sizeof(*netlist)); - } - if (netlist == NULL) { - fprintf(stderr, "%s: nslint: malloc/realloc: %s\n", - prog, strerror(errno)); + if (donamedboot && donamedconf) { + fprintf(stderr, + "%s: nslint: both %s and %s exist; use -b or -c\n", + prog, conffile, bootfile); exit(1); } } - /* Add to list */ - netlist[netlistcnt].net = net; - netlist[netlistcnt].mask = mask; - ++netlistcnt; + if (donamedboot) { + doboot(bootfile, CONF_MUSTEXIST | CONF_NOZONE); + if (nslintboot != NULL) + doboot(nslintboot, CONF_MUSTEXIST); + else + doboot(NSLINTBOOT, 0); + doboot(bootfile, CONF_MUSTEXIST); + } else { + doconf(conffile, CONF_MUSTEXIST | CONF_NOZONE); + if (nslintconf != NULL) + doconf(nslintconf, CONF_MUSTEXIST); + else + doconf(NSLINTCONF, 0); + doconf(conffile, CONF_MUSTEXIST); + } - return (1); + /* Sort network list */ + if (netlistcnt > 0) + qsort(netlist, netlistcnt, sizeof(netlist[0]), cmpnetwork); + + nslint(); + exit (errors != 0); +} + +/* add domain if necessary */ +void +add_domain(char *name, const char *domain) +{ + char *cp; + + /* Kill trailing white space and convert to lowercase */ + for (cp = name; *cp != '\0' && !isspace(*cp); ++cp) + if (isupper(*cp)) + *cp = tolower(*cp); + *cp-- = '\0'; + /* If necessary, append domain */ + if (cp >= name && *cp++ != '.') { + if (*domain != '.') + *cp++ = '.'; + (void)strcpy(cp, domain); + } + /* XXX should we insure a trailing dot? */ +} + +const char * +addr2str(struct addr *ap) +{ + struct network net; + + memset(&net, 0, sizeof(net)); + net.family = ap->family; + switch (ap->family) { + + case AF_INET: + net.n_addr4 = ap->a_addr4; + setmaskwidth(32, &net); + break; + + case AF_INET6: + memmove(net.n_addr6, &ap->a_addr6, sizeof(ap->a_addr6)); + setmaskwidth(128, &net); + break; + + default: + return (""); + } + return (network2str(&net)); +} + +/* + * Returns true if name is really an ip address. + */ +int +checkaddr(const char *name) +{ + struct in_addr addr; + + return (inet_pton(AF_INET, name, (char *)&addr)); +} + +/* + * Returns true if name contains a dot but not a trailing dot. + * Special case: allow a single dot if the second part is not one + * of the 3 or 4 letter top level domains or is any 2 letter TLD + */ +int +checkdots(const char *name) +{ + const char *cp, *cp2; + + if ((cp = strchr(name, '.')) == NULL) + return (0); + cp2 = name + strlen(name) - 1; + if (cp2 >= name && *cp2 == '.') + return (0); + + /* Return true of more than one dot*/ + ++cp; + if (strchr(cp, '.') != NULL) + return (1); + + if (strlen(cp) == 2 || + strcasecmp(cp, "gov") == 0 || + strcasecmp(cp, "edu") == 0 || + strcasecmp(cp, "com") == 0 || + strcasecmp(cp, "net") == 0 || + strcasecmp(cp, "org") == 0 || + strcasecmp(cp, "mil") == 0 || + strcasecmp(cp, "int") == 0 || + strcasecmp(cp, "nato") == 0 || + strcasecmp(cp, "arpa") == 0) + return (1); + return (0); +} + +/* Records we use to detect duplicates */ +static struct duprec { + int record; + char *name; +} duprec[] = { + { REC_A, "a" }, + { REC_AAAA, "aaaa" }, + { REC_HINFO, "hinfo" }, + { REC_CNAME, "cname" }, + { 0, NULL }, +}; + +void +checkdups(struct item *ip, int records) +{ + struct duprec *dp; + + records &= (ip->records & MASK_TEST_DUP); + if (records == 0) + return; + for (dp = duprec; dp->name != NULL; ++dp) + if ((records & dp->record) != 0) { + ++errors; + fprintf(stderr, "%s: multiple \"%s\" records for %s\n", + prog, dp->name, ip->host); + records &= ~dp->record; + } + if (records != 0) + fprintf(stderr, "%s: checkdups: records not zero %s (0x%x)\n", + prog, ip->host, records); +} + +/* Check for an "ignored zone" (usually dynamic dns) */ +int +checkignoredzone(const char *name) +{ + int i, len, len2; + + len = strlen(name); + if (len > 1 && name[len - 1] == '.') + --len; + for (i = 0; i < numignoredzones; ++i) { + len2 = len - ignoredzones[i].len; + if (len2 >= 0 && + strncasecmp(name + len2, + ignoredzones[i].zone, len - len2) == 0) + return (1); + } + return (0); } int -doboot(register const char *file, register int mustexist) +checkserv(const char *serv, char **p) { - register int n; - register char *cp, *cp2; - register FILE *f; - char *errstr; + for (; *p != NULL; ++p) + if (*serv == **p && strcmp(serv, *p) == 0) + return (1); + return (0); +} + +int +checkwks(FILE *f, char *proto, int *smtpp, char **errstrp) +{ + int n, sawparen; + char *cp, *serv, **p; + static char errstr[132]; + char buf[1024]; + char psbuf[512]; + + if (!protoserv_init) { + initprotoserv(); + ++protoserv_init; + } + + /* Line count */ + n = 0; + + /* Terminate protocol */ + cp = proto; + while (!isspace(*cp) && *cp != '\0') + ++cp; + if (*cp != '\0') + *cp++ = '\0'; + + /* Find services */ + *smtpp = 0; + sawparen = 0; + if (*cp == '(') { + ++sawparen; + ++cp; + while (isspace(*cp)) + ++cp; + } + for (;;) { + if (*cp == '\0') { + if (!sawparen) + break; + if (fgets(buf, sizeof(buf), f) == NULL) { + *errstrp = "mismatched parens"; + return (n); + } + ++n; + cp = buf; + while (isspace(*cp)) + ++cp; + } + /* Find end of service, converting to lowercase */ + for (serv = cp; !isspace(*cp) && *cp != '\0'; ++cp) + if (isupper(*cp)) + *cp = tolower(*cp); + if (*cp != '\0') + *cp++ = '\0'; + if (sawparen && *cp == ')') { + /* XXX should check for trailing junk */ + break; + } + + (void)sprintf(psbuf, "%s/%s", serv, proto); + + if (*serv == 's' && strcmp(psbuf, "tcp/smtp") == 0) + ++*smtpp; + + for (p = protoserv; *p != NULL; ++p) + if (*psbuf == **p && strcmp(psbuf, *p) == 0) { + break; + } + if (*p == NULL) { + sprintf(errstr, "%s unknown", psbuf); + *errstrp = errstr; + break; + } + } + + return (n); +} + +int +cmpaddr(const void *arg1, const void *arg2) +{ + int i, r1; + const struct network *n1, *n2; + + n1 = (const struct network *)arg1; + n2 = (const struct network *)arg2; + + /* IPv4 before IPv6 */ + if (n1->family != n2->family) + return ((n1->family == AF_INET) ? -1 : 1); + + switch (n1->family) { + + case AF_INET: + /* Address */ + if (ntohl(n1->n_addr4) < ntohl(n2->n_addr4)) + return (-1); + else if (ntohl(n1->n_addr4) > ntohl(n2->n_addr4)) + return (1); + return (0); + + case AF_INET6: + /* Address */ + r1 = 0; + for (i = 0; i < 16; ++i) { + if (ntohl(n1->n_addr6[i]) < ntohl(n2->n_addr6[i])) + return (-1); + if (ntohl(n1->n_addr6[i]) > ntohl(n2->n_addr6[i])) + return (1); + } + return (0); + + default: + abort(); + } +} + +int +cmpitemaddr(const void *arg1, const void *arg2) +{ + struct item *i1, *i2; + + i1 = (struct item *)arg1; + i2 = (struct item *)arg2; + + return (cmpaddr(&i1->addr, &i2->addr)); +} + +int +cmpitemhost(const void *arg1, const void *arg2) +{ + struct item *i1, *i2; + + i1 = (struct item *)arg1; + i2 = (struct item *)arg2; + + return (strcasecmp(i1->host, i1->host)); +} + +/* Sort by network number (use mask when networks are the same) */ +int +cmpnetwork(const void *arg1, const void *arg2) +{ + int i, r1, r2; + const struct network *n1, *n2; + + n1 = (const struct network *)arg1; + n2 = (const struct network *)arg2; + + /* IPv4 before IPv6 */ + if (n1->family != n2->family) + return ((n1->family == AF_INET) ? -1 : 1); + + switch (n1->family) { + + case AF_INET: + /* Address */ + if (ntohl(n1->n_addr4) < ntohl(n2->n_addr4)) + return (-1); + else if (ntohl(n1->n_addr4) > ntohl(n2->n_addr4)) + return (1); + + /* Mask */ + if (ntohl(n1->n_mask4) < ntohl(n2->n_mask4)) + return (1); + else if (ntohl(n1->n_mask4) > ntohl(n2->n_mask4)) + return (-1); + return (0); + + case AF_INET6: + /* Address */ + r1 = 0; + for (i = 0; i < 16; ++i) { + if (ntohl(n1->n_addr6[i]) < ntohl(n2->n_addr6[i])) + return (-1); + if (ntohl(n1->n_addr6[i]) > ntohl(n2->n_addr6[i])) + return (1); + } + + /* Mask */ + r2 = 0; + for (i = 0; i < 16; ++i) { + if (n1->n_mask6[i] < n2->n_mask6[i]) + return (1); + if (n1->n_mask6[i] > n2->n_mask6[i]) + return (-1); + } + return (0); + break; + + default: + abort(); + } + abort(); +} + +void +doboot(const char *file, int flags) +{ + int n; + char *cp, *cp2; + FILE *f; + const char *errstr; char buf[1024], name[128]; errno = 0; f = fopen(file, "r"); if (f == NULL) { /* Not an error if it doesn't exist */ - if (!mustexist && errno == ENOENT) { + if ((flags & CONF_MUSTEXIST) == 0 && errno == ENOENT) { if (debug > 1) printf( "%s: doit: %s doesn't exist (ignoring)\n", prog, file); - return (-1); + return; } fprintf(stderr, "%s: %s: %s\n", prog, file, strerror(errno)); exit(1); @@ -499,11 +794,13 @@ doboot(register const char *file, register int mustexist) /* Process it! (zone is the same as the domain) */ nsoaval = -1; memset(soaval, 0, sizeof(soaval)); - process(cp2, name, name); + if ((flags & CONF_NOZONE) == 0) + process(cp2, name, name); continue; } if (strcasecmp(cp2, "network") == 0) { - if (!parsenetwork(cp, &errstr)) { + errstr = parsenetwork(cp); + if (errstr != NULL) { ++errors; fprintf(stderr, "%s: %s:%d: bad network: %s\n", @@ -517,24 +814,22 @@ doboot(register const char *file, register int mustexist) while (!isspace(*cp) && *cp != '\0') ++cp; *cp = '\0'; - errors += doboot(cp2, 1); + doboot(cp2, 1); continue; } /* Eat any other options */ } (void)fclose(f); - - return (errors != 0); } -int -doconf(register const char *file, register int mustexist) +void +doconf(const char *file, int flags) { - register int n, fd, cc, i, depth; - register char *cp, *cp2, *buf; - register char *name, *zonename, *filename, *typename; - register int namelen, zonenamelen, filenamelen, typenamelen; - char *errstr; + int n, fd, cc, i, depth; + char *cp, *cp2, *buf; + const char *p; + char *name, *zonename, *filename, *typename; + int namelen, zonenamelen, filenamelen, typenamelen; struct stat sbuf; char zone[128], includefile[256]; @@ -542,12 +837,12 @@ doconf(register const char *file, register int mustexist) fd = open(file, O_RDONLY, 0); if (fd < 0) { /* Not an error if it doesn't exist */ - if (!mustexist && errno == ENOENT) { + if ((flags & CONF_MUSTEXIST) == 0 && errno == ENOENT) { if (debug > 1) printf( "%s: doconf: %s doesn't exist (ignoring)\n", prog, file); - return (-1); + return; } fprintf(stderr, "%s: %s: %s\n", prog, file, strerror(errno)); exit(1); @@ -656,7 +951,7 @@ doconf(register const char *file, register int mustexist) /* Eat everything to the next semicolon, perhaps eating matching qbraces */ #define EATSEMICOLON \ { \ - register int depth = 0; \ + int depth = 0; \ while (*cp != '\0') { \ EATCOMMENTS \ if (*cp == ';') { \ @@ -679,6 +974,17 @@ doconf(register const char *file, register int mustexist) } \ } +/* Eat everything to the next left qbrace */ +#define EATSLEFTBRACE \ + while (*cp != '\0') { \ + EATCOMMENTS \ + if (*cp == '{') { \ + ++cp; \ + break; \ + } \ + ++cp; \ + } + n = 1; zone[0] = '\0'; cp = buf; @@ -855,7 +1161,8 @@ doconf(register const char *file, register int mustexist) filename[filenamelen] = '\0'; nsoaval = -1; memset(soaval, 0, sizeof(soaval)); - process(filename, zone, zone); + if ((flags & CONF_NOZONE) == 0) + process(filename, zone, zone); } continue; } @@ -878,13 +1185,28 @@ doconf(register const char *file, register int mustexist) EATCOMMENTS GETQUOTEDNAME(cp2, i) - cp2[i] = '\0'; - if (!parsenetwork(cp2, &errstr)) { + p = parsenetwork(cp2); + if (p != NULL) { ++errors; fprintf(stderr, "%s: %s:%d: bad network: %s\n", - prog, file, n, errstr); + prog, file, n, p); + } + } else if (strncasecmp(name, "ignorezone", + namelen) == 0) { + EATCOMMENTS + GETQUOTEDNAME(cp2, i) + cp2[i] = '\0'; + if (numignoredzones + 1 < + sizeof(ignoredzones) / + sizeof(ignoredzones[0])) { + ignoredzones[numignoredzones].zone = + savestr(cp2); + if (ignoredzones[numignoredzones].zone != NULL) { + ignoredzones[numignoredzones].len = strlen(cp2); + ++numignoredzones; + } } } else { ++errors; @@ -899,7 +1221,9 @@ doconf(register const char *file, register int mustexist) EATCOMMENTS if (*cp != ';') { ++errors; - fprintf(stderr, "missing options semi\n"); + fprintf(stderr, + "%s: %s:%d: missing nslint semi\n", + prog, file, n); } else ++cp; continue; @@ -909,10 +1233,14 @@ doconf(register const char *file, register int mustexist) GETQUOTEDNAME(filename, filenamelen) strncpy(includefile, filename, filenamelen); includefile[filenamelen] = '\0'; - errors += doconf(includefile, 1); + doconf(includefile, 1); EATSEMICOLON continue; } + if (strncasecmp(name, "view", namelen) == 0) { + EATSLEFTBRACE + continue; + } /* Skip over statements we don't understand */ EATSEMICOLON @@ -920,14 +1248,691 @@ doconf(register const char *file, register int mustexist) free(buf); close(fd); - return (errors != 0); +} + +const char * +extractaddr(const char *str, struct addr *ap) +{ + + memset(ap, 0, sizeof(*ap)); + + /* Let's see what we've got here */ + if (strchr(str, '.') != NULL) { + ap->family = AF_INET; + } else if (strchr(str, ':') != NULL) { + ap->family = AF_INET6; + } else + return ("unrecognized address type"); + + switch (ap->family) { + + case AF_INET: + if (!inet_pton(ap->family, str, &ap->a_addr4)) + return ("cannot parse IPv4 address"); + + break; + + case AF_INET6: + if (!inet_pton(ap->family, str, &ap->a_addr6)) + return ("cannot parse IPv6 address"); + break; + + default: + abort(); + } + + return (NULL); +} + +const char * +extractnetwork(const char *str, struct network *np) +{ + int i; + long w; + char *cp, *ep; + const char *p; + char temp[64]; + + memset(np, 0, sizeof(*np)); + + /* Let's see what we've got here */ + if (strchr(str, '.') != NULL) { + np->family = AF_INET; + w = 32; + } else if (strchr(str, ':') != NULL) { + np->family = AF_INET6; + w = 128; + } else + return ("unrecognized address type"); + + p = strchr(str, '/'); + if (p != NULL) { + /* Mask length was specified */ + strncpy(temp, str, sizeof(temp)); + temp[sizeof(temp) - 1] = '\0'; + cp = strchr(temp, '/'); + if (cp == NULL) + abort(); + *cp++ = '\0'; + ep = NULL; + w = strtol(cp, &ep, 10); + if (*ep != '\0') + return ("garbage following mask width"); + str = temp; + } + + switch (np->family) { + + case AF_INET: + if (!inet_pton(np->family, str, &np->n_addr4)) + return ("cannot parse IPv4 address"); + + if (w > 32) + return ("mask length must be <= 32"); + setmaskwidth(w, np); + + if ((np->n_addr4 & ~np->n_mask4) != 0) + return ("non-network bits set in addr"); + +#ifdef notdef + if ((ntohl(np->n_addr4) & 0xff000000) == 0) + return ("high octet must be non-zero"); +#endif + break; + + case AF_INET6: + if (!inet_pton(np->family, str, &np->n_addr6)) + return ("cannot parse IPv6 address"); + if (w > 128) + return ("mask length must be <= 128"); + setmaskwidth(w, np); + + for (i = 0; i < 16; ++i) { + if ((np->n_addr6[i] & ~np->n_mask6[i]) != 0) + return ("non-network bits set in addr"); + } + break; + + default: + abort(); + } + + return (NULL); +} + +struct network * +findnetwork(struct addr *ap) +{ + int i, j; + struct network *np; + + switch (ap->family) { + + case AF_INET: + for (i = 0, np = netlist; i < netlistcnt; ++i, ++np) + if ((ap->a_addr4 & np->n_mask4) == np->n_addr4) + return (np); + break; + + case AF_INET6: + for (i = 0, np = netlist; i < netlistcnt; ++i, ++np) { + for (j = 0; j < sizeof(ap->a_addr6); ++j) { + if ((ap->a_addr6[j] & np->n_mask6[j]) != + np->n_addr6[j]) + break; + } + if (j >= sizeof(ap->a_addr6)) + return (np); + } + break; + + default: + abort(); + } + return (NULL); +} + +void +initprotoserv(void) +{ + char *cp; + struct servent *sp; + char psbuf[512]; + + protoserv_len = 256; + protoserv = (char **)malloc(protoserv_len * sizeof(*protoserv)); + if (protoserv == NULL) { + fprintf(stderr, "%s: nslint: malloc: %s\n", + prog, strerror(errno)); + exit(1); + } + + while ((sp = getservent()) != NULL) { + (void)sprintf(psbuf, "%s/%s", sp->s_name, sp->s_proto); + + /* Convert to lowercase */ + for (cp = psbuf; *cp != '\0'; ++cp) + if (isupper(*cp)) + *cp = tolower(*cp); + + if (protoserv_last + 1 >= protoserv_len) { + protoserv_len <<= 1; + protoserv = realloc(protoserv, + protoserv_len * sizeof(*protoserv)); + if (protoserv == NULL) { + fprintf(stderr, "%s: nslint: realloc: %s\n", + prog, strerror(errno)); + exit(1); + } + } + protoserv[protoserv_last] = savestr(psbuf); + ++protoserv_last; + } + protoserv[protoserv_last] = NULL; +} + +int +maskwidth(struct network *np) +{ + int w; + int i, j; + u_int32_t m, tm; + + /* Work backwards until we find a set bit */ + switch (np->family) { + + case AF_INET: + m = ntohl(np->n_mask4); + for (w = 32; w > 0; --w) { + tm = 0xffffffff << (32 - w); + if (tm == m) + break; + } + break; + + case AF_INET6: + w = 128; + for (j = 15; j >= 0; --j) { + m = np->n_mask6[j]; + for (i = 8; i > 0; --w, --i) { + tm = (0xff << (8 - i)) & 0xff; + if (tm == m) + return (w); + } + } + break; + + default: + abort(); + } + return (w); +} + +const char * +network2str(struct network *np) +{ + int w; + size_t len, size; + char *cp; + static char buf[128]; + + w = maskwidth(np); + switch (np->family) { + + case AF_INET: + if (inet_ntop(np->family, &np->n_addr4, + buf, sizeof(buf)) == NULL) { + fprintf(stderr, "network2str: v4 botch"); + abort(); + } + if (w == 32) + return (buf); + break; + + case AF_INET6: + if (inet_ntop(np->family, &np->n_addr6, + buf, sizeof(buf)) == NULL) { + fprintf(stderr, "network2str: v6 botch"); + abort(); + } + if (w == 128) + return (buf); + break; + + default: + return (""); + } + + /* Append address mask width */ + cp = buf; + len = strlen(cp); + cp += len; + size = sizeof(buf) - len; + (void)snprintf(cp, size, "/%d", w); + return (buf); +} + +void +nslint(void) +{ + int n, records, flags; + struct item *ip, *lastaip, **ipp, **itemlist; + struct addr addr, lastaddr; + struct network *np; + + itemlist = (struct item **)calloc(itemcnt, sizeof(*ipp)); + if (itemlist == NULL) { + fprintf(stderr, "%s: nslint: calloc: %s\n", + prog, strerror(errno)); + exit(1); + } + ipp = itemlist; + for (n = 0, ip = items; n < ITEMSIZE; ++n, ++ip) { + if (ip->host == NULL) + continue; + /* Save entries with addresses for later check */ + if (ip->addr.family != 0) + *ipp++ = ip; + + if (debug > 1) { + if (debug > 2) + printf("%d\t", n); + printf("%s\t%s\t0x%x\t0x%x\n", + ip->host, addr2str(&ip->addr), + ip->records, ip->flags); + } + + /* Check for illegal hostnames (rfc1034) */ + if (rfc1034host(ip->host, ip->records)) + ++errors; + + /* Check for missing ptr records (ok if also an ns record) */ + records = ip->records & MASK_CHECK_REC; + if ((ip->records & MASK_TEST_REC) != 0) + records |= REC_OTHER; + switch (records) { + + case REC_A | REC_OTHER | REC_PTR | REC_REF: + case REC_A | REC_OTHER | REC_PTR: + case REC_A | REC_PTR | REC_REF: + case REC_A | REC_PTR: + case REC_AAAA | REC_OTHER | REC_PTR | REC_REF: + case REC_AAAA | REC_OTHER | REC_PTR: + case REC_AAAA | REC_PTR | REC_REF: + case REC_AAAA | REC_PTR: + case REC_CNAME: + /* These are O.K. */ + break; + + case REC_CNAME | REC_REF: + ++errors; + fprintf(stderr, "%s: \"cname\" referenced by other" + " \"cname\" or \"mx\": %s\n", prog, ip->host); + break; + + case REC_OTHER | REC_REF: + case REC_OTHER: + /* + * This is only an error if there is an address + * associated with the hostname; this means + * there was a wks entry with bogus address. + * Otherwise, we have an mx or hinfo. + * + * XXX ignore localhost for now + * (use flag to indicate loopback?) + */ + if (ip->addr.family == AF_INET && + ip->addr.a_addr4 != htonl(INADDR_LOOPBACK)) { + ++errors; + fprintf(stderr, + "%s: \"wks\" without \"a\" and \"ptr\": %s -> %s\n", + prog, ip->host, addr2str(&ip->addr)); + } + break; + + case REC_REF: + if (!checkignoredzone(ip->host)) { + ++errors; + fprintf(stderr, "%s: Name referenced without" + " other records: %s\n", prog, ip->host); + } + break; + + case REC_A | REC_OTHER | REC_REF: + case REC_A | REC_OTHER: + case REC_A | REC_REF: + case REC_A: + case REC_AAAA | REC_OTHER | REC_REF: + case REC_AAAA | REC_OTHER: + case REC_AAAA | REC_REF: + case REC_AAAA: + ++errors; + fprintf(stderr, "%s: Missing \"ptr\": %s -> %s\n", + prog, ip->host, addr2str(&ip->addr)); + break; + + case REC_OTHER | REC_PTR | REC_REF: + case REC_OTHER | REC_PTR: + case REC_PTR | REC_REF: + case REC_PTR: + ++errors; + fprintf(stderr, "%s: Missing \"a\": %s -> %s\n", + prog, ip->host, addr2str(&ip->addr)); + break; + + case REC_A | REC_CNAME | REC_OTHER | REC_PTR | REC_REF: + case REC_A | REC_CNAME | REC_OTHER | REC_PTR: + case REC_A | REC_CNAME | REC_OTHER | REC_REF: + case REC_A | REC_CNAME | REC_OTHER: + case REC_A | REC_CNAME | REC_PTR | REC_REF: + case REC_A | REC_CNAME | REC_PTR: + case REC_A | REC_CNAME | REC_REF: + case REC_A | REC_CNAME: + case REC_AAAA | REC_CNAME | REC_OTHER | REC_PTR | REC_REF: + case REC_AAAA | REC_CNAME | REC_OTHER | REC_PTR: + case REC_AAAA | REC_CNAME | REC_OTHER | REC_REF: + case REC_AAAA | REC_CNAME | REC_OTHER: + case REC_AAAA | REC_CNAME | REC_PTR | REC_REF: + case REC_AAAA | REC_CNAME | REC_PTR: + case REC_AAAA | REC_CNAME | REC_REF: + case REC_AAAA | REC_CNAME: + case REC_CNAME | REC_OTHER | REC_PTR | REC_REF: + case REC_CNAME | REC_OTHER | REC_PTR: + case REC_CNAME | REC_OTHER | REC_REF: + case REC_CNAME | REC_OTHER: + case REC_CNAME | REC_PTR | REC_REF: + case REC_CNAME | REC_PTR: + ++errors; + fprintf(stderr, "%s: \"cname\" %s has other records\n", + prog, ip->host); + break; + + case 0: + /* Second level test */ + if ((ip->records & ~(REC_NS | REC_TXT)) == 0) + break; + /* Fall through... */ + + default: + ++errors; + fprintf(stderr, + "%s: records == 0x%x: can't happen (%s 0x%x)\n", + prog, records, ip->host, ip->records); + break; + } + + /* Check for smtp problems */ + flags = ip->flags & MASK_TEST_SMTP; + + if ((flags & FLG_SELFMX) != 0 && + (ip->records & (REC_A | REC_AAAA)) == 0) { + ++errors; + fprintf(stderr, + "%s: Self \"mx\" for %s missing" + " \"a\" or \"aaaa\" record\n", + prog, ip->host); + } + + switch (flags) { + + case 0: + case FLG_SELFMX | FLG_SMTPWKS: + /* These are O.K. */ + break; + + case FLG_SELFMX: + if ((ip->records & REC_WKS) != 0) { + ++errors; + fprintf(stderr, + "%s: smtp/tcp missing from \"wks\": %s\n", + prog, ip->host); + } + break; + + case FLG_SMTPWKS: + ++errors; + fprintf(stderr, + "%s: Saw smtp/tcp without self \"mx\": %s\n", + prog, ip->host); + break; + + default: + ++errors; + fprintf(stderr, + "%s: flags == 0x%x: can't happen (%s)\n", + prog, flags, ip->host); + } + + /* Check for chained MX records */ + if ((ip->flags & (FLG_SELFMX | FLG_MXREF)) == FLG_MXREF && + (ip->records & REC_MX) != 0) { + ++errors; + fprintf(stderr, "%s: \"mx\" referenced by other" + " \"mx\" record: %s\n", prog, ip->host); + } + } + + /* Check for doubly booked addresses */ + n = ipp - itemlist; + qsort(itemlist, n, sizeof(itemlist[0]), cmpaddr); + memset(&lastaddr, 0, sizeof(lastaddr)); + ip = NULL; + for (ipp = itemlist; n > 0; ++ipp, --n) { + addr = (*ipp)->addr; + if (cmpaddr(&lastaddr, &addr) == 0 && + ((*ipp)->flags & FLG_ALLOWDUPA) == 0 && + (ip->flags & FLG_ALLOWDUPA) == 0) { + ++errors; + fprintf(stderr, "%s: %s in use by %s and %s\n", + prog, addr2str(&addr), (*ipp)->host, ip->host); + } + memmove(&lastaddr, &addr, sizeof(addr)); + ip = *ipp; + } + + /* Check for hosts with multiple addresses on the same subnet */ + n = ipp - itemlist; + qsort(itemlist, n, sizeof(itemlist[0]), cmpitemhost); + if (netlistcnt > 0) { + n = ipp - itemlist; + lastaip = NULL; + for (ipp = itemlist; n > 0; ++ipp, --n) { + ip = *ipp; + if ((ip->records & (REC_A | REC_AAAA)) == 0 || + (ip->flags & FLG_ALLOWDUPA) != 0) + continue; + if (lastaip != NULL && + strcasecmp(ip->host, lastaip->host) == 0) { + np = findnetwork(&ip->addr); + if (np == NULL) { + ++errors; + fprintf(stderr, + "%s: Can't find subnet mask" + " for %s (%s)\n", + prog, ip->host, + addr2str(&ip->addr)); + } else if (samesubnet(&lastaip->addr, + &ip->addr, np)) { + ++errors; + fprintf(stderr, + "%s: Multiple \"a\" records for %s on subnet %s", + prog, ip->host, + network2str(np)); + fprintf(stderr, "\n\t(%s", + addr2str(&lastaip->addr)); + fprintf(stderr, " and %s)\n", + addr2str(&ip->addr)); + } + } + lastaip = ip; + } + } + + if (debug) + printf("%s: %d/%d items used, %d error%s\n", prog, itemcnt, + ITEMSIZE, errors, errors == 1 ? "" : "s"); +} + +const char * +parsenetwork(const char *cp) +{ + const char *p; + struct network net; + + while (isspace(*cp)) + ++cp; + + p = extractnetwork(cp, &net); + if (p != NULL) + return (p); + + while (isspace(*cp)) + ++cp; + + /* Make sure there's room */ + if (netlistsize <= netlistcnt) { + if (netlistsize == 0) { + netlistsize = 32; + netlist = (struct network *) + malloc(netlistsize * sizeof(*netlist)); + } else { + netlistsize <<= 1; + netlist = (struct network *) + realloc(netlist, netlistsize * sizeof(*netlist)); + } + if (netlist == NULL) { + fprintf(stderr, + "%s: parsenetwork: malloc/realloc: %s\n", + prog, strerror(errno)); + exit(1); + } + } + + /* Add to list */ + memmove(netlist + netlistcnt, &net, sizeof(net)); + ++netlistcnt; + + return (NULL); +} + +const char * +parseptr(const char *str, struct addr *ap) +{ + int i, n, base; + u_long v, v2; + char *cp; + const char *p; + u_char *up; + + memset(ap, 0, sizeof(*ap)); + base = -1; + + /* IPv4 */ + p = str + strlen(str) - sizeof(inaddr) + 1; + if (p >= str && strcasecmp(p, inaddr) == 0) { + ap->family = AF_INET; + n = 4; + base = 10; + } else { + /* IPv6 */ + p = str + strlen(str) - sizeof(inaddr6) + 1; + if (p >= str && strcasecmp(p, inaddr6) == 0) { + ap->family = AF_INET6; + n = 16; + base = 16; + } + } + + if (base < 0) + return ("Not a IPv4 or IPv6 \"ptr\" record"); + + up = (u_char *)&ap->addr; + for (i = 0; i < n; ++i) { + /* Back up to previous dot or beginning of string */ + while (p > str && p[-1] != '.') + --p; + v = strtoul(p, &cp, base); + + if (base == 10) { + if (v > 0xff) + return ("Octet larger than 8 bits"); + } else { + if (v > 0xf) + return ("Octet larger than 4 bits"); + if (*cp != '.') + return ("Junk in \"ptr\" record"); + + /* Back up over dot */ + if (p > str) + --p; + + /* Back up to previous dot or beginning of string */ + while (p > str && p[-1] != '.') + --p; + v2 = strtoul(p, &cp, base); + if (v2 > 0xf) + return ("Octet larger than 4 bits"); + if (*cp != '.') + return ("Junk in \"ptr\" record"); + v = (v << 4) | v2; + } + if (*cp != '.') + return ("Junk in \"ptr\" record"); + + *up++ = v & 0xff; + + /* Back up over dot */ + if (p > str) + --p; + else if (p == str) + break; + } + if (i < n - 1) + return ("Too many octets in \"ptr\" record"); + if (p != str) + return ("Not enough octets in \"ptr\" record"); + + return (NULL); +} + +/* Returns a pointer after the next token or quoted string, else NULL */ +char * +parsequoted(char *cp) +{ + + if (*cp == '"') { + ++cp; + while (*cp != '"' && *cp != '\0') + ++cp; + if (*cp != '"') + return (NULL); + ++cp; + } else { + while (!isspace(*cp) && *cp != '\0') + ++cp; + } + return (cp); } /* Return true when done */ int -parsesoa(register const char *cp, register char **errstrp) +parserrsig(const char *str, char **errstrp) { - register char ch, *garbage; + const char *cp; + + /* XXX just look for closing paren */ + cp = str + strlen(str) - 1; + while (cp >= str) + if (*cp-- == ')') + return (1); + return (0); +} + +/* Return true when done */ +int +parsesoa(const char *cp, char **errstrp) +{ + char ch, *garbage; static char errstr[132]; /* Eat leading whitespace */ @@ -1024,20 +2029,28 @@ parsesoa(register const char *cp, register char **errstrp) } void -process(register const char *file, register const char *domain, - register const char *zone) +process(const char *file, const char *domain, const char *zone) { - register FILE *f; - register char ch, *cp, *cp2, *cp3, *rtype; - register const char *ccp; - register int n, sawsoa, flags, i; - register u_int ttl; - register u_int32_t addr; - u_int32_t net, mask; + FILE *f; + char ch, *cp, *cp2, *cp3, *rtype; + const char *p; + int n, sawsoa, sawrrsig, flags, i; + u_int ttl; + enum rrtype rrtype; + struct addr *ap; + struct addr addr; + // struct network *net; int smtp; - char buf[1024], name[128], lastname[128], odomain[128]; + char buf[2048], name[256], lastname[256], odomain[256]; char *errstr; - char *dotfmt = "%s: %s/%s:%d \"%s\" target missing trailing dot: %s\n"; + const char *addrfmt = + "%s: %s/%s:%d \"%s\" target is an ip address: %s\n"; + const char *dotfmt = + "%s: %s/%s:%d \"%s\" target missing trailing dot: %s\n"; + + /* Check for an "ignored zone" (usually dynamic dns) */ + if (checkignoredzone(zone)) + return; f = fopen(file, "r"); if (f == NULL) { @@ -1049,22 +2062,14 @@ process(register const char *file, register const char *domain, if (debug > 1) printf("%s: process: opened %s/%s\n", prog, cwd, file); - /* Are we doing an in-addr.arpa domain? */ + /* Line number */ n = 0; - net = 0; - mask = 0; - ccp = domain + strlen(domain) - sizeof(inaddr) + 1; - if (ccp >= domain && strcasecmp(ccp, inaddr) == 0 && - !parseinaddr(domain, &net, &mask)) { - ++errors; - fprintf(stderr, "%s: %s/%s:%d bad in-addr.arpa domain\n", - prog, cwd, file, n); - fclose(f); - return; - } + + ap = &addr; lastname[0] = '\0'; sawsoa = 0; + sawrrsig = 0; while (fgets(buf, sizeof(buf), f) != NULL) { ++n; cp = buf; @@ -1098,11 +2103,26 @@ process(register const char *file, register const char *domain, if (errstr != NULL) { ++errors; fprintf(stderr, - "%s: %s/%s:%d bad \"soa\" record (%s)\n", + "%s: %s/%s:%d Bad \"soa\" record (%s)\n", prog, cwd, file, n, errstr); } continue; } + + /* Handle multi-line rrsig records */ + if (sawrrsig) { + errstr = NULL; + if (parserrsig(cp, &errstr)) + sawsoa = 0; + if (errstr != NULL) { + ++errors; + fprintf(stderr, + "%s: %s/%s:%d Bad \"rrsig\" record (%s)\n", + prog, cwd, file, n, errstr); + } + continue; + } + if (debug > 3) printf(">%s<\n", cp); @@ -1112,7 +2132,7 @@ process(register const char *file, register const char *domain, if (lastname[0] == '\0') { ++errors; fprintf(stderr, - "%s: %s/%s:%d no default name\n", + "%s: %s/%s:%d No default name\n", prog, cwd, file, n); continue; } @@ -1171,19 +2191,6 @@ process(register const char *file, register const char *domain, *cp2 = '\0'; domain = odomain; lastname[0] = '\0'; - - /* Are we doing an in-addr.arpa domain? */ - net = 0; - mask = 0; - ccp = domain + strlen(domain) - (sizeof(inaddr) - 1); - if (ccp >= domain && strcasecmp(ccp, inaddr) == 0 && - !parseinaddr(domain, &net, &mask)) { - ++errors; - fprintf(stderr, - "%s: %s/%s:%d bad in-addr.arpa domain\n", - prog, cwd, file, n); - return; - } continue; } @@ -1202,7 +2209,7 @@ process(register const char *file, register const char *domain, if (*cp != '\0') { ++errors; fprintf(stderr, - "%s: %s/%s:%d bad $ttl \"%s\"\n", + "%s: %s/%s:%d Bad $ttl \"%s\"\n", prog, cwd, file, n, cp2); } (void)strcpy(name, lastname); @@ -1245,10 +2252,9 @@ process(register const char *file, register const char *domain, ; /* none */ } - if (!isspace(*cp)) { ++errors; - fprintf(stderr, "%s: %s/%s:%d bad ttl\n", + fprintf(stderr, "%s: %s/%s:%d Bad ttl\n", prog, cwd, file, n); continue; } @@ -1307,59 +2313,91 @@ process(register const char *file, register const char *domain, } } -#define CHECK4(p, a, b, c, d) \ - (p[0] == (a) && p[1] == (b) && p[2] == (c) && p[3] == (d) && p[4] == '\0') -#define CHECK3(p, a, b, c) \ - (p[0] == (a) && p[1] == (b) && p[2] == (c) && p[3] == '\0') -#define CHECK2(p, a, b) \ - (p[0] == (a) && p[1] == (b) && p[2] == '\0') -#define CHECKDOT(p) \ - (p[0] == '.' && p[1] == '\0') + rrtype = txt2rrtype(rtype); + switch (rrtype) { - if (rtype[0] == 'a' && rtype[1] == '\0') { + case RR_A: /* Handle "a" record */ add_domain(name, domain); - addr = htonl(inet_addr(cp)); - if ((int)addr == -1) { + p = extractaddr(cp, ap); + if (p != NULL) { ++errors; cp2 = cp + strlen(cp) - 1; if (cp2 >= cp && *cp2 == '\n') *cp2 = '\0'; fprintf(stderr, - "%s: %s/%s:%d bad \"a\" record ip addr \"%s\"\n", + "%s: %s/%s:%d Bad \"a\" record ip addr \"%s\"\n", prog, cwd, file, n, cp); continue; } - errors += updateitem(name, addr, REC_A, ttl, 0); - } else if (CHECK4(rtype, 'a', 'a', 'a', 'a')) { - /* Just eat for now */ - continue; - } else if (CHECK3(rtype, 'p', 't', 'r')) { + if (ap->family != AF_INET) { + ++errors; + cp2 = cp + strlen(cp) - 1; + if (cp2 >= cp && *cp2 == '\n') + *cp2 = '\0'; + fprintf(stderr, + "%s: %s/%s:%d \"a\"record not AF_INET \"%s\"\n", + prog, cwd, file, n, cp); + continue; + } + errors += updateitem(name, ap, REC_A, ttl, 0); + break; + + case RR_AAAA: + /* Handle "aaaa" record */ + add_domain(name, domain); + p = extractaddr(cp, ap); + if (p != NULL) { + ++errors; + cp2 = cp + strlen(cp) - 1; + if (cp2 >= cp && *cp2 == '\n') + *cp2 = '\0'; + fprintf(stderr, + "%s: %s/%s:%d Bad \"aaaa\" record ip addr \"%s\"\n", + prog, cwd, file, n, cp); + continue; + } + if (ap->family != AF_INET6) { + ++errors; + cp2 = cp + strlen(cp) - 1; + if (cp2 >= cp && *cp2 == '\n') + *cp2 = '\0'; + fprintf(stderr, + "%s: %s/%s:%d \"aaaa\"record not AF_INET6 \"%s\"\n", + prog, cwd, file, n, cp); + continue; + } + errors += updateitem(name, ap, REC_AAAA, ttl, 0); + break; + + case RR_PTR: /* Handle "ptr" record */ add_domain(name, domain); if (strcmp(cp, "@") == 0) (void)strcpy(cp, zone); if (checkdots(cp)) { ++errors; - fprintf(stderr, dotfmt, + fprintf(stderr, + checkaddr(cp) ? addrfmt : dotfmt, prog, cwd, file, n, rtype, cp); } add_domain(cp, domain); - errstr = NULL; - addr = parseptr(name, net, mask, &errstr); - if (errstr != NULL) { + p = parseptr(name, ap); + if (p != NULL) { ++errors; fprintf(stderr, - "%s: %s/%s:%d bad \"ptr\" record (%s) ip addr \"%s\"\n", - prog, cwd, file, n, errstr, name); + "%s: %s/%s:%d Bad \"ptr\" record (%s) ip addr \"%s\"\n", + prog, cwd, file, n, p, name); continue; } - errors += updateitem(cp, addr, REC_PTR, 0, 0); - } else if (CHECK3(rtype, 's', 'o', 'a')) { + errors += updateitem(cp, ap, REC_PTR, 0, 0); + break; + + case RR_SOA: /* Handle "soa" record */ if (!CHECKDOT(name)) { add_domain(name, domain); - errors += updateitem(name, 0, REC_SOA, 0, 0); + errors += updateitem(name, NULL, REC_SOA, 0, 0); } errstr = NULL; if (!parsesoa(cp, &errstr)) @@ -1367,21 +2405,23 @@ process(register const char *file, register const char *domain, if (errstr != NULL) { ++errors; fprintf(stderr, - "%s: %s/%s:%d bad \"soa\" record (%s)\n", + "%s: %s/%s:%d Bad \"soa\" record (%s)\n", prog, cwd, file, n, errstr); continue; } - } else if (CHECK3(rtype, 'w', 'k', 's')) { + break; + + case RR_WKS: /* Handle "wks" record */ - addr = htonl(inet_addr(cp)); - if ((int)addr == -1) { + p = extractaddr(cp, ap); + if (p != NULL) { ++errors; cp2 = cp; while (!isspace(*cp2) && *cp2 != '\0') ++cp2; *cp2 = '\0'; fprintf(stderr, - "%s: %s/%s:%d bad \"wks\" record ip addr \"%s\"\n", + "%s: %s/%s:%d Bad \"wks\" record ip addr \"%s\"\n", prog, cwd, file, n, cp); continue; } @@ -1396,18 +2436,20 @@ process(register const char *file, register const char *domain, if (errstr != NULL) { ++errors; fprintf(stderr, - "%s: %s/%s:%d bad \"wks\" record (%s)\n", + "%s: %s/%s:%d Bad \"wks\" record (%s)\n", prog, cwd, file, n, errstr); continue; } add_domain(name, domain); - errors += updateitem(name, addr, REC_WKS, + errors += updateitem(name, ap, REC_WKS, 0, smtp ? FLG_SMTPWKS : 0); /* XXX check to see if ip address records exists? */ - } else if (rtype[0] == 'h' && strcmp(rtype, "hinfo") == 0) { + break; + + case RR_HINFO: /* Handle "hinfo" record */ add_domain(name, domain); - errors += updateitem(name, 0, REC_HINFO, 0, 0); + errors += updateitem(name, NULL, REC_HINFO, 0, 0); cp2 = cp; cp = parsequoted(cp); if (cp == NULL) { @@ -1449,16 +2491,18 @@ process(register const char *file, register const char *domain, prog, cwd, file, n, cp2); continue; } - } else if (CHECK2(rtype, 'm', 'x')) { + break; + + case RR_MX: /* Handle "mx" record */ add_domain(name, domain); - errors += updateitem(name, 0, REC_MX, ttl, 0); + errors += updateitem(name, NULL, REC_MX, ttl, 0); /* Look for priority */ if (!isdigit(*cp)) { ++errors; fprintf(stderr, - "%s: %s/%s:%d bad \"mx\" priority: %s\n", + "%s: %s/%s:%d Bad \"mx\" priority: %s\n", prog, cwd, file, n, cp); } @@ -1471,14 +2515,15 @@ process(register const char *file, register const char *domain, if (*cp == '\0') { ++errors; fprintf(stderr, - "%s: %s/%s:%d missing \"mx\" hostname\n", + "%s: %s/%s:%d Missing \"mx\" hostname\n", prog, cwd, file, n); } if (strcmp(cp, "@") == 0) (void)strcpy(cp, zone); if (checkdots(cp)) { ++errors; - fprintf(stderr, dotfmt, + fprintf(stderr, + checkaddr(cp) ? addrfmt : dotfmt, prog, cwd, file, n, rtype, cp); } @@ -1487,14 +2532,17 @@ process(register const char *file, register const char *domain, flags = FLG_MXREF; if (*name == *cp && strcmp(name, cp) == 0) flags |= FLG_SELFMX; - errors += updateitem(cp, 0, REC_REF, 0, flags); - } else if (rtype[0] == 'c' && strcmp(rtype, "cname") == 0) { + errors += updateitem(cp, NULL, REC_REF, 0, flags); + break; + + case RR_CNAME: /* Handle "cname" record */ add_domain(name, domain); - errors += updateitem(name, 0, REC_CNAME, 0, 0); + errors += updateitem(name, NULL, REC_CNAME, 0, 0); if (checkdots(cp)) { ++errors; - fprintf(stderr, dotfmt, + fprintf(stderr, + checkaddr(cp) ? addrfmt : dotfmt, prog, cwd, file, n, rtype, cp); } @@ -1502,11 +2550,13 @@ process(register const char *file, register const char *domain, if (strcmp(cp, "@") == 0) (void)strcpy(cp, zone); add_domain(cp, domain); - errors += updateitem(cp, 0, REC_REF, 0, 0); - } else if (CHECK3(rtype, 's', 'r', 'v')) { + errors += updateitem(cp, NULL, REC_REF, 0, 0); + break; + + case RR_SRV: /* Handle "srv" record */ add_domain(name, domain); - errors += updateitem(name, 0, REC_SRV, 0, 0); + errors += updateitem(name, NULL, REC_SRV, 0, 0); cp2 = cp; /* Skip over three values */ @@ -1514,7 +2564,7 @@ process(register const char *file, register const char *domain, if (!isdigit(*cp)) { ++errors; fprintf(stderr, "%s: %s/%s:%d" - " bad \"srv\" value: %s\n", + " Bad \"srv\" value: %s\n", prog, cwd, file, n, cp); } @@ -1528,11 +2578,13 @@ process(register const char *file, register const char *domain, /* Check to see if mx host exists */ add_domain(cp, domain); - errors += updateitem(cp, 0, REC_REF, 0, 0); - } else if (CHECK3(rtype, 't', 'x', 't')) { + errors += updateitem(cp, NULL, REC_REF, 0, 0); + break; + + case RR_TXT: /* Handle "txt" record */ add_domain(name, domain); - errors += updateitem(name, 0, REC_TXT, 0, 0); + errors += updateitem(name, NULL, REC_TXT, 0, 0); cp2 = cp; cp = parsequoted(cp); if (cp == NULL) { @@ -1551,22 +2603,27 @@ process(register const char *file, register const char *domain, prog, cwd, file, n, cp2); continue; } - } else if (CHECK2(rtype, 'n', 's')) { + break; + + case RR_NS: /* Handle "ns" record */ - errors += updateitem(zone, 0, REC_NS, 0, 0); + errors += updateitem(zone, NULL, REC_NS, 0, 0); if (strcmp(cp, "@") == 0) (void)strcpy(cp, zone); if (checkdots(cp)) { ++errors; - fprintf(stderr, dotfmt, + fprintf(stderr, + checkaddr(cp) ? addrfmt : dotfmt, prog, cwd, file, n, rtype, cp); } add_domain(cp, domain); - errors += updateitem(cp, 0, REC_REF, 0, 0); - } else if (CHECK2(rtype, 'r', 'p')) { + errors += updateitem(cp, NULL, REC_REF, 0, 0); + break; + + case RR_RP: /* Handle "rp" record */ add_domain(name, domain); - errors += updateitem(name, 0, REC_RP, 0, 0); + errors += updateitem(name, NULL, REC_RP, 0, 0); cp2 = cp; /* Step over mailbox name */ @@ -1598,31 +2655,71 @@ process(register const char *file, register const char *domain, /* Make sure text name points somewhere (if not ".") */ if (!CHECKDOT(cp3)) { add_domain(cp3, domain); - errors += updateitem(cp3, 0, REC_REF, 0, 0); + errors += updateitem(cp3, NULL, REC_REF, 0, 0); } - } else if (rtype[0] == 'a' && strcmp(rtype, "allowdupa") == 0) { + break; + + case RR_ALLOWDUPA: /* Handle "allow duplicate a" record */ add_domain(name, domain); - addr = htonl(inet_addr(cp)); - if ((int)addr == -1) { + p = extractaddr(cp, ap); + if (p != NULL) { ++errors; cp2 = cp + strlen(cp) - 1; if (cp2 >= cp && *cp2 == '\n') *cp2 = '\0'; fprintf(stderr, - "%s: %s/%s:%d bad \"allowdupa\" record ip addr \"%s\"\n", + "%s: %s/%s:%d Bad \"allowdupa\" record ip addr \"%s\"\n", prog, cwd, file, n, cp); continue; } - errors += updateitem(name, addr, 0, 0, FLG_ALLOWDUPA); - } else { + errors += updateitem(name, ap, 0, 0, FLG_ALLOWDUPA); + break; + + case RR_DNSKEY: + /* Handle "dnskey" record */ + add_domain(name, domain); + errors += updateitem(name, NULL, REC_CNAME, 0, 0); + if (checkdots(cp)) { + ++errors; + fprintf(stderr, + checkaddr(cp) ? addrfmt : dotfmt, + prog, cwd, file, n, rtype, cp); + } + + /* Make sure cname points somewhere */ + if (strcmp(cp, "@") == 0) + (void)strcpy(cp, zone); + add_domain(cp, domain); + errors += updateitem(cp, NULL, REC_REF, 0, 0); + break; + + case RR_RRSIG: + errstr = NULL; + if (!parserrsig(cp, &errstr)) + ++sawrrsig; + if (errstr != NULL) { + ++errors; + fprintf(stderr, + "%s: %s/%s:%d Bad \"rrsig\" record (%s)\n", + prog, cwd, file, n, errstr); + continue; + } + break; + + case RR_NSEC: + /* XXX */ + continue; + + default: /* Unknown record type */ ++errors; fprintf(stderr, - "%s: %s/%s:%d unknown record type \"%s\"\n", + "%s: %s/%s:%d Unknown record type \"%s\"\n", prog, cwd, file, n, rtype); add_domain(name, domain); - errors += updateitem(name, 0, REC_UNKNOWN, 0, 0); + errors += updateitem(name, NULL, REC_UNKNOWN, 0, 0); + break; } (void)strcpy(lastname, name); } @@ -1630,107 +2727,6 @@ process(register const char *file, register const char *domain, return; } -/* Records we use to detect duplicates */ -static struct duprec { - int record; - char *name; -} duprec[] = { - { REC_A, "a" }, - { REC_HINFO, "hinfo" }, - { 0, NULL }, -}; - -void -checkdups(register struct item *ip, register int records) -{ - register struct duprec *dp; - - records &= (ip->records & MASK_TEST_DUP); - if (records == 0) - return; - for (dp = duprec; dp->name != NULL; ++dp) - if ((records & dp->record) != 0) { - ++errors; - fprintf(stderr, "%s: multiple \"%s\" records for %s\n", - prog, dp->name, ip->host); - records &= ~dp->record; - } - if (records != 0) - fprintf(stderr, "%s: checkdups: records not zero (%d)\n", - prog, records); -} - -int -updateitem(register const char *host, register u_int32_t addr, - register int records, register u_int ttl, register int flags) -{ - register const char *ccp; - register int n, errs; - register u_int i; - register struct item *ip; - int foundsome; - - n = 0; - foundsome = 0; - errs = 0; - ITEMHASH(host, i, ccp); - ip = &items[i & (ITEMSIZE - 1)]; - while (n < ITEMSIZE && ip->host) { - if ((addr == 0 || addr == ip->addr || ip->addr == 0) && - *host == *ip->host && strcmp(host, ip->host) == 0) { - ++foundsome; - if (ip->addr == 0) - ip->addr = addr; - if ((records & MASK_TEST_DUP) != 0) - checkdups(ip, records); - ip->records |= records; - /* Only check differing ttl's for A and MX records */ - if (ip->ttl == 0) - ip->ttl = ttl; - else if (ttl != 0 && ip->ttl != ttl) { - fprintf(stderr, - "%s: differing ttls for %s (%u != %u)\n", - prog, ip->host, ttl, ip->ttl); - ++errs; - } - ip->flags |= flags; - /* Not done if we wildcard matched the name */ - if (addr) - return (errs); - } - ++n; - ++ip; - if (ip >= &items[ITEMSIZE]) - ip = items; - } - - if (n >= ITEMSIZE) { - fprintf(stderr, "%s: out of item slots (max %d)\n", - prog, ITEMSIZE); - exit(1); - } - - /* Done if we were wildcarding the name (and found entries for it) */ - if (addr == 0 && foundsome) - return (errs); - - /* Didn't find it, make new entry */ - ++itemcnt; - if (ip->host) { - fprintf(stderr, "%s: reusing bucket!\n", prog); - exit(1); - } - ip->addr = addr; - ip->host = savestr(host); - if ((records & MASK_TEST_DUP) != 0) - checkdups(ip, records); - ip->records |= records; - if (ttl != 0) - ip->ttl = ttl; - ip->flags |= flags; - return (errs); -} - static const char *microlist[] = { "_tcp", "_udp", @@ -1740,10 +2736,10 @@ static const char *microlist[] = { }; int -rfc1034host(register const char *host, register int recs) +rfc1034host(const char *host, int recs) { - register const char *cp, **p; - register int underok; + const char *cp, **p; + int underok; underok = 0; for (p = microlist; *p != NULL ;++p) @@ -1766,613 +2762,205 @@ rfc1034host(register const char *host, register int recs) if (!(isalpha(*cp) || isdigit(*cp) || *cp == '-' || (*cp == '/' && (recs & REC_SOA) != 0))) { fprintf(stderr, - "%s: illegal hostname \"%s\" ('%c' illegal character)\n", + "%s: Illegal hostname \"%s\" ('%c' illegal character)\n", prog, host, *cp); return (1); } if (--cp >= host && *cp == '-') { - fprintf(stderr, "%s: illegal hostname \"%s\" (ends with '-')\n", + fprintf(stderr, "%s: Illegal hostname \"%s\" (ends with '-')\n", prog, host); return (1); } return (0); } -int -nslint(void) +enum rrtype +txt2rrtype(const char *str) { - register int n, records, flags; - register struct item *ip, *lastaip, **ipp, **itemlist; - register u_int32_t addr, lastaddr, mask; - - itemlist = (struct item **)calloc(itemcnt, sizeof(*ipp)); - if (itemlist == NULL) { - fprintf(stderr, "%s: nslint: calloc: %s\n", - prog, strerror(errno)); - exit(1); - } - ipp = itemlist; - for (n = 0, ip = items; n < ITEMSIZE; ++n, ++ip) { - if (ip->host == NULL) - continue; - - /* Save entries with addresses for later check */ - if (ip->addr != 0) - *ipp++ = ip; - - if (debug > 1) { - if (debug > 2) - printf("%d\t", n); - printf("%s\t%s\t0x%x\t0x%x\n", - ip->host, intoa(ip->addr), ip->records, ip->flags); - } - - /* Check for illegal hostnames (rfc1034) */ - if (rfc1034host(ip->host, ip->records)) - ++errors; - - /* Check for missing ptr records (ok if also an ns record) */ - records = ip->records & MASK_CHECK_REC; - if ((ip->records & MASK_TEST_REC) != 0) - records |= REC_OTHER; - switch (records) { - - case REC_A | REC_OTHER | REC_PTR | REC_REF: - case REC_A | REC_OTHER | REC_PTR: - case REC_A | REC_PTR | REC_REF: - case REC_A | REC_PTR: - case REC_CNAME: - /* These are O.K. */ - break; - - case REC_CNAME | REC_REF: - ++errors; - fprintf(stderr, "%s: \"cname\" referenced by other" - " \"cname\" or \"mx\": %s\n", prog, ip->host); - break; - - case REC_OTHER | REC_REF: - case REC_OTHER: - /* - * This is only an error if there is an address - * associated with the hostname; this means - * there was a wks entry with bogus address. - * Otherwise, we have an mx or hinfo. - */ - if (ip->addr != 0) { - ++errors; - fprintf(stderr, - "%s: \"wks\" without \"a\" and \"ptr\": %s -> %s\n", - prog, ip->host, intoa(ip->addr)); - } - break; - - case REC_REF: - ++errors; - fprintf(stderr, - "%s: name referenced without other records: %s\n", - prog, ip->host); - break; - - case REC_A | REC_OTHER | REC_REF: - case REC_A | REC_OTHER: - case REC_A | REC_REF: - case REC_A: - ++errors; - fprintf(stderr, "%s: missing \"ptr\": %s -> %s\n", - prog, ip->host, intoa(ip->addr)); - break; - - case REC_OTHER | REC_PTR | REC_REF: - case REC_OTHER | REC_PTR: - case REC_PTR | REC_REF: - case REC_PTR: - ++errors; - fprintf(stderr, "%s: missing \"a\": %s -> %s\n", - prog, ip->host, intoa(ip->addr)); - break; - - case REC_A | REC_CNAME | REC_OTHER | REC_PTR | REC_REF: - case REC_A | REC_CNAME | REC_OTHER | REC_PTR: - case REC_A | REC_CNAME | REC_OTHER | REC_REF: - case REC_A | REC_CNAME | REC_OTHER: - case REC_A | REC_CNAME | REC_PTR | REC_REF: - case REC_A | REC_CNAME | REC_PTR: - case REC_A | REC_CNAME | REC_REF: - case REC_A | REC_CNAME: - case REC_CNAME | REC_OTHER | REC_PTR | REC_REF: - case REC_CNAME | REC_OTHER | REC_PTR: - case REC_CNAME | REC_OTHER | REC_REF: - case REC_CNAME | REC_OTHER: - case REC_CNAME | REC_PTR | REC_REF: - case REC_CNAME | REC_PTR: - ++errors; - fprintf(stderr, "%s: \"cname\" %s has other records\n", - prog, ip->host); - break; - - case 0: - /* Second level test */ - if ((ip->records & ~(REC_NS | REC_TXT)) == 0) - break; - /* Fall through... */ - - default: - ++errors; - fprintf(stderr, - "%s: records == 0x%x: can't happen (%s 0x%x)\n", - prog, records, ip->host, ip->records); - break; - } - - /* Check for smtp problems */ - flags = ip->flags & MASK_TEST_SMTP; - - if ((flags & FLG_SELFMX) != 0 && (ip->records & REC_A) == 0) { - ++errors; - fprintf(stderr, - "%s: self \"mx\" for %s missing \"a\" record\n", - prog, ip->host); - } - - switch (flags) { - - case 0: - case FLG_SELFMX | FLG_SMTPWKS: - /* These are O.K. */ - break; - - case FLG_SELFMX: - if ((ip->records & REC_WKS) != 0) { - ++errors; - fprintf(stderr, - "%s: smtp/tcp missing from \"wks\": %s\n", - prog, ip->host); - } - break; - - case FLG_SMTPWKS: - ++errors; - fprintf(stderr, - "%s: saw smtp/tcp without self \"mx\": %s\n", - prog, ip->host); - break; - - default: - ++errors; - fprintf(stderr, - "%s: flags == 0x%x: can't happen (%s)\n", - prog, flags, ip->host); - } - - /* Check for chained MX records */ - if ((ip->flags & (FLG_SELFMX | FLG_MXREF)) == FLG_MXREF && - (ip->records & REC_MX) != 0) { - ++errors; - fprintf(stderr, "%s: \"mx\" referenced by other" - " \"mx\" record: %s\n", prog, ip->host); - } - } - - /* Check for doubly booked addresses */ - n = ipp - itemlist; - qsort(itemlist, n, sizeof(itemlist[0]), cmpaddr); - lastaddr = 0; - ip = NULL; - for (ipp = itemlist; n > 0; ++ipp, --n) { - addr = (*ipp)->addr; - if (lastaddr == addr && - ((*ipp)->flags & FLG_ALLOWDUPA) == 0 && - (ip->flags & FLG_ALLOWDUPA) == 0) { - ++errors; - fprintf(stderr, "%s: %s in use by %s and %s\n", - prog, intoa(addr), (*ipp)->host, ip->host); - } - lastaddr = addr; - ip = *ipp; - } - - /* Check for hosts with multiple addresses on the same subnet */ - n = ipp - itemlist; - qsort(itemlist, n, sizeof(itemlist[0]), cmphost); - if (netlistcnt > 0) { - n = ipp - itemlist; - lastaip = NULL; - for (ipp = itemlist; n > 0; ++ipp, --n) { - ip = *ipp; - if ((ip->records & REC_A) == 0 || - (ip->flags & FLG_ALLOWDUPA) != 0) - continue; - if (lastaip != NULL && - strcasecmp(ip->host, lastaip->host) == 0) { - mask = findmask(ip->addr); - if (mask == 0) { - ++errors; - fprintf(stderr, - "%s: can't find mask for %s (%s)\n", - prog, ip->host, intoa(ip->addr)); - } else if ((lastaip->addr & mask) == - (ip->addr & mask) ) { - ++errors; - fprintf(stderr, - "%s: multiple \"a\" records for %s on subnet %s", - prog, ip->host, - intoa(ip->addr & mask)); - fprintf(stderr, "\n\t(%s", - intoa(lastaip->addr)); - fprintf(stderr, " and %s)\n", - intoa(ip->addr)); - } - } - lastaip = ip; - } - } - - if (debug) - printf("%s: %d/%d items used, %d error%s\n", prog, itemcnt, - ITEMSIZE, errors, errors == 1 ? "" : "s"); - return (errors != 0); -} - -/* Similar to inet_ntoa() */ -char * -intoa(u_int32_t addr) -{ - register char *cp; - register u_int byte; - register int n; - static char buf[sizeof(".xxx.xxx.xxx.xxx")]; - - cp = &buf[sizeof buf]; - *--cp = '\0'; - - n = 4; - do { - byte = addr & 0xff; - *--cp = byte % 10 + '0'; - byte /= 10; - if (byte > 0) { - *--cp = byte % 10 + '0'; - byte /= 10; - if (byte > 0) - *--cp = byte + '0'; - } - *--cp = '.'; - addr >>= 8; - } while (--n > 0); - - return cp + 1; + if (strcasecmp(str, "aaaa") == 0) + return (RR_AAAA); + if (strcasecmp(str, "a") == 0) + return (RR_A); + if (strcasecmp(str, "allowdupa") == 0) + return (RR_ALLOWDUPA); + if (strcasecmp(str, "cname") == 0) + return (RR_CNAME); + if (strcasecmp(str, "dnskey") == 0) + return (RR_DNSKEY); + if (strcasecmp(str, "hinfo") == 0) + return (RR_HINFO); + if (strcasecmp(str, "mx") == 0) + return (RR_MX); + if (strcasecmp(str, "ns") == 0) + return (RR_NS); + if (strcasecmp(str, "ptr") == 0) + return (RR_PTR); + if (strcasecmp(str, "rp") == 0) + return (RR_RP); + if (strcasecmp(str, "soa") == 0) + return (RR_SOA); + if (strcasecmp(str, "srv") == 0) + return (RR_SRV); + if (strcasecmp(str, "txt") == 0) + return (RR_TXT); + if (strcasecmp(str, "wks") == 0) + return (RR_WKS); + if (strcasecmp(str, "RRSIG") == 0) + return (RR_RRSIG); + if (strcasecmp(str, "NSEC") == 0) + return (RR_NSEC); + return (RR_UNDEF); } int -parseinaddr(register const char *cp, register u_int32_t *netp, - register u_int32_t *maskp) +samesubnet(struct addr *a1, struct addr *a2, struct network *np) { - register int i, bits; - register u_int32_t o, net, mask; + int i; + u_int32_t v1, v2; - if (!isdigit(*cp)) + /* IPv4 before IPv6 */ + if (a1->family != a2->family) return (0); - net = 0; - mask = 0xff000000; - bits = 0; - o = 0; - do { - o = o * 10 + (*cp++ - '0'); - } while (isdigit(*cp)); - net = o << 24; - /* Check for classless delegation mask width */ - if (*cp == '/') { - ++cp; - o = 0; - do { - o = o * 10 + (*cp++ - '0'); - } while (isdigit(*cp)); - bits = o; - if (bits <= 0 || bits > 32) - return (0); - } + switch (a1->family) { - if (*cp == '.' && isdigit(cp[1])) { - ++cp; - o = 0; - do { - o = o * 10 + (*cp++ - '0'); - } while (isdigit(*cp)); - net = (net >> 8) | (o << 24); - mask = 0xffff0000; - if (*cp == '.' && isdigit(cp[1])) { - ++cp; - o = 0; - do { - o = o * 10 + (*cp++ - '0'); - } while (isdigit(*cp)); - net = (net >> 8) | (o << 24); - mask = 0xffffff00; - if (*cp == '.' && isdigit(cp[1])) { - ++cp; - o = 0; - do { - o = o * 10 + (*cp++ - '0'); - } while (isdigit(*cp)); - net = (net >> 8) | (o << 24); - mask = 0xffffffff; - } + case AF_INET: + /* Apply the mask to both values */ + v1 = a1->a_addr4 & np->n_mask4; + v2 = a2->a_addr4 & np->n_mask4; + return (v1 == v2); + + case AF_INET6: + /* Apply the mask to both values */ + for (i = 0; i < 16; ++i) { + v1 = a1->a_addr6[i] & np->n_mask6[i]; + v2 = a2->a_addr6[i] & np->n_mask6[i]; + if (v1 != v2) + return (0); } + break; + + default: + abort(); } - if (strcasecmp(cp, inaddr) != 0) - return (0); - - /* Classless delegation */ - /* XXX check that calculated mask isn't smaller than octet mask? */ - if (bits != 0) - for (mask = 0, i = 31; bits > 0; --i, --bits) - mask |= (1 << i); - - *netp = net; - *maskp = mask; return (1); } -u_int32_t -parseptr(register const char *cp, u_int32_t net, u_int32_t mask, - register char **errstrp) -{ - register u_int32_t o, addr; - register int shift; - - addr = 0; - shift = 0; - while (isdigit(*cp) && shift < 32) { - o = 0; - do { - o = o * 10 + (*cp++ - '0'); - } while (isdigit(*cp)); - addr |= o << shift; - shift += 8; - if (*cp != '.') { - if (*cp == '\0') - break; - *errstrp = "missing dot"; - return (0); - } - ++cp; - } - - if (shift > 32) { - *errstrp = "more than 4 octets"; - return (0); - } - - if (shift == 32 && strcasecmp(cp, inaddr + 1) == 0) - return (addr); - -#ifdef notdef - if (*cp != '\0') { - *errstrp = "trailing junk"; - return (0); - } -#endif -#ifdef notdef - if ((~mask & net) != 0) { - *errstrp = "too many octets for net"; - return (0); - } -#endif - return (net | addr); -} - -int -checkwks(register FILE *f, register char *proto, register int *smtpp, - register char **errstrp) -{ - register int n, sawparen; - register char *cp, *serv, **p; - static char errstr[132]; - char buf[1024]; - char psbuf[512]; - - if (!protoserv_init) { - initprotoserv(); - ++protoserv_init; - } - - /* Line count */ - n = 0; - - /* Terminate protocol */ - cp = proto; - while (!isspace(*cp) && *cp != '\0') - ++cp; - if (*cp != '\0') - *cp++ = '\0'; - - /* Find services */ - *smtpp = 0; - sawparen = 0; - if (*cp == '(') { - ++sawparen; - ++cp; - while (isspace(*cp)) - ++cp; - } - for (;;) { - if (*cp == '\0') { - if (!sawparen) - break; - if (fgets(buf, sizeof(buf), f) == NULL) { - *errstrp = "mismatched parens"; - return (n); - } - ++n; - cp = buf; - while (isspace(*cp)) - ++cp; - } - /* Find end of service, converting to lowercase */ - for (serv = cp; !isspace(*cp) && *cp != '\0'; ++cp) - if (isupper(*cp)) - *cp = tolower(*cp); - if (*cp != '\0') - *cp++ = '\0'; - if (sawparen && *cp == ')') { - /* XXX should check for trailing junk */ - break; - } - - (void)sprintf(psbuf, "%s/%s", serv, proto); - - if (*serv == 's' && strcmp(psbuf, "tcp/smtp") == 0) - ++*smtpp; - - for (p = protoserv; *p != NULL; ++p) - if (*psbuf == **p && strcmp(psbuf, *p) == 0) { - break; - } - if (*p == NULL) { - sprintf(errstr, "%s unknown", psbuf); - *errstrp = errstr; - break; - } - } - - return (n); -} - -int -checkserv(register const char *serv, register char **p) -{ - for (; *p != NULL; ++p) - if (*serv == **p && strcmp(serv, *p) == 0) - return (1); - return (0); -} - +/* Set address mask in network order */ void -initprotoserv(void) +setmaskwidth(u_int w, struct network *np) { - register char *cp; - register struct servent *sp; - char psbuf[512]; + int i, j; - protoserv_len = 256; - protoserv = (char **)malloc(protoserv_len * sizeof(*protoserv)); - if (protoserv == NULL) { - fprintf(stderr, "%s: nslint: malloc: %s\n", - prog, strerror(errno)); + switch (np->family) { + + case AF_INET: + if (w <= 0) + np->n_mask4 = 0; + else + np->n_mask4 = htonl(0xffffffff << (32 - w)); + break; + + case AF_INET6: + /* XXX is this right? */ + memset(np->n_mask6, 0, sizeof(np->n_mask6)); + for (i = 0; i < w / 8; ++i) + np->n_mask6[i] = 0xff; + i = w / 8; + j = w % 8; + if (j > 0 && i < 16) + np->n_mask6[i] = 0xff << (8 - j); + break; + + default: + abort(); + } +} + +int +updateitem(const char *host, struct addr *ap, int records, u_int ttl, int flags) +{ + const char *ccp; + int n, errs; + u_int i; + struct item *ip; + int foundsome; + + n = 0; + foundsome = 0; + errs = 0; + + /* Hash the host name */ + i = 0; + ccp = host; + while (*ccp != '\0') + i = i * 37 + *ccp++; + ip = &items[i & (ITEMSIZE - 1)]; + + /* Look for a match or any empty slot */ + while (n < ITEMSIZE && ip->host != NULL) { + + if ((ap == NULL || ip->addr.family == 0 || + cmpaddr(ap, &ip->addr) == 0) && + *host == *ip->host && strcmp(host, ip->host) == 0) { + ++foundsome; + if (ip->addr.family == 0 && ap != NULL) + memmove(&ip->addr, ap, sizeof(*ap)); + if ((records & MASK_TEST_DUP) != 0) + checkdups(ip, records); + ip->records |= records; + /* Only check differing ttl's for A and MX records */ + if (ip->ttl == 0) + ip->ttl = ttl; + else if (ttl != 0 && ip->ttl != ttl) { + fprintf(stderr, + "%s: Differing ttls for %s (%u != %u)\n", + prog, ip->host, ttl, ip->ttl); + ++errs; + } + ip->flags |= flags; + /* Not done if we wildcard matched the name */ + if (ap != NULL) + return (errs); + } + ++n; + ++ip; + if (ip >= &items[ITEMSIZE]) + ip = items; + } + + if (n >= ITEMSIZE) { + fprintf(stderr, "%s: Out of item slots (max %d)\n", + prog, ITEMSIZE); exit(1); } - while ((sp = getservent()) != NULL) { - (void)sprintf(psbuf, "%s/%s", sp->s_name, sp->s_proto); - - /* Convert to lowercase */ - for (cp = psbuf; *cp != '\0'; ++cp) - if (isupper(*cp)) - *cp = tolower(*cp); - - if (protoserv_last + 1 >= protoserv_len) { - protoserv_len <<= 1; - protoserv = realloc(protoserv, - protoserv_len * sizeof(*protoserv)); - if (protoserv == NULL) { - fprintf(stderr, "%s: nslint: realloc: %s\n", - prog, strerror(errno)); - exit(1); - } - } - protoserv[protoserv_last] = savestr(psbuf); - ++protoserv_last; + /* Done if we were wildcarding the name (and found entries for it) */ + if (ap == NULL && foundsome) { + return (errs); } - protoserv[protoserv_last] = NULL; -} -/* - * Returns true if name contains a dot but not a trailing dot. - * Special case: allow a single dot if the second part is not one - * of the 3 or 4 letter top level domains or is any 2 letter TLD - */ -int -checkdots(register const char *name) -{ - register const char *cp, *cp2; - - if ((cp = strchr(name, '.')) == NULL) - return (0); - cp2 = name + strlen(name) - 1; - if (cp2 >= name && *cp2 == '.') - return (0); - - /* Return true of more than one dot*/ - ++cp; - if (strchr(cp, '.') != NULL) - return (1); - - if (strlen(cp) == 2 || - strcasecmp(cp, "gov") == 0 || - strcasecmp(cp, "edu") == 0 || - strcasecmp(cp, "com") == 0 || - strcasecmp(cp, "net") == 0 || - strcasecmp(cp, "org") == 0 || - strcasecmp(cp, "mil") == 0 || - strcasecmp(cp, "int") == 0 || - strcasecmp(cp, "nato") == 0 || - strcasecmp(cp, "arpa") == 0) - return (1); - return (0); -} - -int -cmpaddr(register const void *ip1, register const void *ip2) -{ - register u_int32_t a1, a2; - - a1 = (*(struct item **)ip1)->addr; - a2 = (*(struct item **)ip2)->addr; - - if (a1 < a2) - return (-1); - else if (a1 > a2) - return (1); - else - return (0); -} - -int -cmphost(register const void *ip1, register const void *ip2) -{ - register const char *s1, *s2; - - s1 = (*(struct item **)ip1)->host; - s2 = (*(struct item **)ip2)->host; - - return (strcasecmp(s1, s2)); -} - -/* Returns a pointer after the next token or quoted string, else NULL */ -char * -parsequoted(register char *cp) -{ - - if (*cp == '"') { - ++cp; - while (*cp != '"' && *cp != '\0') - ++cp; - if (*cp != '"') - return (NULL); - ++cp; - } else { - while (!isspace(*cp) && *cp != '\0') - ++cp; + /* Didn't find it, make new entry */ + ++itemcnt; + if (ip->host) { + fprintf(stderr, "%s: Reusing bucket!\n", prog); + exit(1); } - return (cp); + if (ap != NULL) + memmove(&ip->addr, ap, sizeof(*ap)); + ip->host = savestr(host); + if ((records & MASK_TEST_DUP) != 0) + checkdups(ip, records); + ip->records |= records; + if (ttl != 0) + ip->ttl = ttl; + ip->flags |= flags; + return (errs); } -__dead void +void usage(void) { - extern char version[]; fprintf(stderr, "Version %s\n", version); fprintf(stderr, "usage: %s [-d] [-b named.boot] [-B nslint.boot]\n", diff --git a/contrib/nslint-2.1a3/savestr.c b/contrib/nslint-3.0a2/savestr.c similarity index 90% rename from contrib/nslint-2.1a3/savestr.c rename to contrib/nslint-3.0a2/savestr.c index dad9d1a2ae..ac4eaef76f 100644 --- a/contrib/nslint-2.1a3/savestr.c +++ b/contrib/nslint-3.0a2/savestr.c @@ -21,14 +21,11 @@ #ifndef lint static const char rcsid[] = - "@(#) $Header: /u0/home/explorer/proj/ISC/git-conversion/cvsroot/bind9/contrib/nslint-2.1a3/savestr.c,v 1.1 2001/12/21 04:12:04 marka Exp $ (LBL)"; + "@(#) $Id: savestr.c,v 1.2 2006/03/09 02:27:11 leres Exp $ (LBL)"; #endif #include -#ifdef HAVE_MALLOC_H -#include -#endif #include #include diff --git a/contrib/nslint-2.1a3/savestr.h b/contrib/nslint-3.0a2/savestr.h similarity index 89% rename from contrib/nslint-2.1a3/savestr.h rename to contrib/nslint-3.0a2/savestr.h index 594baf8ccb..51b4402913 100644 --- a/contrib/nslint-2.1a3/savestr.h +++ b/contrib/nslint-3.0a2/savestr.h @@ -18,7 +18,7 @@ * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * @(#) $Header: /u0/home/explorer/proj/ISC/git-conversion/cvsroot/bind9/contrib/nslint-2.1a3/savestr.h,v 1.1 2001/12/21 04:12:05 marka Exp $ (LBL) + * @(#) $Header: savestr.h,v 1.1 97/04/22 13:30:21 leres Exp $ (LBL) */ extern char *savestr(const char *); diff --git a/contrib/nslint-2.1a3/strerror.c b/contrib/nslint-3.0a2/strerror.c similarity index 100% rename from contrib/nslint-2.1a3/strerror.c rename to contrib/nslint-3.0a2/strerror.c diff --git a/contrib/nslint-3.0a2/version.h b/contrib/nslint-3.0a2/version.h new file mode 100644 index 0000000000..879afc2808 --- /dev/null +++ b/contrib/nslint-3.0a2/version.h @@ -0,0 +1,3 @@ +/* @(#) $Id: version.h 239 2009-03-14 05:44:54Z leres $ (LBL) */ + +extern const char version[]; diff --git a/contrib/pkcs11-keygen/README b/contrib/pkcs11-keygen/README deleted file mode 100644 index caac9824d0..0000000000 --- a/contrib/pkcs11-keygen/README +++ /dev/null @@ -1 +0,0 @@ -Moved to ${top}/bin/pkcs11 diff --git a/contrib/.gitignore b/contrib/scripts/.gitignore similarity index 100% rename from contrib/.gitignore rename to contrib/scripts/.gitignore diff --git a/contrib/check-secure-delegation.pl.in b/contrib/scripts/check-secure-delegation.pl.in similarity index 100% rename from contrib/check-secure-delegation.pl.in rename to contrib/scripts/check-secure-delegation.pl.in diff --git a/contrib/check5011.pl b/contrib/scripts/check5011.pl similarity index 100% rename from contrib/check5011.pl rename to contrib/scripts/check5011.pl diff --git a/contrib/named-bootconf/named-bootconf.sh b/contrib/scripts/named-bootconf.sh similarity index 100% rename from contrib/named-bootconf/named-bootconf.sh rename to contrib/scripts/named-bootconf.sh diff --git a/contrib/nanny/nanny.pl b/contrib/scripts/nanny.pl similarity index 100% rename from contrib/nanny/nanny.pl rename to contrib/scripts/nanny.pl diff --git a/contrib/zone-edit.sh.in b/contrib/scripts/zone-edit.sh.in similarity index 100% rename from contrib/zone-edit.sh.in rename to contrib/scripts/zone-edit.sh.in diff --git a/contrib/zkt/CHANGELOG b/contrib/zkt-1.1.2/CHANGELOG similarity index 89% rename from contrib/zkt/CHANGELOG rename to contrib/zkt-1.1.2/CHANGELOG index 21af332623..792d26aa46 100644 --- a/contrib/zkt/CHANGELOG +++ b/contrib/zkt-1.1.2/CHANGELOG @@ -1,17 +1,82 @@ +zkt 1.1.2 -- 05. Dec 2012 + +* bug Fixed bug introduced by changes on inc_soa_serial() + +zkt 1.1.1 -- 27. Nov 2012 + +* bug Error fixed in zkt-conf in parsing the version number + +* misc inc_soa_serial() now returns 0 on success + +* bug Fixed bug in inc_serial() + The zone file wasn't closed on succesful change of the soa record. + Many thanks to Frederik Soderblom for fixing this. + +zkt 1.1 -- 30. Jan 2012 + +* misc Release numbering changed to three level "major.minor.revison" scheme + +* bug REMOVE_HOLD_TIME was set to 10 days only (Thanks to Chris Thompson) + +* doc Improved README file (Thanks to Jan-Piet Mens) + +* misc Fixed some typos in log messages + +* bug Fixed error in rollover.c (return code of genfirstkey() wasn't checked) + +* misc Default of KeySetDir changed from NULL to ".." (best for hierarchical mode) + Default Sig Lifetime changed from 10 days to 3 weeks (21 days) + Default ZSK lifetime changed from 3 months to 4 times the sig lifetime + Default KSK lifetime changed from 1 year to 2 years + Parameter checks in checkconfig() adapted. + KSK random device changed back from /dev/urandom to BIND default + (Be aware of some possibly long delay in key generation) + +* func New configure option to set the bind utility path manually (--enable-bindutil_path) + BIND_UTIL_PATH in config_zkt.h will no longer used + (Thanks to Mans Nilsson) + +* bug If nsec3 is turned on and KeyAlgo (or AddKeyAlgo) is RSHASHA1 + or DSA, genkey() uses algorithm type NSECRSASHA1 or NSEC3DSA instead. + (Thanks to Holger Wirtz) + +* bug Error in printconfigdiff() fixed. (Thanks to Holger Wirtz) + +* func Description added to (some of the) dnssec.conf parameters + +* func Adding a patch from Hrant Dadivanyan to always pre-publish ZSKs + +* misc Config file syntax changed to parameter names without underscores. + zkt-conf uses ZKT_VERSION string as config version + +* bug "make install-man" now installs all man page + +* bug Bug fixed in zfparse.c. zkt-conf was unable to detect an already + included dnskey.db file if another file was included. + +* misc destination dnssec-zkt removed from Makefile.in + +* func dki_prt_managedkeys() added to dki.c + zkt_list_managedkeys() added to zkt.c + zkt-ls has new option -M to print out a list of managed-keys + +* bug Bug fixed in the config parser (zconf.c). Couldn't parse + agorithm RSASHA512 correctly (Thanks to Michael Sinatra) + zkt 1.0 -- 15. June 2010 -* feat "/dev/urandom" check added to checkconfig() +* func "/dev/urandom" check added to checkconfig() -* feat Config compability switch (-C) added to zkt-conf +* func Config compability switch (-C) added to zkt-conf -* feat zkt-ls has a new switch -s to change sorting of domains from +* func zkt-ls has a new switch -s to change sorting of domains from subdomain before parent to subdomain below the parent -* feat "zkt-ls -T" prints only parent trust anchor +* func "zkt-ls -T" prints only parent trust anchor zkt 1.0rc1 -- 1. Apr 2010 (The 1.0 release was sponsored by DOMINIC(r) ) -* feat Several config parameter are printed now in a more consistent and +* func Several config parameter are printed now in a more consistent and user friendly form. SerialFormat "Incremental" could be abbreviated as "inc" on input. diff --git a/contrib/zkt/LICENSE b/contrib/zkt-1.1.2/LICENSE similarity index 100% rename from contrib/zkt/LICENSE rename to contrib/zkt-1.1.2/LICENSE diff --git a/contrib/zkt/Makefile.in b/contrib/zkt-1.1.2/Makefile.in similarity index 82% rename from contrib/zkt/Makefile.in rename to contrib/zkt-1.1.2/Makefile.in index 21219cd9d6..6daa47d168 100644 --- a/contrib/zkt/Makefile.in +++ b/contrib/zkt-1.1.2/Makefile.in @@ -55,30 +55,25 @@ OBJ_LS = $(SRC_LS:.c=.o) $(OBJ_KLS) MAN_LS = zkt-ls.8 PROG_LS= zkt-ls -SRC_ZKT = dnssec-zkt.c strlist.c zkt.c tcap.c -OBJ_ZKT = $(SRC_ZKT:.c=.o) -MAN_ZKT = dnssec-zkt.8 -PROG_ZKT= dnssec-zkt - SRC_SER = zkt-soaserial.c OBJ_SER = $(SRC_SER:.c=.o) #MAN_SER = zkt-soaserial.8 PROG_SER= zkt-soaserial -SRC_PRG = $(SRC_SIG) $(SRC_CNF) $(SRC_ZKT) $(SRC_LS) $(SRC_SER) $(SRC_KEY) +SRC_PRG = $(SRC_SIG) $(SRC_CNF) $(SRC_LS) $(SRC_SER) $(SRC_KEY) OBJ_PRG = $(SRC_PRG:.c=.o) -PROG_PRG= $(PROG_SIG) $(PROG_CNF) $(PROG_ZKT) $(PROG_LS) $(PROG_SER) $(PROG_KEY) +PROG_PRG= $(PROG_SIG) $(PROG_CNF) $(PROG_LS) $(PROG_SER) $(PROG_KEY) -MAN_ALL = $(MAN_ZKT) $(MAN_SIG) $(MAN_LS) $(MAN_CNF) $(MAN_KEY) +MAN_ALL = $(MAN_SIG) $(MAN_LS) $(MAN_CNF) $(MAN_KEY) OTHER = README README.logging TODO LICENSE CHANGELOG tags Makefile.in \ - configure examples -SAVE = $(HEADER) $(SRC_ALL) $(SRC_SIG) $(SRC_CNF) $(SRC_ZKT) $(SRC_KLS) \ + configure distribute.sh examples +SAVE = $(HEADER) $(SRC_ALL) $(SRC_SIG) $(SRC_CNF) $(SRC_KLS) \ $(SRC_LS) $(SRC_KEY) $(SRC_SER) $(OTHER) \ man configure.ac config.h.in doc #MNTSAVE = $(SAVE) configure.ac config.h.in doc -all: $(PROG_CNF) $(PROG_ZKT) $(PROG_LS) $(PROG_SIG) $(PROG_SER) $(PROG_KEY) +all: $(PROG_CNF) $(PROG_LS) $(PROG_SIG) $(PROG_SER) $(PROG_KEY) macos: ## for MAC OS (depreciated) macos: @@ -94,7 +89,6 @@ linux: $(PROG_SIG): $(OBJ_SIG) $(OBJ_ALL) Makefile $(CC) $(LDFLAGS) $(OBJ_SIG) $(OBJ_ALL) -o $(PROG_SIG) - ln -f $(PROG_SIG) dnssec-signer $(PROG_CNF): $(OBJ_CNF) $(OBJ_ALL) Makefile $(CC) $(LDFLAGS) $(OBJ_CNF) $(OBJ_ALL) -o $(PROG_CNF) @@ -102,9 +96,6 @@ $(PROG_CNF): $(OBJ_CNF) $(OBJ_ALL) Makefile $(PROG_KEY): $(OBJ_KEY) $(OBJ_ALL) Makefile $(CC) $(LDFLAGS) $(LIBS) $(OBJ_KEY) $(OBJ_ALL) -o $(PROG_KEY) -$(PROG_ZKT): $(OBJ_ZKT) $(OBJ_ALL) Makefile - $(CC) $(LDFLAGS) $(LIBS) $(OBJ_ZKT) $(OBJ_ALL) -o $(PROG_ZKT) - $(PROG_LS): $(OBJ_LS) $(OBJ_ALL) Makefile $(CC) $(LDFLAGS) $(LIBS) $(OBJ_LS) $(OBJ_ALL) -o $(PROG_LS) @@ -114,12 +105,12 @@ $(PROG_SER): $(OBJ_SER) Makefile install: ## install binaries in prefix/bin install: $(PROG_PRG) test -d $(prefix)/bin || mkdir -p $(prefix)/bin - cp dnssec-signer $(PROG_PRG) $(prefix)/bin/ + cp $(PROG_PRG) $(prefix)/bin/ install-man: ## install man pages in mandir install-man: test -d $(mandir)/man8/ || mkdir -p $(mandir)/man8/ - cp -p man/$(MAN_ZKT) man/$(MAN_SIG) $(mandir)/man8/ + cp -p man/$(MAN_LS) man/$(MAN_SIG) man/$(MAN_KEY) man/$(MAN_CNF) $(mandir)/man8/ @@ -182,7 +173,7 @@ help: ## all dependicies #:r !make depend -#gcc -MM -g -DHAVE_CONFIG_H -I. -Wall -Wmissing-prototypes zkt-signer.c zone.c ncparse.c rollover.c nscomm.c soaserial.c zkt-conf.c zfparse.c dnssec-zkt.c strlist.c zkt.c tcap.c zkt-ls.c strlist.c zkt.c tcap.c zkt-soaserial.c dki.c misc.c domaincmp.c zconf.c log.c +#gcc -MM -g -DHAVE_CONFIG_H -I. -Wall -Wmissing-prototypes zkt-signer.c zone.c ncparse.c rollover.c nscomm.c soaserial.c zkt-conf.c zfparse.c zkt-ls.c zkt-soaserial.c zkt-keyman.c dki.c misc.c domaincmp.c zconf.c log.c zkt-signer.o: zkt-signer.c config.h config_zkt.h zconf.h debug.h misc.h \ ncparse.h nscomm.h zone.h dki.h log.h soaserial.h rollover.h zone.o: zone.c config.h config_zkt.h debug.h domaincmp.h misc.h zconf.h \ @@ -198,19 +189,11 @@ zkt-conf.o: zkt-conf.c config.h config_zkt.h debug.h misc.h zconf.h \ zfparse.h zfparse.o: zfparse.c config.h config_zkt.h zconf.h log.h debug.h \ zfparse.h -dnssec-zkt.o: dnssec-zkt.c config.h config_zkt.h debug.h misc.h zconf.h \ - strlist.h dki.h zkt.h -strlist.o: strlist.c strlist.h -zkt.o: zkt.c config.h config_zkt.h dki.h misc.h zconf.h strlist.h \ - domaincmp.h tcap.h zkt.h -tcap.o: tcap.c config.h config_zkt.h tcap.h zkt-ls.o: zkt-ls.c config.h config_zkt.h debug.h misc.h zconf.h strlist.h \ dki.h tcap.h zkt.h -strlist.o: strlist.c strlist.h -zkt.o: zkt.c config.h config_zkt.h dki.h misc.h zconf.h strlist.h \ - domaincmp.h tcap.h zkt.h -tcap.o: tcap.c config.h config_zkt.h tcap.h zkt-soaserial.o: zkt-soaserial.c config.h config_zkt.h +zkt-keyman.o: zkt-keyman.c config.h config_zkt.h debug.h misc.h zconf.h \ + strlist.h dki.h zkt.h dki.o: dki.c config.h config_zkt.h debug.h domaincmp.h misc.h zconf.h \ dki.h misc.o: misc.c config.h config_zkt.h zconf.h log.h debug.h misc.h diff --git a/contrib/zkt/README b/contrib/zkt-1.1.2/README similarity index 63% rename from contrib/zkt/README rename to contrib/zkt-1.1.2/README index df1a3c609d..584fb4c7d9 100644 --- a/contrib/zkt/README +++ b/contrib/zkt-1.1.2/README @@ -1,7 +1,7 @@ # # README dnssec zone key tool # -# (c) March 2005 - Aug 2009 by Holger Zuleger hznet +# (c) March 2005 - Aug 2010 by Holger Zuleger hznet # (c) domaincmp() Aug 2005 by Karle Boss & H. Zuleger (kaho) # (c) zconf.c by Jeroen Masar & Holger Zuleger # @@ -16,13 +16,13 @@ The ZKT software is licenced under BSD (see LICENCE file) To build the software: a) Get the current version of zkt - $ wget http://www.hznet.de/dns/zkt/zkt-1.0.tar.gz + $ wget http://www.hznet.de/dns/zkt/zkt-1.1.tar.gz b) Unpack - $ tar xzvf zkt-1.0.tar.gz + $ tar xzvf zkt-1.1.tar.gz c) Change to source directory - $ cd zkt-1.0 + $ cd zkt-1.1 d) Run configure script $ ./configure @@ -45,8 +45,20 @@ b) (optional) Change default parameters $ zkt-conf -s -O "Zonedir: /var/named/zones" -w or use your prefered editor $ vi /var/named/dnssec.conf + (optional) You'll probably want to have zkt-ls work recursively + $ zkt-conf -s -O "Recursive: True" -w c) Prepare one of your zone for zkt - $ cd /var/name/zones/net/example.net # change dir to zone directory + $ cd /var/named/zones/net/example.net # change dir to zone directory $ cp zone.db # copy and rename existing zone file to "zone.db" - $ zkt-conf -w zone.db # create local dnssec.conf file and include dnskey.db into zone file + $ zkt-conf -w zone.db # create local dnssec.conf file and include dnskey.db into zone file + +d) Prepare for initial signing + $ cd /var/named/zones/net/example.net + $ touch zone.db.signed + $ zkt-signer -v -v -o example.net # -o is ORIGIN (i.e. zone name) + +e) Publish your zone + @ add `zone.db.signed' as zone file to your name server + @ publish DS contained in `dsset-example.net.' at your zone's parent + diff --git a/contrib/zkt/README.logging b/contrib/zkt-1.1.2/README.logging similarity index 95% rename from contrib/zkt/README.logging rename to contrib/zkt-1.1.2/README.logging index 7a069cbe5d..1dc458190e 100644 --- a/contrib/zkt/README.logging +++ b/contrib/zkt-1.1.2/README.logging @@ -65,10 +65,8 @@ Current logging messages: Key rollover events KSK key generation and revoking Zone reload resp. freeze/thaw of dynamic zone - LG_INFO: Currently none - planned: - Mesages for key generation and key status change - (e.g.: pre-publish -> activate; revoked -> removed etc.) + LG_INFO: + Messages for key generation/removal and ksk rollover LG_DEBUG: all "verbose" (-v) and "very verbose" (-v -v) messages Some recomended and useful logging settings diff --git a/contrib/zkt/TODO b/contrib/zkt-1.1.2/TODO similarity index 64% rename from contrib/zkt/TODO rename to contrib/zkt-1.1.2/TODO index 778f2c770f..8b3104ed2d 100644 --- a/contrib/zkt/TODO +++ b/contrib/zkt-1.1.2/TODO @@ -1,15 +1,10 @@ -TODO list as of zkt-0.99 +TODO list as of zkt-1.1 -general: - Renaming to zkt-? and split of the functions of dnssec-zkt to - separate commands - Fixed in zkt-1.0 (zkt-conf command) - -dnssec-zkt: +zkt-ls: feat option to specify the key age as remaining lifetime (Option -i inverse age ?). -dnssec-signer: +zkt-signer: bug Distribute_Cmd wouldn't work properly on dynamic zones (missing freeze, thaw; copy Keyfiles instead of signed zone file) @@ -26,18 +21,9 @@ dnssec-signer: data in the hosted domain. In other words: It's highly recommended to use the option -r when you use zkt-signer on a production zone. - Then the time of propagation is (more or less) equal to the timestamp + Than the time of propagation is (more or less) equal to the timestamp of the zone.db.signed file. - bug The max_TTL parameter should be set to the value found - in the zone. A mechanism for setting up a dnssec.conf file - for the zone specific TTL values is needed. - Fixed in zkt-1.0 (zkt-conf command) - -zkt-conf: - port Option -C (compability) to create older config files - misc Change syntax of config parameters to a more uniq form (e.g. no "_" char) - zkt-rollover: feat New command to roll keys independent of zone signing (Usefull for dynamic zones managed by BIND9.7) diff --git a/contrib/zkt/config.h.in b/contrib/zkt-1.1.2/config.h.in similarity index 100% rename from contrib/zkt/config.h.in rename to contrib/zkt-1.1.2/config.h.in diff --git a/contrib/zkt/config_zkt.h b/contrib/zkt-1.1.2/config_zkt.h similarity index 88% rename from contrib/zkt/config_zkt.h rename to contrib/zkt-1.1.2/config_zkt.h index 21ca84069c..a8feb2ae79 100644 --- a/contrib/zkt/config_zkt.h +++ b/contrib/zkt-1.1.2/config_zkt.h @@ -80,6 +80,10 @@ # define ALWAYS_CHECK_KEYSETFILES 1 #endif +#ifndef ALLOW_ALWAYS_PREPUBLISH_ZSK +# define ALLOW_ALWAYS_PREPUBLISH_ZSK 1 +#endif + #ifndef CONFIG_PATH # define CONFIG_PATH "/var/named/" #endif @@ -89,20 +93,19 @@ # define USE_TREE 1 #endif -/* BIND version and utility path will be set by ./configure script */ -#ifndef BIND_VERSION -# define BIND_VERSION 942 -#endif - +/* BIND version and utility path *must* be set by ./configure script */ #ifndef BIND_UTIL_PATH -# define BIND_UTIL_PATH "/usr/local/sbin/" +# error ("BIND_UTIL_PATH not set. Please run configure with --enable-bind_util_path="); +#endif +#ifndef BIND_VERSION +# define BIND_VERSION 970 #endif #ifndef ZKT_VERSION # if defined(USE_TREE) && USE_TREE -# define ZKT_VERSION "vT0.99c (c) Feb 2005 - Aug 2009 Holger Zuleger hznet.de" +# define ZKT_VERSION "vT1.1.0 (c) Feb 2005 - Jan 2012 Holger Zuleger hznet.de" # else -# define ZKT_VERSION "v0.99c (c) Feb 2005 - Aug 2009 Holger Zuleger hznet.de" +# define ZKT_VERSION "v1.1.0 (c) Feb 2005 - Jan 2012 Holger Zuleger hznet.de" # endif #endif diff --git a/contrib/zkt/configure b/contrib/zkt-1.1.2/configure similarity index 98% rename from contrib/zkt/configure rename to contrib/zkt-1.1.2/configure index 6f34793f0a..97cbbd2410 100755 --- a/contrib/zkt/configure +++ b/contrib/zkt-1.1.2/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.61 for ZKT 1.0. +# Generated by GNU Autoconf 2.61 for ZKT 1.1.2. # # Report bugs to . # @@ -574,8 +574,8 @@ SHELL=${CONFIG_SHELL-/bin/sh} # Identity of this package. PACKAGE_NAME='ZKT' PACKAGE_TARNAME='zkt' -PACKAGE_VERSION='1.0' -PACKAGE_STRING='ZKT 1.0' +PACKAGE_VERSION='1.1.2' +PACKAGE_STRING='ZKT 1.1.2' PACKAGE_BUGREPORT='Holger Zuleger hznet.de' ac_unique_file="zkt-signer.c" @@ -1179,7 +1179,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures ZKT 1.0 to adapt to many kinds of systems. +\`configure' configures ZKT 1.1.2 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1240,13 +1240,16 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of ZKT 1.0:";; + short | recursive ) echo "Configuration of ZKT 1.1.2:";; esac cat <<\_ACEOF Optional Features: --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) --enable-FEATURE[=ARG] include FEATURE [ARG=yes] + --enable-bind_util_path=PATH + Define path to BIND utilities, default is path to + dnssec-signzone --disable-color-mode zkt without colors --enable-print-timezone print out timezone --enable-print-age print age with year @@ -1339,7 +1342,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -ZKT configure 1.0 +ZKT configure 1.1.2 generated by GNU Autoconf 2.61 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, @@ -1353,7 +1356,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by ZKT $as_me 1.0, which was +It was created by ZKT $as_me 1.1.2, which was generated by GNU Autoconf 2.61. Invocation command line was $ $0 $@ @@ -2639,7 +2642,25 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu ### find out the path to BIND utils and version -# Extract the first word of "dnssec-signzone", so it can be a program name with args. +# Check whether --enable-bind_util_path was given. +if test "${enable_bind_util_path+set}" = set; then + enableval=$enable_bind_util_path; bind_util_path=$enableval +fi + +if test -n "$bind_util_path" +then + if test -x "$bind_util_path/dnssec-signzone" + then + { echo "$as_me:$LINENO: BIND utilities path successfully set to $bind_util_path." >&5 +echo "$as_me: BIND utilities path successfully set to $bind_util_path." >&6;} + SIGNZONE_PROG=$bind_util_path/dnssec-signzone + else + { { echo "$as_me:$LINENO: error: *** 'BIND utility not found in $bind_util_path, please use --enable-bind_util_path= to set it manually' ***" >&5 +echo "$as_me: error: *** 'BIND utility not found in $bind_util_path, please use --enable-bind_util_path= to set it manually' ***" >&2;} + { (exit 1); exit 1; }; } + fi +else + # Extract the first word of "dnssec-signzone", so it can be a program name with args. set dummy dnssec-signzone; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } @@ -2679,25 +2700,32 @@ echo "${ECHO_T}no" >&6; } fi -if test -z "$SIGNZONE_PROG" ; then - { echo "$as_me:$LINENO: WARNING: *** 'BIND dnssec-signzone' missing, use default BIND_UTIL_PATH and BIND_VERSION setting out of config_zkt.h ***" >&5 -echo "$as_me: WARNING: *** 'BIND dnssec-signzone' missing, use default BIND_UTIL_PATH and BIND_VERSION setting out of config_zkt.h ***" >&2;} -else - bind_util_path=`dirname "$SIGNZONE_PROG"` - # define BIND_UTIL_PATH in config.h.in + if test -n "$SIGNZONE_PROG" + then + bind_util_path=`dirname "$SIGNZONE_PROG"` + { echo "$as_me:$LINENO: BIND utilities path automatically set to $bind_util_path." >&5 +echo "$as_me: BIND utilities path automatically set to $bind_util_path." >&6;} + else + { { echo "$as_me:$LINENO: error: *** 'could not determine BIND utility path, please use --enable-bind_util_path= ' to set it manually ***" >&5 +echo "$as_me: error: *** 'could not determine BIND utility path, please use --enable-bind_util_path= ' to set it manually ***" >&2;} + { (exit 1); exit 1; }; } + fi +fi +### By now, we have a path. We'll use it. +# define BIND_UTIL_PATH in config.h.in cat >>confdefs.h <<_ACEOF #define BIND_UTIL_PATH "$bind_util_path/" _ACEOF - # define BIND_VERSION in config.h.in - bind_version=`$SIGNZONE_PROG 2>&1 | grep "Version:" | tr -cd "[0-9]\012" | sed "s/^\(...\).*/\1/"` +# define BIND_VERSION in config.h.in +bind_version=`$SIGNZONE_PROG 2>&1 | grep "Version:" | tr -cd "[0-9]\012" | sed "s/^\(...\).*/\1/"` cat >>confdefs.h <<_ACEOF #define BIND_VERSION $bind_version _ACEOF -fi + ac_ext=c @@ -3713,7 +3741,6 @@ if test "${enable_printyear+set}" = set; then enableval=$enable_printyear; fi -test "$printyear" = yes && printyear=1 printyear=0 if test "$enable_printyear" = "yes"; then printyear=1 @@ -3836,7 +3863,7 @@ _ACEOF cat >>confdefs.h <<_ACEOF -#define ZKT_COPYRIGHT "(c) Feb 2005 - Mar 2010 Holger Zuleger hznet.de" +#define ZKT_COPYRIGHT "(c) Feb 2005 - Nov 2012 Holger Zuleger hznet.de" _ACEOF @@ -6505,7 +6532,7 @@ exec 6>&1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by ZKT $as_me 1.0, which was +This file was extended by ZKT $as_me 1.1.2, which was generated by GNU Autoconf 2.61. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -6554,7 +6581,7 @@ Report bugs to ." _ACEOF cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\\ -ZKT config.status 1.0 +ZKT config.status 1.1.2 configured by $0, generated by GNU Autoconf 2.61, with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\" diff --git a/contrib/zkt/configure.ac b/contrib/zkt-1.1.2/configure.ac similarity index 75% rename from contrib/zkt/configure.ac rename to contrib/zkt-1.1.2/configure.ac index c10790a2c9..6bdc5e99c6 100644 --- a/contrib/zkt/configure.ac +++ b/contrib/zkt-1.1.2/configure.ac @@ -12,13 +12,15 @@ # 2008-10-01 if BIND_UTIL_PATH check failed, use config_zkt.h setting as last resort # 2009-07-30 check for timegm() added # 2009-12-02 the tr command in bind_version= didn't work well under solaris +# 2010-10-14 new option to specify BIND_UTIL_PATH on command line (thanks to Mans Nilsson) +# No build in default BIND_UTIL_PATH used anymore # dnl AC_PREREQ(2.59) ### Package name and current version -AC_INIT(ZKT, 1.0, Holger Zuleger hznet.de) -dnl AC_REVISION($Revision: 1.2 $) +AC_INIT(ZKT, 1.1.2, Holger Zuleger hznet.de) +dnl AC_REVISION($Revision: 1.397 $) ### Files to test to check if src dir contains the package AC_CONFIG_SRCDIR([zkt-signer.c]) @@ -29,17 +31,33 @@ AC_CONFIG_HEADER([config.h]) AC_PROG_CC ### find out the path to BIND utils and version -AC_PATH_PROG([SIGNZONE_PROG], dnssec-signzone) -if test -z "$SIGNZONE_PROG" ; then - AC_MSG_WARN([*** 'BIND dnssec-signzone' missing, use default BIND_UTIL_PATH and BIND_VERSION setting out of config_zkt.h ***]) +AC_ARG_ENABLE([bind_util_path], AS_HELP_STRING( [--enable-bind_util_path=PATH], [Define path to BIND utilities, default is path to dnssec-signzone]), [bind_util_path=$enableval]) +if test -n "$bind_util_path" +then + if test -x "$bind_util_path/dnssec-signzone" + then + AC_MSG_NOTICE([BIND utilities path successfully set to $bind_util_path.]) + SIGNZONE_PROG=$bind_util_path/dnssec-signzone + else + AC_MSG_ERROR([*** 'BIND utility not found in $bind_util_path, please use --enable-bind_util_path= to set it manually' ***]) + fi else - bind_util_path=`dirname "$SIGNZONE_PROG"` - # define BIND_UTIL_PATH in config.h.in - AC_DEFINE_UNQUOTED(BIND_UTIL_PATH, "$bind_util_path/", Path to BIND utilities) - # define BIND_VERSION in config.h.in - bind_version=`$SIGNZONE_PROG 2>&1 | grep "Version:" | tr -cd "[[0-9]]\012" | sed "s/^\(...\).*/\1/"` - AC_DEFINE_UNQUOTED(BIND_VERSION, $bind_version, BIND version as integer number without dots) + AC_PATH_PROG([SIGNZONE_PROG], dnssec-signzone) + if test -n "$SIGNZONE_PROG" + then + bind_util_path=`dirname "$SIGNZONE_PROG"` + AC_MSG_NOTICE([BIND utilities path automatically set to $bind_util_path.]) + else + AC_MSG_ERROR([*** 'could not determine BIND utility path, please use --enable-bind_util_path= ' to set it manually ***]) + fi fi +### By now, we have a path. We'll use it. +# define BIND_UTIL_PATH in config.h.in +AC_DEFINE_UNQUOTED(BIND_UTIL_PATH, "$bind_util_path/", Path to BIND utilities) +# define BIND_VERSION in config.h.in +bind_version=`$SIGNZONE_PROG 2>&1 | grep "Version:" | tr -cd "[[0-9]]\012" | sed "s/^\(...\).*/\1/"` +AC_DEFINE_UNQUOTED(BIND_VERSION, $bind_version, BIND version as integer number without dots) + AC_CHECK_TYPE(uint, unsigned int) AC_CHECK_TYPE(ulong, unsigned long) @@ -68,7 +86,6 @@ AS_IF([test "$enable_printtimezone" = "yes"], [printtimezone=1]) AC_DEFINE_UNQUOTED(PRINT_TIMEZONE, $printtimezone, print out timezone) AC_ARG_ENABLE([printyear], AS_HELP_STRING( [--enable-print-age], [print age with year])) -test "$printyear" = yes && printyear=1 printyear=0 AS_IF([test "$enable_printyear" = "yes"], [printyear=1]) AC_DEFINE_UNQUOTED(PRINT_AGE_WITH_YEAR, $printyear, print age with year) @@ -123,7 +140,7 @@ fi AC_DEFINE_UNQUOTED(USE_TREE, $usetree, Use TREE data structure for dnssec-zkt) AC_DEFINE_UNQUOTED(ZKT_VERSION, "$t$PACKAGE_VERSION", ZKT version string) -AC_DEFINE_UNQUOTED(ZKT_COPYRIGHT, "(c) Feb 2005 - Mar 2010 Holger Zuleger hznet.de", ZKT copyright string) +AC_DEFINE_UNQUOTED(ZKT_COPYRIGHT, "(c) Feb 2005 - Nov 2012 Holger Zuleger hznet.de", ZKT copyright string) ### Checks for libraries. diff --git a/contrib/zkt/debug.h b/contrib/zkt-1.1.2/debug.h similarity index 100% rename from contrib/zkt/debug.h rename to contrib/zkt-1.1.2/debug.h diff --git a/contrib/zkt-1.1.2/distribute.sh b/contrib/zkt-1.1.2/distribute.sh new file mode 100755 index 0000000000..d9e958952c --- /dev/null +++ b/contrib/zkt-1.1.2/distribute.sh @@ -0,0 +1,82 @@ +################################################################# +# +# @(#) distribute.sh -- distribute and reload command for dnssec-signer +# +# (c) Jul 2008 Holger Zuleger hznet.de +# +# Feb 2010 action "distkeys" added but currently not used +# +# This shell script will be run by zkt-signer as a distribution +# and reload command if: +# +# a) the dnssec.conf file parameter Distribute_Cmd: points +# to this file +# and +# b) the user running the zkt-signer command is not +# root (uid==0) +# and +# c) the owner of this shell script is the same as the +# running user and the access rights don't allow writing +# for anyone except the owner +# or +# d) the group of this shell script is the same as the +# running user and the access rights don't allow writing +# for anyone except the group +# +################################################################# + +# set path to rndc and scp +PATH="/bin:/usr/bin:/usr/local/sbin" + +# remote server and directory +server=localhost # fqdn of remote name server +dir=/var/named # zone directory on remote name server + +progname=$0 +usage() +{ + echo "usage: $progname distkeys|distribute|reload []" 1>&2 + test $# -gt 0 && echo $* 1>&2 + exit 1 +} + +if test $# -lt 3 +then + usage +fi +action="$1" +zone="$2" +zonefile="$3" +view="" +test $# -gt 3 && view="$4" + +case $action in +distkeys) + if test -n "$view" + then + : echo "scp K$zone+* $server:$dir/$view/$zone/" + scp K$zone+* $server:$dir/$view/$zone/ + else + : echo "scp K$zone+* $server:$dir/$zone/" + scp K$zone+* $server:$dir/$zone/ + fi + ;; +distribute) + if test -n "$view" + then + : echo "scp $zonefile $server:$dir/$view/$zone/" + scp $zonefile $server:$dir/$view/$zone/ + else + : echo "scp $zonefile $server:$dir/$zone/" + scp $zonefile $server:$dir/$zone/ + fi + ;; +reload) + : echo "rndc $action $zone $view" + rndc $action $zone $view + ;; +*) + usage "illegal action $action" + ;; +esac + diff --git a/contrib/zkt/dki.c b/contrib/zkt-1.1.2/dki.c similarity index 97% rename from contrib/zkt/dki.c rename to contrib/zkt-1.1.2/dki.c index 5cd2fa21e6..80fa5cefe2 100644 --- a/contrib/zkt/dki.c +++ b/contrib/zkt-1.1.2/dki.c @@ -789,6 +789,39 @@ int dki_prt_trustedkey (const dki_t *dkp, FILE *fp) return len; } +/***************************************************************** +** dki_prt_managedkey () +*****************************************************************/ +int dki_prt_managedkey (const dki_t *dkp, FILE *fp) +{ + char *p; + int spaces; + int len = 0; + + if ( dkp == NULL ) + return len; + len += fprintf (fp, "\"%s\" ", dkp->name); + spaces = 22 - (strlen (dkp->name) + 3); + len += fprintf (fp, "initial-key "); + spaces -= 13; + len += fprintf (fp, "%*s", spaces > 0 ? spaces : 0 , " "); + len += fprintf (fp, "%d 3 %d ", dkp->flags, dkp->algo); + if ( spaces < 0 ) + len += fprintf (fp, "\n\t\t\t%7s", " "); + len += fprintf (fp, "\""); + for ( p = dkp->pubkey; *p ; p++ ) + if ( *p == ' ' ) + len += fprintf (fp, "\n\t\t\t\t"); + else + putc (*p, fp), len += 1; + + if ( dki_isrevoked (dkp) ) + len += fprintf (fp, "\" ; # key id = %u (original key id = %u)\n\n", (dkp->tag + 128) % 65535, dkp->tag); + else + len += fprintf (fp, "\" ; # key id = %u\n\n", dkp->tag); + return len; +} + /***************************************************************** ** dki_cmp () return <0 | 0 | >0 diff --git a/contrib/zkt/dki.h b/contrib/zkt-1.1.2/dki.h similarity index 99% rename from contrib/zkt/dki.h rename to contrib/zkt-1.1.2/dki.h index d0712b14bf..caedddb483 100644 --- a/contrib/zkt/dki.h +++ b/contrib/zkt-1.1.2/dki.h @@ -151,6 +151,7 @@ extern int dki_allcmp (const dki_t *a, const dki_t *b); extern dki_t *dki_read (const char *dir, const char *fname); extern int dki_readdir (const char *dir, dki_t **listp, int recursive); extern int dki_prt_trustedkey (const dki_t *dkp, FILE *fp); +extern int dki_prt_managedkey (const dki_t *dkp, FILE *fp); extern int dki_prt_dnskey (const dki_t *dkp, FILE *fp); extern int dki_prt_dnskeyttl (const dki_t *dkp, FILE *fp, int ttl); extern int dki_prt_dnskey_raw (const dki_t *dkp, FILE *fp); diff --git a/contrib/zkt/doc/KeyRollover.ms b/contrib/zkt-1.1.2/doc/KeyRollover.ms similarity index 100% rename from contrib/zkt/doc/KeyRollover.ms rename to contrib/zkt-1.1.2/doc/KeyRollover.ms diff --git a/contrib/zkt-1.1.2/doc/KeyRollover.ps b/contrib/zkt-1.1.2/doc/KeyRollover.ps new file mode 100644 index 0000000000..7f22fdead4 --- /dev/null +++ b/contrib/zkt-1.1.2/doc/KeyRollover.ps @@ -0,0 +1,304 @@ +%!PS-Adobe-3.0 +%%Creator: groff version 1.19.2 +%%CreationDate: Mon Jul 14 23:23:30 2008 +%%DocumentNeededResources: font Times-Bold +%%+ font Times-Roman +%%+ font Courier +%%+ font Symbol +%%DocumentSuppliedResources: procset grops 1.19 2 +%%Pages: 1 +%%PageOrder: Ascend +%%DocumentMedia: Default 595 842 0 () () +%%Orientation: Portrait +%%EndComments +%%BeginDefaults +%%PageMedia: Default +%%EndDefaults +%%BeginProlog +%%BeginResource: procset grops 1.19 2 +%!PS-Adobe-3.0 Resource-ProcSet +/setpacking where{ +pop +currentpacking +true setpacking +}if +/grops 120 dict dup begin +/SC 32 def +/A/show load def +/B{0 SC 3 -1 roll widthshow}bind def +/C{0 exch ashow}bind def +/D{0 exch 0 SC 5 2 roll awidthshow}bind def +/E{0 rmoveto show}bind def +/F{0 rmoveto 0 SC 3 -1 roll widthshow}bind def +/G{0 rmoveto 0 exch ashow}bind def +/H{0 rmoveto 0 exch 0 SC 5 2 roll awidthshow}bind def +/I{0 exch rmoveto show}bind def +/J{0 exch rmoveto 0 SC 3 -1 roll widthshow}bind def +/K{0 exch rmoveto 0 exch ashow}bind def +/L{0 exch rmoveto 0 exch 0 SC 5 2 roll awidthshow}bind def +/M{rmoveto show}bind def +/N{rmoveto 0 SC 3 -1 roll widthshow}bind def +/O{rmoveto 0 exch ashow}bind def +/P{rmoveto 0 exch 0 SC 5 2 roll awidthshow}bind def +/Q{moveto show}bind def +/R{moveto 0 SC 3 -1 roll widthshow}bind def +/S{moveto 0 exch ashow}bind def +/T{moveto 0 exch 0 SC 5 2 roll awidthshow}bind def +/SF{ +findfont exch +[exch dup 0 exch 0 exch neg 0 0]makefont +dup setfont +[exch/setfont cvx]cvx bind def +}bind def +/MF{ +findfont +[5 2 roll +0 3 1 roll +neg 0 0]makefont +dup setfont +[exch/setfont cvx]cvx bind def +}bind def +/level0 0 def +/RES 0 def +/PL 0 def +/LS 0 def +/MANUAL{ +statusdict begin/manualfeed true store end +}bind def +/PLG{ +gsave newpath clippath pathbbox grestore +exch pop add exch pop +}bind def +/BP{ +/level0 save def +1 setlinecap +1 setlinejoin +72 RES div dup scale +LS{ +90 rotate +}{ +0 PL translate +}ifelse +1 -1 scale +}bind def +/EP{ +level0 restore +showpage +}def +/DA{ +newpath arcn stroke +}bind def +/SN{ +transform +.25 sub exch .25 sub exch +round .25 add exch round .25 add exch +itransform +}bind def +/DL{ +SN +moveto +SN +lineto stroke +}bind def +/DC{ +newpath 0 360 arc closepath +}bind def +/TM matrix def +/DE{ +TM currentmatrix pop +translate scale newpath 0 0 .5 0 360 arc closepath +TM setmatrix +}bind def +/RC/rcurveto load def +/RL/rlineto load def +/ST/stroke load def +/MT/moveto load def +/CL/closepath load def +/Fr{ +setrgbcolor fill +}bind def +/setcmykcolor where{ +pop +/Fk{ +setcmykcolor fill +}bind def +}if +/Fg{ +setgray fill +}bind def +/FL/fill load def +/LW/setlinewidth load def +/Cr/setrgbcolor load def +/setcmykcolor where{ +pop +/Ck/setcmykcolor load def +}if +/Cg/setgray load def +/RE{ +findfont +dup maxlength 1 index/FontName known not{1 add}if dict begin +{ +1 index/FID ne{def}{pop pop}ifelse +}forall +/Encoding exch def +dup/FontName exch def +currentdict end definefont pop +}bind def +/DEFS 0 def +/EBEGIN{ +moveto +DEFS begin +}bind def +/EEND/end load def +/CNT 0 def +/level1 0 def +/PBEGIN{ +/level1 save def +translate +div 3 1 roll div exch scale +neg exch neg exch translate +0 setgray +0 setlinecap +1 setlinewidth +0 setlinejoin +10 setmiterlimit +[]0 setdash +/setstrokeadjust where{ +pop +false setstrokeadjust +}if +/setoverprint where{ +pop +false setoverprint +}if +newpath +/CNT countdictstack def +userdict begin +/showpage{}def +/setpagedevice{}def +}bind def +/PEND{ +countdictstack CNT sub{end}repeat +level1 restore +}bind def +end def +/setpacking where{ +pop +setpacking +}if +%%EndResource +%%EndProlog +%%BeginSetup +%%BeginFeature: *PageSize Default +<< /PageSize [ 595 842 ] /ImagingBBox null >> setpagedevice +%%EndFeature +%%IncludeResource: font Times-Bold +%%IncludeResource: font Times-Roman +%%IncludeResource: font Courier +%%IncludeResource: font Symbol +grops begin/DEFS 1 dict def DEFS begin/u{.001 mul}bind def end/RES 72 +def/PL 841.89 def/LS false def/ENC0[/asciicircum/asciitilde/Scaron +/Zcaron/scaron/zcaron/Ydieresis/trademark/quotesingle/Euro/.notdef +/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef +/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef +/.notdef/.notdef/.notdef/space/exclam/quotedbl/numbersign/dollar/percent +/ampersand/quoteright/parenleft/parenright/asterisk/plus/comma/hyphen +/period/slash/zero/one/two/three/four/five/six/seven/eight/nine/colon +/semicolon/less/equal/greater/question/at/A/B/C/D/E/F/G/H/I/J/K/L/M/N/O +/P/Q/R/S/T/U/V/W/X/Y/Z/bracketleft/backslash/bracketright/circumflex +/underscore/quoteleft/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y +/z/braceleft/bar/braceright/tilde/.notdef/quotesinglbase/guillemotleft +/guillemotright/bullet/florin/fraction/perthousand/dagger/daggerdbl +/endash/emdash/ff/fi/fl/ffi/ffl/dotlessi/dotlessj/grave/hungarumlaut +/dotaccent/breve/caron/ring/ogonek/quotedblleft/quotedblright/oe/lslash +/quotedblbase/OE/Lslash/.notdef/exclamdown/cent/sterling/currency/yen +/brokenbar/section/dieresis/copyright/ordfeminine/guilsinglleft +/logicalnot/minus/registered/macron/degree/plusminus/twosuperior +/threesuperior/acute/mu/paragraph/periodcentered/cedilla/onesuperior +/ordmasculine/guilsinglright/onequarter/onehalf/threequarters +/questiondown/Agrave/Aacute/Acircumflex/Atilde/Adieresis/Aring/AE +/Ccedilla/Egrave/Eacute/Ecircumflex/Edieresis/Igrave/Iacute/Icircumflex +/Idieresis/Eth/Ntilde/Ograve/Oacute/Ocircumflex/Otilde/Odieresis +/multiply/Oslash/Ugrave/Uacute/Ucircumflex/Udieresis/Yacute/Thorn +/germandbls/agrave/aacute/acircumflex/atilde/adieresis/aring/ae/ccedilla +/egrave/eacute/ecircumflex/edieresis/igrave/iacute/icircumflex/idieresis +/eth/ntilde/ograve/oacute/ocircumflex/otilde/odieresis/divide/oslash +/ugrave/uacute/ucircumflex/udieresis/yacute/thorn/ydieresis]def +/Courier@0 ENC0/Courier RE/Times-Roman@0 ENC0/Times-Roman RE +/Times-Bold@0 ENC0/Times-Bold RE +%%EndSetup +%%Page: 1 1 +%%BeginPageSetup +BP +%%EndPageSetup +/F0 10/Times-Bold@0 SF 2.5(1. DNS)72 84 R -.25(Ke)2.5 G 2.5(yS).25 G +(tatus T)-2.5 E(ypes and Filenames)-.74 E -.25(Ke)189.22 105.6 S 63.235 +(yF).25 G 40.415(ilename used)-63.235 F -.25(fo)2.5 G 29.33(rd).25 G +(nssec-zkt)-29.33 E -.74(Ty)168.35 117.6 S 12.5(pe Flags).74 F 23.57 +(public pri)16.95 F -.1(va)-.1 G 21.62(te signing?).1 F(label)40.72 E +(Status)99.34 111.6 Q .4 LW 473.8 122.1 72 122.1 DL/F1 10/Times-Roman@0 +SF(acti)72 131.6 Q 70.67 -.15(ve Z)-.25 H 18.43(SK 256).15 F(.k)18.89 E +26.69 -.15(ey .)-.1 H(pri).15 E -.25(va)-.25 G 46.605(te y).25 F/F2 10 +/Courier@0 SF(act ive)30.285 E F1 17.32(KSK 257)168.35 143.6 R(.k)18.89 +E 26.69 -.15(ey .)-.1 H(pri).15 E -.25(va)-.25 G 46.605(te y).25 F F2 +(act ive)30.285 E F1 54.96(published ZSK)72 158 R 16.39(256 .k)20.93 F +26.69 -.15(ey .)-.1 H 34.985(published n).15 F F2(pub lished)30.285 E F1 +17.32(KSK 257)168.35 170 R(.k)18.89 E 26.69 -.15(ey .)-.1 H(pri).15 E +-.25(va)-.25 G 46.605(te n).25 F F2(sta ndby)30.285 E F1 +(depreciated \(retired\))72 184.4 Q 18.43(ZSK 256)15 F(.k)18.89 E 26.69 +-.15(ey .)-.1 H 27.785(depreciated n).15 F F2(dep reciated)30.285 E F1 +(re)72 198.8 Q -.2(vo)-.25 G -.1(ke).2 G 64.69(dK).1 G 17.32(SK 385) +-64.69 F(.k)18.89 E 26.69 -.15(ey .)-.1 H(pri).15 E -.25(va)-.25 G +46.605(te y).25 F F2(rev oked)30.285 E F1(remo)72 213.2 Q -.15(ve)-.15 G +61.66(dK).15 G 17.32(SK 257)-61.66 F(k*.k)18.89 E 16.69 -.15(ey k)-.1 H +(*.pri).15 E -.25(va)-.25 G 36.605(te n).25 F F2(-)30.285 E F1 80.52 +(sep KSK)72 227.6 R 16.39(257 .k)19.82 F 26.69 -.15(ey -)-.1 H(n)75.695 +E F2(sep)30.285 E 394.3 96.1 394.3 230.1 DL 343.73 96.1 343.73 230.1 DL +280.14 108.1 280.14 230.1 DL 234.56 96.1 234.56 230.1 DL 196.78 108.1 +196.78 230.1 DL 160.85 96.1 160.85 230.1 DL F0 2.5(2. K)72 257.6 R(ey r) +-.25 E(ollo)-.18 E -.1(ve)-.1 G(r).1 E 2.5(2.1. Zone)72 285.2 R +(signing k)2.5 E(ey r)-.1 E(ollo)-.18 E -.1(ve)-.1 G 2.5(r\().1 G(pr) +-2.5 E(e-publish RFC4641\))-.18 E 57.47(action cr)75.34 306.8 R 27.035 +(eate change)-.18 F -.18(re)23.045 G(mo).18 E -.1(ve)-.1 G -.1(ke)72 +318.8 S 65.025(ys newk).1 F 24.395(ey sig)-.1 F -.1(ke)2.5 G 23.775(yo) +.1 G(ld k)-23.775 E(ey)-.1 E 301.18 323.3 72 323.3 DL F1 23.62 +(zsk1 acti)72 332.8 R 12.8 -.15(ve a)-.25 H(cti).15 E 28.21 -.15(ve d) +-.25 H(epreciated).15 E 62.1(zsk2 published)72 344.8 R(acti)15 E 35.41 +-.15(ve a)-.25 H(cti).15 E -.15(ve)-.25 G 12.5(RRSIG zsk1)72 360.4 R +33.06(zsk1 zsk2)20.15 F(zsk2)42.76 E 262.41 297.3 262.41 362.9 DL 201.32 +297.3 201.32 362.9 DL 147.43 297.3 147.43 362.9 DL 108.95 309.3 108.95 +362.9 DL F0 2.5(2.2. K)72 390.4 R(ey signing k)-.25 E(ey r)-.1 E(ollo) +-.18 E -.1(ve)-.1 G 2.5(r\().1 G(double signatur)-2.5 E 2.5(eR)-.18 G +(FC4641\))-2.5 E 58.165(action cr)118.39 412 R 26.63(eate change)-.18 F +-.18(re)21.945 G(mo).18 E -.1(ve)-.1 G -.1(ke)72 424 S 108.77(ys newk).1 +F 16.58(ey delegation)-.1 F(old k)15.265 E(ey)-.1 E 343.42 428.5 72 +428.5 DL F1(ksk)72 438 Q(1)5 I(acti)68.61 -5 M 12.8 -.15(ve a)-.25 H +(cti).15 E 29.6 -.15(ve a)-.25 H(cti).15 E -.15(ve)-.25 G(ksk)72 450 Q +(2)5 I(acti)107.09 -5 M 29.6 -.15(ve a)-.25 H(cti).15 E 33.21 -.15(ve a) +-.25 H(cti).15 E -.15(ve)-.25 G(DNSKEY RRSIG)72 465.6 Q 17.09 +(ksk1 ksk1,ksk2)15 F 16.11(ksk1,ksk2 ksk2)15 F(DS at parent)72 481.2 Q +(DS)37.51 E(1)5 I(DS)20.7 -5 M(1)5 I(DS)37.5 -5 M(2)5 I(DS)41.11 -5 M(2) +5 I 304.65 402.5 304.65 483.7 DL 245.76 402.5 245.76 483.7 DL 190.48 +402.5 190.48 483.7 DL 152 414.5 152 483.7 DL F0 2.5(2.3. K)72 511.2 R +(ey signing k)-.25 E(ey r)-.1 E(ollo)-.18 E -.1(ve)-.1 G 2.5(r\().1 G +(rfc5011\))-2.5 E 63.465(action newk)118.39 532.8 R 19.855(ey change)-.1 +F(delegation)2.5 E -.1(ke)72 544.8 S 112.32(ys &).1 F -.18(ro)2.5 G(llo) +.18 E -.1(ve)-.1 G 15.525(r&).1 G -.18(re)-13.025 G(mo).18 E .2 -.1 +(ve o)-.1 H(ld k).1 E(ey)-.1 E 341.33 549.3 72 549.3 DL F1(ksk)72 558.8 +Q(1)5 I(acti)68.61 -5 M 20.43 -.15(ve r)-.25 H -2.2 -.25(ev o).15 H -.1 +(ke).25 G<87>.1 -2.4 M(ksk)72 570.8 Q(2)5 I 12.5(standby acti)68.61 -5 N +33.65 -.15(ve a)-.25 H(cti).15 E -.15(ve)-.25 G(ksk)72 582.8 Q(3)5 I +(standby)114.72 -5 M<88>-2.4 I(standby)23.22 2.4 M(DNSKEY RRSIG)72 598.4 +Q 24.72(ksk1 ksk1,ksk2)15 F(ksk2)19.05 E -.15(Pa)72 614 S(rent DS).15 E +(DS)46.82 E(1)5 I(DS)28.33 -5 M(1)5 I(DS)41.55 -5 M(2)5 I(DS)159.5 626 Q +(2)5 I(DS)28.33 -5 M(2)5 I(DS)41.55 -5 M(3)5 I 257.44 523.3 257.44 628.5 +DL 198.11 523.3 198.11 628.5 DL 152 535.3 152 628.5 DL<87>72 645.2 Q(Ha) +2.5 2.4 M .3 -.15(ve t)-.2 H 2.5(or).15 G(emain until the remo)-2.5 E .3 +-.15(ve h)-.15 H(old-do).15 E(wn time is e)-.25 E +(xpired, which is 30days at a minimum.)-.15 E<88>72 660.8 Q -.4(Wi)2.5 +2.4 O(ll be the standby k).4 E .3 -.15(ey a)-.1 H(fter the hold-do).15 E +(wn time is e)-.25 E(xpired)-.15 E(Add holdtime)72 675.2 Q/F3 10/Symbol +SF(=)2.5 E F1(max\(30days, TTL of DNSKEY\))2.5 E 0 Cg EP +%%Trailer +end +%%EOF diff --git a/contrib/zkt-1.1.2/doc/draft-gudmundsson-life-of-dnskey-00.txt b/contrib/zkt-1.1.2/doc/draft-gudmundsson-life-of-dnskey-00.txt new file mode 100644 index 0000000000..18cda6c742 --- /dev/null +++ b/contrib/zkt-1.1.2/doc/draft-gudmundsson-life-of-dnskey-00.txt @@ -0,0 +1,616 @@ + + + +Intended Status: Informational O. Gudmundsson +Network Working Group OGUD Consulting LLC +Internet-Draft J. Ihren +Expires: August 21, 2008 AAB + February 18, 2008 + + + Names of States in the life of a DNSKEY + draft-gudmundsson-life-of-dnskey-00 + +Status of this Memo + + By submitting this Internet-Draft, each author represents that any + applicable patent or other IPR claims of which he or she is aware + have been or will be disclosed, and any of which he or she becomes + aware will be disclosed, in accordance with Section 6 of BCP 79. + + Internet-Drafts are working documents of the Internet Engineering + Task Force (IETF), its areas, and its working groups. Note that + other groups may also distribute working documents as Internet- + Drafts. + + Internet-Drafts are draft documents valid for a maximum of six months + and may be updated, replaced, or obsoleted by other documents at any + time. It is inappropriate to use Internet-Drafts as reference + material or to cite them other than as "work in progress." + + The list of current Internet-Drafts can be accessed at + http://www.ietf.org/ietf/1id-abstracts.txt. + + The list of Internet-Draft Shadow Directories can be accessed at + http://www.ietf.org/shadow.html. + + This Internet-Draft will expire on August 21, 2008. + +Copyright Notice + + Copyright (C) The IETF Trust (2008). + + + + + + + + + + + + + +Gudmundsson & Ihren Expires August 21, 2008 [Page 1] + +Internet-Draft DNSSEC Key life stages. February 2008 + + +Abstract + + This document recommends a specific terminology to use when + expressing the state that a DNSKEY is in at particular time. This + does not affect how the protocol operates in any way. + + +Table of Contents + + 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 + 2. DNSKEY timeline . . . . . . . . . . . . . . . . . . . . . . . 4 + 3. Life stages of a DNSKEY . . . . . . . . . . . . . . . . . . . 5 + 3.1. Generated . . . . . . . . . . . . . . . . . . . . . . . . 5 + 3.2. Published . . . . . . . . . . . . . . . . . . . . . . . . 5 + 3.2.1. Pre-Publication . . . . . . . . . . . . . . . . . . . 5 + 3.2.2. Out-Of-Band Publication . . . . . . . . . . . . . . . 5 + 3.3. Active . . . . . . . . . . . . . . . . . . . . . . . . . . 5 + 3.4. Retired . . . . . . . . . . . . . . . . . . . . . . . . . 5 + 3.5. Removed . . . . . . . . . . . . . . . . . . . . . . . . . 6 + 3.5.1. Lame . . . . . . . . . . . . . . . . . . . . . . . . . 6 + 3.5.2. Stale . . . . . . . . . . . . . . . . . . . . . . . . 6 + 3.6. Revoked . . . . . . . . . . . . . . . . . . . . . . . . . 6 + 4. Security considerations . . . . . . . . . . . . . . . . . . . 7 + 5. IANA considerations . . . . . . . . . . . . . . . . . . . . . 8 + 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9 + 6.1. Normative References . . . . . . . . . . . . . . . . . . . 9 + 6.2. Informative References . . . . . . . . . . . . . . . . . . 9 + Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 10 + Intellectual Property and Copyright Statements . . . . . . . . . . 11 + + + + + + + + + + + + + + + + + + + + + + +Gudmundsson & Ihren Expires August 21, 2008 [Page 2] + +Internet-Draft DNSSEC Key life stages. February 2008 + + +1. Introduction + + When the editors of this document where comparing their DNSSEC key + management projects they discovered that they where discussing + roughly the same thing but using different terminology. + + This document presents a unified terminology to use when describing + the current state of a DNSKEY. + + The DNSSEC standards documents ([1], [2] and [3]) do not address the + required states for the key management of a DNSSEC key. The DNSSEC + Operational Practices [4] document does propose that keys be + published before use but uses inconsistent or confusing terms. This + document assumes basic understanding of DNSSEC and key management. + + The terms proposed in this document attempt to avoid any confusion + and make the states of keys to be as clear as possible. The terms + used in this document are intended as a operational supplement to the + terms defined in Section 2 of [1]. + + To large extent this discussion is motivated by Trust anchor keys but + the same terminology can be used for zone signing keys. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Gudmundsson & Ihren Expires August 21, 2008 [Page 3] + +Internet-Draft DNSSEC Key life stages. February 2008 + + +2. DNSKEY timeline + + The model in this document is that keys progress through a state + machine along a one-way path, keys never move to an earlier states. + + + + GENERATED----------> PUBLISHED ---> ACTIVE ---> RETIRED --> REMOVED + | ^ | | | ^ + | | | | v | + +--> Pre-PUBLISHED--+ +--------+---------> REVOKED ---+ + + + DNSKEY time line. + + There are few more states that are defined below but these apply only + to the publisher of TA's and the consumer of TA's. Two of these are + sub-sets of the Published state, the other two are error states. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Gudmundsson & Ihren Expires August 21, 2008 [Page 4] + +Internet-Draft DNSSEC Key life stages. February 2008 + + +3. Life stages of a DNSKEY + +3.1. Generated + + Once a key is generated it enters state Generated and stays there + until the next state. While in this state only the owner of the key + is aware of its existence and can prepare for its future use. + +3.2. Published + + Once the key is added to the DNSKEY set of a zone the key is there + for the world to see, or published. The key needs to remain in this + state for some time to propagate to all validators that have cached + the prior version of the DNSKEY set. In the case of KSK the key + should remain in this state for a longer time as documented in DNSSEC + Timers RFC [5]. + +3.2.1. Pre-Publication + + In certain circumstances a zone owner may want to give out a new + Trust Anchor before exposing the actual public key. In this case the + zone can publish a DS record of the key. This allows others to + configure the trust anchor but will not be able to use the key until + the key is published in the DNSKEY RRset. + +3.2.2. Out-Of-Band Publication + + In certain circumstances a domain may want to give out a new Trust + Anchor outside DNS to give others a long lead time to configure the + new key as trust anchor. The reason people may want to do this is to + keep the size of the DNSKEY set smaller and only add new trust anchor + just before the key goes into use. One likely use for this is the + DNS "." root key as it does not have a parent that can publish a DS + record for it. The publication mechanism does not matter it can be + any one of web-site, advertisement in Financial Times and other + international publication, e-mail to DNS related mailing lists, etc.. + +3.3. Active + + The key is in ACTIVE state while it is actively signing data in the + zone it resides in. It is one of the the keys that are signing the + zone or parts of the zone. + +3.4. Retired + + When the key is no longer used for signing the zone it enters state + Retired. In this state there may still be signatures by the key in + cached data from the zone available at recursive servers, but the + + + +Gudmundsson & Ihren Expires August 21, 2008 [Page 5] + +Internet-Draft DNSSEC Key life stages. February 2008 + + + authoritative servers for the zone do no longer carry any signatures + generated by the key. + +3.5. Removed + + Once the key is removed from the DNSKEY RRset it enters the state + Removed. At this point all signatures by the key that may still be + temporarily valid will fail to verify once the validator refreshes + the DNSKEY RRset in its memory. + + Therefore "removal" of a key is typically not done until all the + cached signatures have expired. Entering this state too early may + cause number of validators to end up with STALE Trust Anchors. + +3.5.1. Lame + + A Trust Anchor is Lame if the parent continues to publish DS pointing + to the key after it has been removed from the DNSKEY RRset. A Trust + Anchor is arguably Lame if there are no signatures by a Retired KSK + in the zone. + +3.5.2. Stale + + A Stale Trust Anchor is an old TA that remains in a validators list + of active key(s) after the key has been removed from the zone's + DNSKEY RRset. + +3.6. Revoked + + There are times when a zone wants to signal that a particular key + should not be used at all. The mechanism to do this is to set the + REVOKE bit [5]. Any key in any of the while the key is the DNSSKEY + set can be exited to Revoked state. After some time in the Revoke + state the key will be Removed. + + + + + + + + + + + + + + + + + +Gudmundsson & Ihren Expires August 21, 2008 [Page 6] + +Internet-Draft DNSSEC Key life stages. February 2008 + + +4. Security considerations + + TBD + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Gudmundsson & Ihren Expires August 21, 2008 [Page 7] + +Internet-Draft DNSSEC Key life stages. February 2008 + + +5. IANA considerations + + This document does not have any IANA actions. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Gudmundsson & Ihren Expires August 21, 2008 [Page 8] + +Internet-Draft DNSSEC Key life stages. February 2008 + + +6. References + +6.1. Normative References + +6.2. Informative References + + [1] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, + "DNS Security Introduction and Requirements", RFC 4033, + March 2005. + + [2] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, + "Resource Records for the DNS Security Extensions", RFC 4034, + March 2005. + + [3] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, + "Protocol Modifications for the DNS Security Extensions", + RFC 4035, March 2005. + + [4] Kolkman, O. and R. Gieben, "DNSSEC Operational Practices", + RFC 4641, September 2006. + + [5] StJohns, M., "Automated Updates of DNS Security (DNSSEC) Trust + Anchors", RFC 5011, September 2007. + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Gudmundsson & Ihren Expires August 21, 2008 [Page 9] + +Internet-Draft DNSSEC Key life stages. February 2008 + + +Authors' Addresses + + Olafur Gudmundsson + OGUD Consulting LLC + 3821 Village Park Drive + Chevy Chase, MD 20815 + USA + + Email: ogud@ogud.com + + + Johan Ihren + Automatica, AB + Bellmansgatan 30 + Stockholm, SE-118 47 + Sweden + + Email: johani@automatica.se + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Gudmundsson & Ihren Expires August 21, 2008 [Page 10] + +Internet-Draft DNSSEC Key life stages. February 2008 + + +Full Copyright Statement + + Copyright (C) The IETF Trust (2008). + + This document is subject to the rights, licenses and restrictions + contained in BCP 78, and except as set forth therein, the authors + retain all their rights. + + This document and the information contained herein are provided on an + "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS + OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND + THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS + OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF + THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED + WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + + +Intellectual Property + + The IETF takes no position regarding the validity or scope of any + Intellectual Property Rights or other rights that might be claimed to + pertain to the implementation or use of the technology described in + this document or the extent to which any license under such rights + might or might not be available; nor does it represent that it has + made any independent effort to identify any such rights. Information + on the procedures with respect to rights in RFC documents can be + found in BCP 78 and BCP 79. + + Copies of IPR disclosures made to the IETF Secretariat and any + assurances of licenses to be made available, or the result of an + attempt made to obtain a general license or permission for the use of + such proprietary rights by implementers or users of this + specification can be obtained from the IETF on-line IPR repository at + http://www.ietf.org/ipr. + + The IETF invites any interested party to bring to its attention any + copyrights, patents or patent applications, or other proprietary + rights that may cover technology that may be required to implement + this standard. Please address the information to the IETF at + ietf-ipr@ietf.org. + + +Acknowledgment + + Funding for the RFC Editor function is provided by the IETF + Administrative Support Activity (IASA). + + + + + +Gudmundsson & Ihren Expires August 21, 2008 [Page 11] + diff --git a/contrib/zkt-1.1.2/doc/draft-ietf-dnsop-rfc4641bis-01.txt b/contrib/zkt-1.1.2/doc/draft-ietf-dnsop-rfc4641bis-01.txt new file mode 100644 index 0000000000..f7d83e9d16 --- /dev/null +++ b/contrib/zkt-1.1.2/doc/draft-ietf-dnsop-rfc4641bis-01.txt @@ -0,0 +1,2128 @@ + + + +DNSOP O. Kolkman +Internet-Draft NLnet Labs +Obsoletes: 2541 (if approved) R. Gieben +Intended status: BCP +Expires: September 8, 2009 March 7, 2009 + + + DNSSEC Operational Practices, Version 2 + draft-ietf-dnsop-rfc4641bis-01 + +Status of This Memo + + This Internet-Draft is submitted to IETF in full conformance with the + provisions of BCP 78 and BCP 79. This document may contain material + from IETF Documents or IETF Contributions published or made publicly + available before November 10, 2008. The person(s) controlling the + copyright in some of this material may not have granted the IETF + Trust the right to allow modifications of such material outside the + IETF Standards Process. Without obtaining an adequate license from + the person(s) controlling the copyright in such materials, this + document may not be modified outside the IETF Standards Process, and + derivative works of it may not be created outside the IETF Standards + Process, except to format it for publication as an RFC or to + translate it into languages other than English. + + Internet-Drafts are working documents of the Internet Engineering + Task Force (IETF), its areas, and its working groups. Note that + other groups may also distribute working documents as Internet- + Drafts. + + Internet-Drafts are draft documents valid for a maximum of six months + and may be updated, replaced, or obsoleted by other documents at any + time. It is inappropriate to use Internet-Drafts as reference + material or to cite them other than as "work in progress." + + The list of current Internet-Drafts can be accessed at + http://www.ietf.org/ietf/1id-abstracts.txt. + + The list of Internet-Draft Shadow Directories can be accessed at + http://www.ietf.org/shadow.html. + + This Internet-Draft will expire on September 8, 2009. + +Copyright Notice + + Copyright (c) 2009 IETF Trust and the persons identified as the + document authors. All rights reserved. + + + + +Kolkman & Gieben Expires September 8, 2009 [Page 1] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + This document is subject to BCP 78 and the IETF Trust's Legal + Provisions Relating to IETF Documents in effect on the date of + publication of this document (http://trustee.ietf.org/license-info). + Please review these documents carefully, as they describe your rights + and restrictions with respect to this document. + +Abstract + + This document describes a set of practices for operating the DNS with + security extensions (DNSSEC). The target audience is zone + administrators deploying DNSSEC. + + The document discusses operational aspects of using keys and + signatures in the DNS. It discusses issues of key generation, key + storage, signature generation, key rollover, and related policies. + + This document obsoletes RFC 2541, as it covers more operational + ground and gives more up-to-date requirements with respect to key + sizes and the new DNSSEC specification. + +Table of Contents + + 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 + 1.1. The Use of the Term 'key' . . . . . . . . . . . . . . . . 5 + 1.2. Time Definitions . . . . . . . . . . . . . . . . . . . . . 5 + 2. Keeping the Chain of Trust Intact . . . . . . . . . . . . . . 5 + 3. Keys Generation and Storage . . . . . . . . . . . . . . . . . 6 + 3.1. Zone and Key Signing Keys . . . . . . . . . . . . . . . . 6 + 3.1.1. Motivations for the KSK and ZSK Separation . . . . . . 7 + 3.1.2. Differentiation for 'High-Level' Zones . . . . . . . . 9 + 3.2. Key Generation . . . . . . . . . . . . . . . . . . . . . . 9 + 3.3. Key Effectivity Period . . . . . . . . . . . . . . . . . . 9 + 3.4. Key Algorithm . . . . . . . . . . . . . . . . . . . . . . 10 + 3.5. Key Sizes . . . . . . . . . . . . . . . . . . . . . . . . 10 + 3.6. Private Key Storage . . . . . . . . . . . . . . . . . . . 11 + 4. Signature Generation, Key Rollover, and Related Policies . . . 12 + 4.1. Time in DNSSEC . . . . . . . . . . . . . . . . . . . . . . 12 + 4.1.1. Time Considerations . . . . . . . . . . . . . . . . . 13 + 4.2. Key Rollovers . . . . . . . . . . . . . . . . . . . . . . 15 + 4.2.1. Zone Signing Key Rollovers . . . . . . . . . . . . . . 15 + 4.2.1.1. Pre-Publish Key Rollover . . . . . . . . . . . . . 15 + 4.2.1.2. Double Signature Zone Signing Key Rollover . . . . 17 + 4.2.1.3. Pros and Cons of the Schemes . . . . . . . . . . . 19 + 4.2.2. Key Signing Key Rollovers . . . . . . . . . . . . . . 19 + 4.2.3. Difference Between ZSK and KSK Rollovers . . . . . . . 21 + 4.2.4. Key algorithm rollover . . . . . . . . . . . . . . . . 22 + 4.2.5. Automated Key Rollovers . . . . . . . . . . . . . . . 23 + 4.3. Planning for Emergency Key Rollover . . . . . . . . . . . 24 + + + +Kolkman & Gieben Expires September 8, 2009 [Page 2] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + 4.3.1. KSK Compromise . . . . . . . . . . . . . . . . . . . . 24 + 4.3.1.1. Keeping the Chain of Trust Intact . . . . . . . . 25 + 4.3.1.2. Breaking the Chain of Trust . . . . . . . . . . . 26 + 4.3.2. ZSK Compromise . . . . . . . . . . . . . . . . . . . . 26 + 4.3.3. Compromises of Keys Anchored in Resolvers . . . . . . 26 + 4.4. Parental Policies . . . . . . . . . . . . . . . . . . . . 27 + 4.4.1. Initial Key Exchanges and Parental Policies + Considerations . . . . . . . . . . . . . . . . . . . . 27 + 4.4.2. Storing Keys or Hashes? . . . . . . . . . . . . . . . 27 + 4.4.3. Security Lameness . . . . . . . . . . . . . . . . . . 28 + 4.4.4. DS Signature Validity Period . . . . . . . . . . . . . 28 + 4.4.5. (Non) Cooperating Registrars . . . . . . . . . . . . . 29 + 5. Security Considerations . . . . . . . . . . . . . . . . . . . 30 + 6. IANA considerations . . . . . . . . . . . . . . . . . . . . . 30 + 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 30 + 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 31 + 8.1. Normative References . . . . . . . . . . . . . . . . . . . 31 + 8.2. Informative References . . . . . . . . . . . . . . . . . . 31 + Appendix A. Terminology . . . . . . . . . . . . . . . . . . . . . 32 + Appendix B. Zone Signing Key Rollover How-To . . . . . . . . . . 34 + Appendix C. Typographic Conventions . . . . . . . . . . . . . . . 34 + Appendix D. Document Editing History . . . . . . . . . . . . . . 37 + D.1. draft-ietf-dnsop-rfc4641-00 . . . . . . . . . . . . . . . 37 + D.2. version 0->1 . . . . . . . . . . . . . . . . . . . . . . . 37 + + + + + + + + + + + + + + + + + + + + + + + + + + + +Kolkman & Gieben Expires September 8, 2009 [Page 3] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + +1. Introduction + + This document describes how to run a DNS Security (DNSSEC)-enabled + environment. It is intended for operators who have knowledge of the + DNS (see RFC 1034 [1] and RFC 1035 [2]) and want to deploy DNSSEC. + See RFC 4033 [3] for an introduction to DNSSEC, RFC 4034 [4] for the + newly introduced Resource Records (RRs), and RFC 4035 [5] for the + protocol changes. + + During workshops and early operational deployment tests, operators + and system administrators have gained experience about operating the + DNS with security extensions (DNSSEC). This document translates + these experiences into a set of practices for zone administrators. + At the time of writing, there exists very little experience with + DNSSEC in production environments; this document should therefore + explicitly not be seen as representing 'Best Current Practices'. + [OK: Is this document ripe enough to shoot for BCP?] + + The procedures herein are focused on the maintenance of signed zones + (i.e., signing and publishing zones on authoritative servers). It is + intended that maintenance of zones such as re-signing or key + rollovers be transparent to any verifying clients on the Internet. + + The structure of this document is as follows. In Section 2, we + discuss the importance of keeping the "chain of trust" intact. + Aspects of key generation and storage of private keys are discussed + in Section 3; the focus in this section is mainly on the private part + of the key(s). Section 4 describes considerations concerning the + public part of the keys. Since these public keys appear in the DNS + one has to take into account all kinds of timing issues, which are + discussed in Section 4.1. Section 4.2 and Section 4.3 deal with the + rollover, or supercession, of keys. Finally, Section 4.4 discusses + considerations on how parents deal with their children's public keys + in order to maintain chains of trust. + + The typographic conventions used in this document are explained in + Appendix C. + + Since this is a document with operational suggestions and there are + no protocol specifications, the RFC 2119 [6] language does not apply. + + This document [OK: when approved] obsoletes RFC 4641 [16]. + + [OK: Editorial comments and questions are indicated by square + brackets and editor innitials] + + + + + + +Kolkman & Gieben Expires September 8, 2009 [Page 4] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + +1.1. The Use of the Term 'key' + + It is assumed that the reader is familiar with the concept of + asymmetric keys on which DNSSEC is based (public key cryptography + RFC4949 [17]). Therefore, this document will use the term 'key' + rather loosely. Where it is written that 'a key is used to sign + data' it is assumed that the reader understands that it is the + private part of the key pair that is used for signing. It is also + assumed that the reader understands that the public part of the key + pair is published in the DNSKEY Resource Record and that it is the + public part that is used in key exchanges. + +1.2. Time Definitions + + In this document, we will be using a number of time-related terms. + The following definitions apply: + + o "Signature validity period" The period that a signature is valid. + It starts at the time specified in the signature inception field + of the RRSIG RR and ends at the time specified in the expiration + field of the RRSIG RR. + + o "Signature publication period" Time after which a signature (made + with a specific key) is replaced with a new signature (made with + the same key). This replacement takes place by publishing the + relevant RRSIG in the master zone file. After one stops + publishing an RRSIG in a zone, it may take a while before the + RRSIG has expired from caches and has actually been removed from + the DNS. + + o "Key effectivity period" The period during which a key pair is + expected to be effective. This period is defined as the time + between the first inception time stamp and the last expiration + date of any signature made with this key, regardless of any + discontinuity in the use of the key. The key effectivity period + can span multiple signature validity periods. + + o "Maximum/Minimum Zone Time to Live (TTL)" The maximum or minimum + value of the TTLs from the complete set of RRs in a zone. Note + that the minimum TTL is not the same as the MINIMUM field in the + SOA RR. See [9] for more information. + +2. Keeping the Chain of Trust Intact + + Maintaining a valid chain of trust is important because broken chains + of trust will result in data being marked as Bogus (as defined in [3] + Section 5), which may cause entire (sub)domains to become invisible + to verifying clients. The administrators of secured zones have to + + + +Kolkman & Gieben Expires September 8, 2009 [Page 5] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + realize that their zone is, to verifying clients, part of a chain of + trust. + + As mentioned in the introduction, the procedures herein are intended + to ensure that maintenance of zones, such as re-signing or key + rollovers, will be transparent to the verifying clients on the + Internet. + + Administrators of secured zones will have to keep in mind that data + published on an authoritative primary server will not be immediately + seen by verifying clients; it may take some time for the data to be + transferred to other secondary authoritative nameservers and clients + may be fetching data from caching non-authoritative servers. In this + light, note that the time for a zone transfer from master to slave is + negligible when using NOTIFY [8] and incremental transfer (IXFR) [7]. + It increases when full zone transfers (AXFR) are used in combination + with NOTIFY. It increases even more if you rely on full zone + transfers based on only the SOA timing parameters for refresh. + + For the verifying clients, it is important that data from secured + zones can be used to build chains of trust regardless of whether the + data came directly from an authoritative server, a caching + nameserver, or some middle box. Only by carefully using the + available timing parameters can a zone administrator ensure that the + data necessary for verification can be obtained. + + The responsibility for maintaining the chain of trust is shared by + administrators of secured zones in the chain of trust. This is most + obvious in the case of a 'key compromise' when a trade-off between + maintaining a valid chain of trust and replacing the compromised keys + as soon as possible must be made. Then zone administrators will have + to make a trade-off, between keeping the chain of trust intact -- + thereby allowing for attacks with the compromised key -- or + deliberately breaking the chain of trust and making secured + subdomains invisible to security-aware resolvers. Also see + Section 4.3. + +3. Keys Generation and Storage + + This section describes a number of considerations with respect to the + security of keys. It deals with the generation, effectivity period, + size, and storage of private keys. + +3.1. Zone and Key Signing Keys + + The DNSSEC validation protocol does not distinguish between different + types of DNSKEYs. All DNSKEYs can be used during the validation. In + practice, operators use Key Signing and Zone Signing Keys and use the + + + +Kolkman & Gieben Expires September 8, 2009 [Page 6] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + so-called Secure Entry Point (SEP) [5] flag to distinguish between + them during operations. The dynamics and considerations are + discussed below. + + To make zone re-signing and key rollover procedures easier to + implement, it is possible to use one or more keys as Key Signing Keys + (KSKs). These keys will only sign the apex DNSKEY RRSet in a zone. + Other keys can be used to sign all the RRSets in a zone and are + referred to as Zone Signing Keys (ZSKs). In this document, we assume + that KSKs are the subset of keys that are used for key exchanges with + the parent and potentially for configuration as trusted anchors -- + the SEP keys. In this document, we assume a one-to-one mapping + between KSK and SEP keys and we assume the SEP flag to be set on all + KSKs. + +3.1.1. Motivations for the KSK and ZSK Separation + + Differentiating between the KSK and ZSK functions has several + advantages: + + o No parent/child interaction is required when ZSKs are updated. + + o [OK: Bullet removed, strawman Paul Hoffman] + + o As the KSK is only used to sign a key set, which is most probably + updated less frequently than other data in the zone, it can be + stored separately from and in a safer location than the ZSK. + + o A KSK can have a longer key effectivity period. + + For almost any method of key management and zone signing, the KSK is + used less frequently than the ZSK. Once a key set is signed with the + KSK, all the keys in the key set can be used as ZSKs. If a ZSK is + compromised, it can be simply dropped from the key set. The new key + set is then re-signed with the KSK. + + Given the assumption that for KSKs the SEP flag is set, the KSK can + be distinguished from a ZSK by examining the flag field in the DNSKEY + RR. If the flag field is an odd number it is a KSK. If it is an + even number it is a ZSK. + + The Zone Signing Key can be used to sign all the data in a zone on a + regular basis. When a Zone Signing Key is to be rolled, no + interaction with the parent is needed. This allows for signature + validity periods on the order of days. + + The Key Signing Key is only to be used to sign the DNSKEY RRs in a + zone. If a Key Signing Key is to be rolled over, there will be + + + +Kolkman & Gieben Expires September 8, 2009 [Page 7] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + interactions with parties other than the zone administrator. If + there is a parent zone, these can include the registry of the parent + zone or administrators of verifying resolvers that have the + particular key configured as secure entry points. If this is a trust + anchor, everyone relying on the trust anchor needs to roll over to + the new key. The latter may be subject to stability costs if + automated trust-anchor rollover mechanisms (such as e.g. RFC5011 + [18]) are not in place. Hence, the key effectivity period of these + keys can and should be made much longer. + + There are two schools of thought on rolling a KSK that is not a trust + anchor [OK: One can never be sure a KSK is _not_ a trust anchor]: + + o It should be done regularly (possibly every few months) so that a + key rollover remains an operational routine. + + o It should only be done when it is known or strongly suspected that + the key has been compromised in order to reduce the stability + issues on systems where the rollover does not happen cleanly. + + There is no widespread agreement on which of these two schools of + thought is better for different deployments of DNSSEC. There is a + stability cost every time a non-anchor KSK is rolled over, but it is + possibly low if the communication between the child and the parent is + good. On the other hand, the only completely effective way to tell + if the communication is good is to test it periodically. Thus, + rolling a KSK with a parent is only done for two reasons: to test and + verify the rolling system to prepare for an emergency, and in the + case of an actual emergency. + + [OK: The paragraph below is a straw-man by Paul Hoffman] Because of + the difficulty of getting all users of a trust anchor to replace an + old trust anchor with a new one, a KSK that is a trust anchor should + never be rolled unless it is known or strongly suspected that the key + has been compromised. + + [OK: This is an alternative straw-man by Olaf Kolkman] The same + operational concerns apply to the rollover of KSKs that are used as + trust-anchors. Since the administrator of a zone can not be certain + that the zone's KSK is in use as a trust-anchor she will have to + assume that a rollover will cause a stability cost for the users that + did configure her key as a trust-anchor. Those costs can be + minimized by automating the rollover RFC5011 [18] and by rolling the + key regularly, and advertising such, so that the operators of + recursive nameservers will put the appropriate mechanism in place to + deal with these stability costs, or, in other words, budget for these + costs instead of incuring them unexpectedly. + + + + +Kolkman & Gieben Expires September 8, 2009 [Page 8] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + +3.1.2. Differentiation for 'High-Level' Zones + + In an earlier version of this document we made a differentiation + between KSKs used for zones that are high in the DNS hierarchy versus + KSKs used for zones low in that hierarchy. We have come to realize + that there are other considerations that argue such differentiation + does not need to be made. + + Longer keys are not useful because the crypto guidance is that + everyone should use keys that no one can break. Also, it is + impossible to judge which zones are more or less valuable to an + attacker. An attack can only be used if the compromise is unnoticed + and the attacker can act as an man-in-the-middle attack (MITM) in an + unnoticed way. If .example is compromised and the attacker forges + answers for somebank.example and sends them out as an MITM, when the + attack is discovered it will be simple to prove that .example has + been compromised and the KSK will be rolled. Defining a long-term + successful attack is difficult for keys at any level. + +3.2. Key Generation + + Careful generation of all keys is a sometimes overlooked but + absolutely essential element in any cryptographically secure system. + The strongest algorithms used with the longest keys are still of no + use if an adversary can guess enough to lower the size of the likely + key space so that it can be exhaustively searched. Technical + suggestions for the generation of random keys will be found in RFC + 4086 [14] and NIST SP 800-900 [20]. One should carefully assess if + the random number generator used during key generation adheres to + these suggestions. + + Keys with a long effectivity period are particularly sensitive as + they will represent a more valuable target and be subject to attack + for a longer time than short-period keys. It is strongly recommended + that long-term key generation occur off-line in a manner isolated + from the network via an air gap or, at a minimum, high-level secure + hardware. + +3.3. Key Effectivity Period + + From a purely operational perspective, a reasonable key effectivity + period for KSKs that have a parent zone is 13 months, with the intent + to replace them after 12 months. An intended key effectivity period + of a month is reasonable for Zone Signing Keys. This annual rollover + gives operational practice to rollovers. + + Ignoring the operational perspective, a reasonable effectivity period + for KSKs that have a parent zone is of the order of 2 decades or + + + +Kolkman & Gieben Expires September 8, 2009 [Page 9] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + longer. That is, if one does not plan to test the rollover + procedure, the key should be effective essentially forever, and then + only rolled over in case of emergency. + + The "operational habit" argument also applies to trust anchor + reconfiguration. If a short key effectivity period is used and the + trust anchor configuration has to be revisited on a regular basis, + the odds that the configuration tends to be forgotten is smaller. + The trade-off is against a system that is so dynamic that + administrators of the validating clients will not be able to follow + the modifications.Note that if a trust anchor replacement is done + incorrectly, the entire zone that the trust anchor covers will become + bogus until the trust anchor is corrected. + + Key effectivity periods can be made very short, as in a few minutes. + But when replacing keys one has to take the considerations from + Section 4.1 and Section 4.2 into account. + +3.4. Key Algorithm + + There are currently two types of signature algorithms that can be + used in DNSSEC: RSA and DSA. Both are fully specified in many + freely-available documents, and both are widely considered to be + patent-free. The creation of signatures wiht RSA and DSA takes + roughly the same time, but DSA is about ten times slower for + signature verification. + + We suggest the use of either RSA/SHA-1 or RSA/SHA-256 as the + preferred signature algorithms. Both have advantages and + disadvantages. RSA/SHA-1 has been deployed for many years, while + RSA/SHA-256 has only begun to be deployed. On the other hand, it is + expected that if effective attacks on either algorithm appeark, they + will appear for RSA/SHA-1 first. RSA/MD5 should not be considered + for use because RSA/MD5 will very likely be the first common-use + signature algorithm to have an effective attack. + + At the time of publication, it is known that the SHA-1 hash has + cryptanalysis issues. There is work in progress on addressing these + issues. We recommend the use of public key algorithms based on + hashes stronger than SHA-1 (e.g., SHA-256), as soon as these + algorithms are available in protocol specifications (see [21] and + [22]) and implementations. + +3.5. Key Sizes + + DNSSEC signing keys should be large enough to avoid all know + cryptographic attacks during the lifetime of the key. To date, + despite huge efforts, no one has broken a regular 1024-bit key; in + + + +Kolkman & Gieben Expires September 8, 2009 [Page 10] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + fact, the best completed attack is estimated to be the equivalent of + a 700-bit key. An attacker breaking a 1024-bit signing key would + need expend phenominal amounts of networked computing power in a way + that would not be detected in order to break a single key. Because + of this, it is estimated that most zones can safely use 1024-bit keys + for at least the next ten years. A 1024-bit asymmetric key has an + approximate equivalent strength of a symmetric 80-bit key. + + Keys that are used as extremely high value trust anchors, or non- + anchor keys that may be difficult to roll over, may want to use + lengths longer than 1024 bits. Typically, the next larger key size + used is 2048 bits, which have the approximate equivalent strength of + a symmetric 112-bit key. In a standard CPU, it takes about four + times as long to sign or verify with a 2048-bit key as it does with a + 1024-bit key. + + Another way to decide on the size of key to use is to remember that + the phenominal effort it takes for an attacker to break a 1024-bit + key is the same regardless of how the key is used. If an attacker + has the capability of breaking a 1024-bit DNSSEC key, he also has the + capability of breaking one of the many 1024-bit TLS trust anchor keys + that are installed with web browsers. If the value of a DNSSEC key + is lower to the attacker than the value of a TLS trust anchor, the + attacker will use the resources to attack the TLS trust anchor. + + It is possible that there is a unexpected improvement in the ability + for attackers to beak keys, and that such an attack would make it + feasible to break 1024-bit keys but not 2048-bit keys. If such an + improvement happens, it is likely that there will be a huge amount of + publicity, particularly because of the large number of 1024-bit TLS + trust anchors build into popular web browsers. At that time, all + 1024-bit keys (both ones with parent zones and ones that are trust + anchors) can be rolled over and replaced with larger keys. + + Earlier documents (including the previous version of this document) + urged the use of longer keys in situations where a particular key was + "heavily used". That advice may have been true 15 years ago, but it + is not true today when using RSA or DSA algorithms and keys of 1024 + bits or higher. + +3.6. Private Key Storage + + It is recommended that, where possible, zone private keys and the + zone file master copy that is to be signed be kept and used in off- + line, non-network-connected, physically secure machines only. + Periodically, an application can be run to add authentication to a + zone by adding RRSIG and NSEC RRs. Then the augmented file can be + transferred. + + + +Kolkman & Gieben Expires September 8, 2009 [Page 11] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + When relying on dynamic update to manage a signed zone [11], be aware + that at least one private key of the zone will have to reside on the + master server. This key is only as secure as the amount of exposure + the server receives to unknown clients and the security of the host. + Although not mandatory, one could administer the DNS in the following + way. The master that processes the dynamic updates is unavailable + from generic hosts on the Internet, it is not listed in the NS RRSet, + although its name appears in the SOA RRs MNAME field. The + nameservers in the NS RRSet are able to receive zone updates through + NOTIFY, IXFR, AXFR, or an out-of-band distribution mechanism. This + approach is known as the "hidden master" setup. + + The ideal situation is to have a one-way information flow to the + network to avoid the possibility of tampering from the network. + Keeping the zone master file on-line on the network and simply + cycling it through an off-line signer does not do this. The on-line + version could still be tampered with if the host it resides on is + compromised. For maximum security, the master copy of the zone file + should be off-net and should not be updated based on an unsecured + network mediated communication. + + In general, keeping a zone file off-line will not be practical and + the machines on which zone files are maintained will be connected to + a network. Operators are advised to take security measures to shield + unauthorized access to the master copy. + + For dynamically updated secured zones [11], both the master copy and + the private key that is used to update signatures on updated RRs will + need to be on-line. + +4. Signature Generation, Key Rollover, and Related Policies + +4.1. Time in DNSSEC + + Without DNSSEC, all times in the DNS are relative. The SOA fields + REFRESH, RETRY, and EXPIRATION are timers used to determine the time + elapsed after a slave server synchronized with a master server. The + Time to Live (TTL) value and the SOA RR minimum TTL parameter [9] are + used to determine how long a forwarder should cache data after it has + been fetched from an authoritative server. By using a signature + validity period, DNSSEC introduces the notion of an absolute time in + the DNS. Signatures in DNSSEC have an expiration date after which + the signature is marked as invalid and the signed data is to be + considered Bogus. + + + + + + + +Kolkman & Gieben Expires September 8, 2009 [Page 12] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + +4.1.1. Time Considerations + + Because of the expiration of signatures, one should consider the + following: + + o We suggest the Maximum Zone TTL of your zone data to be a fraction + of your signature validity period. + + If the TTL would be of similar order as the signature validity + period, then all RRSets fetched during the validity period + would be cached until the signature expiration time. Section + 7.1 of [3] suggests that "the resolver may use the time + remaining before expiration of the signature validity period of + a signed RRSet as an upper bound for the TTL". As a result, + query load on authoritative servers would peak at signature + expiration time, as this is also the time at which records + simultaneously expire from caches. + + To avoid query load peaks, we suggest the TTL on all the RRs in + your zone to be at least a few times smaller than your + signature validity period. + + o We suggest the signature publication period to end at least one + Maximum Zone TTL duration before the end of the signature validity + period. + + Re-signing a zone shortly before the end of the signature + validity period may cause simultaneous expiration of data from + caches. This in turn may lead to peaks in the load on + authoritative servers. + + o We suggest the Minimum Zone TTL to be long enough to both fetch + and verify all the RRs in the trust chain. In workshop + environments, it has been demonstrated [19] that a low TTL (under + 5 to 10 minutes) caused disruptions because of the following two + problems: + + 1. During validation, some data may expire before the + validation is complete. The validator should be able to keep + all data until it is completed. This applies to all RRs needed + to complete the chain of trust: DSes, DNSKEYs, RRSIGs, and the + final answers, i.e., the RRSet that is returned for the initial + query. + + 2. Frequent verification causes load on recursive nameservers. + Data at delegation points, DSes, DNSKEYs, and RRSIGs benefit + from caching. The TTL on those should be relatively long. + + + + +Kolkman & Gieben Expires September 8, 2009 [Page 13] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + o Slave servers will need to be able to fetch newly signed zones + well before the RRSIGs in the zone served by the slave server pass + their signature expiration time. + + When a slave server is out of sync with its master and data in + a zone is signed by expired signatures, it may be better for + the slave server not to give out any answer. + + Normally, a slave server that is not able to contact a master + server for an extended period will expire a zone. When that + happens, the server will respond differently to queries for + that zone. Some servers issue SERVFAIL, whereas others turn + off the 'AA' bit in the answers. The time of expiration is set + in the SOA record and is relative to the last successful + refresh between the master and the slave servers. There exists + no coupling between the signature expiration of RRSIGs in the + zone and the expire parameter in the SOA. + + If the server serves a DNSSEC zone, then it may well happen + that the signatures expire well before the SOA expiration timer + counts down to zero. It is not possible to completely prevent + this from happening by tweaking the SOA parameters. + + However, the effects can be minimized where the SOA expiration + time is equal to or shorter than the signature validity period. + + The consequence of an authoritative server not being able to + update a zone, whilst that zone includes expired signatures, is + that non-secure resolvers will continue to be able to resolve + data served by the particular slave servers while security- + aware resolvers will experience problems because of answers + being marked as Bogus. + + We suggest the SOA expiration timer being approximately one + third or one fourth of the signature validity period. It will + allow problems with transfers from the master server to be + noticed before the actual signature times out. + + We also suggest that operators of nameservers that supply + secondary services develop 'watch dogs' to spot upcoming + signature expirations in zones they slave, and take appropriate + action. + + When determining the value for the expiration parameter one has + to take the following into account: What are the chances that + all my secondaries expire the zone? How quickly can I reach an + administrator of secondary servers to load a valid zone? These + questions are not DNSSEC specific but may influence the choice + + + +Kolkman & Gieben Expires September 8, 2009 [Page 14] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + of your signature validity intervals. + +4.2. Key Rollovers + + Regardless of whether a zone uses periodic key rollovers in order to + practice for emergencies, or only rolls over keys in an emergency, + key rollovers are a fact of life when using DNSSEC. Zone + administrators who are in the process of rolling their keys have to + take into account that data published in previous versions of their + zone still lives in caches. When deploying DNSSEC, this becomes an + important consideration; ignoring data that may be in caches may lead + to loss of service for clients. + + The most pressing example of this occurs when zone material signed + with an old key is being validated by a resolver that does not have + the old zone key cached. If the old key is no longer present in the + current zone, this validation fails, marking the data "Bogus". + Alternatively, an attempt could be made to validate data that is + signed with a new key against an old key that lives in a local cache, + also resulting in data being marked "Bogus". + +4.2.1. Zone Signing Key Rollovers + + For "Zone Signing Key rollovers", there are two ways to make sure + that during the rollover data still cached can be verified with the + new key sets or newly generated signatures can be verified with the + keys still in caches. One schema, described in Section 4.2.1.2, uses + double signatures; the other uses key pre-publication + (Section 4.2.1.1). The pros, cons, and recommendations are described + in Section 4.2.1.3. + +4.2.1.1. Pre-Publish Key Rollover + + This section shows how to perform a ZSK rollover without the need to + sign all the data in a zone twice -- the "pre-publish key rollover". + This method has advantages in the case of a key compromise. If the + old key is compromised, the new key has already been distributed in + the DNS. The zone administrator is then able to quickly switch to + the new key and remove the compromised key from the zone. Another + major advantage is that the zone size does not double, as is the case + with the double signature ZSK rollover. A small "how-to" for this + kind of rollover can be found in Appendix B. + + + + + + + + + +Kolkman & Gieben Expires September 8, 2009 [Page 15] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + Pre-publish key rollover involves four stages as follows: + + ---------------------------------------------------------------- + initial new DNSKEY new RRSIGs DNSKEY removal + ---------------------------------------------------------------- + SOA0 SOA1 SOA2 SOA3 + RRSIG10(SOA0) RRSIG10(SOA1) RRSIG11(SOA2) RRSIG11(SOA3) + + DNSKEY1 DNSKEY1 DNSKEY1 DNSKEY1 + DNSKEY10 DNSKEY10 DNSKEY10 DNSKEY11 + DNSKEY11 DNSKEY11 + RRSIG1 (DNSKEY) RRSIG1 (DNSKEY) RRSIG1(DNSKEY) RRSIG1 (DNSKEY) + RRSIG10(DNSKEY) RRSIG10(DNSKEY) RRSIG11(DNSKEY) RRSIG11(DNSKEY) + ---------------------------------------------------------------- + + Pre-Publish Key Rollover + + initial: Initial version of the zone: DNSKEY 1 is the Key Signing + Key. DNSKEY 10 is used to sign all the data of the zone, the Zone + Signing Key. + + new DNSKEY: DNSKEY 11 is introduced into the key set. Note that no + signatures are generated with this key yet, but this does not + secure against brute force attacks on the public key. The minimum + duration of this pre-roll phase is the time it takes for the data + to propagate to the authoritative servers plus TTL value of the + key set. + + new RRSIGs: At the "new RRSIGs" stage (SOA serial 2), DNSKEY 11 is + used to sign the data in the zone exclusively (i.e., all the + signatures from DNSKEY 10 are removed from the zone). DNSKEY 10 + remains published in the key set. This way data that was loaded + into caches from version 1 of the zone can still be verified with + key sets fetched from version 2 of the zone. The minimum time + that the key set including DNSKEY 10 is to be published is the + time that it takes for zone data from the previous version of the + zone to expire from old caches, i.e., the time it takes for this + zone to propagate to all authoritative servers plus the Maximum + Zone TTL value of any of the data in the previous version of the + zone. + + DNSKEY removal: DNSKEY 10 is removed from the zone. The key set, + now only containing DNSKEY 1 and DNSKEY 11, is re-signed with the + DNSKEY 1. + + The above scheme can be simplified by always publishing the "future" + key immediately after the rollover. The scheme would look as follows + (we show two rollovers); the future key is introduced in "new DNSKEY" + + + +Kolkman & Gieben Expires September 8, 2009 [Page 16] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + as DNSKEY 12 and again a newer one, numbered 13, in "new DNSKEY + (II)": + + + initial new RRSIGs new DNSKEY + ----------------------------------------------------------------- + SOA0 SOA1 SOA2 + RRSIG10(SOA0) RRSIG11(SOA1) RRSIG11(SOA2) + + DNSKEY1 DNSKEY1 DNSKEY1 + DNSKEY10 DNSKEY10 DNSKEY11 + DNSKEY11 DNSKEY11 DNSKEY12 + RRSIG1(DNSKEY) RRSIG1 (DNSKEY) RRSIG1(DNSKEY) + RRSIG10(DNSKEY) RRSIG11(DNSKEY) RRSIG11(DNSKEY) + ---------------------------------------------------------------- + + ---------------------------------------------------------------- + new RRSIGs (II) new DNSKEY (II) + ---------------------------------------------------------------- + SOA3 SOA4 + RRSIG12(SOA3) RRSIG12(SOA4) + + DNSKEY1 DNSKEY1 + DNSKEY11 DNSKEY12 + DNSKEY12 DNSKEY13 + RRSIG1(DNSKEY) RRSIG1(DNSKEY) + RRSIG12(DNSKEY) RRSIG12(DNSKEY) + ---------------------------------------------------------------- + + Pre-Publish Key Rollover, Showing Two Rollovers + + Note that the key introduced in the "new DNSKEY" phase is not used + for production yet; the private key can thus be stored in a + physically secure manner and does not need to be 'fetched' every time + a zone needs to be signed. + +4.2.1.2. Double Signature Zone Signing Key Rollover + + This section shows how to perform a ZSK key rollover using the double + zone data signature scheme, aptly named "double signature rollover". + + During the "new DNSKEY" stage the new version of the zone file will + need to propagate to all authoritative servers and the data that + exists in (distant) caches will need to expire, requiring at least + the Maximum Zone TTL. + + + + + + +Kolkman & Gieben Expires September 8, 2009 [Page 17] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + Double signature ZSK rollover involves three stages as follows: + + ---------------------------------------------------------------- + initial new DNSKEY DNSKEY removal + ---------------------------------------------------------------- + SOA0 SOA1 SOA2 + RRSIG10(SOA0) RRSIG10(SOA1) RRSIG11(SOA2) + RRSIG11(SOA1) + DNSKEY1 DNSKEY1 DNSKEY1 + DNSKEY10 DNSKEY10 DNSKEY11 + DNSKEY11 + RRSIG1(DNSKEY) RRSIG1(DNSKEY) RRSIG1(DNSKEY) + RRSIG10(DNSKEY) RRSIG10(DNSKEY) RRSIG11(DNSKEY) + RRSIG11(DNSKEY) + ---------------------------------------------------------------- + + Double Signature Zone Signing Key Rollover + + initial: Initial Version of the zone: DNSKEY 1 is the Key Signing + Key. DNSKEY 10 is used to sign all the data of the zone, the Zone + Signing Key. + + new DNSKEY: At the "New DNSKEY" stage (SOA serial 1) DNSKEY 11 is + introduced into the key set and all the data in the zone is signed + with DNSKEY 10 and DNSKEY 11. The rollover period will need to + continue until all data from version 0 of the zone has expired + from remote caches. This will take at least the Maximum Zone TTL + of version 0 of the zone. + + DNSKEY removal: DNSKEY 10 is removed from the zone. All the + signatures from DNSKEY 10 are removed from the zone. The key set, + now only containing DNSKEY 11, is re-signed with DNSKEY 1. + + At every instance, RRSIGs from the previous version of the zone can + be verified with the DNSKEY RRSet from the current version and the + other way around. The data from the current version can be verified + with the data from the previous version of the zone. The duration of + the "new DNSKEY" phase and the period between rollovers should be at + least the Maximum Zone TTL. + + Making sure that the "new DNSKEY" phase lasts until the signature + expiration time of the data in the initial version of the zone is + recommended. This way all caches are cleared of the old signatures. + However, this duration could be considerably longer than the Maximum + Zone TTL, making the rollover a lengthy procedure. + + Note that in this example we assumed that the zone was not modified + during the rollover. New data can be introduced in the zone as long + + + +Kolkman & Gieben Expires September 8, 2009 [Page 18] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + as it is signed with both keys. + +4.2.1.3. Pros and Cons of the Schemes + + Pre-publish key rollover: This rollover does not involve signing the + zone data twice. Instead, before the actual rollover, the new key + is published in the key set and thus is available for + cryptanalysis attacks. A small disadvantage is that this process + requires four steps. Also the pre-publish scheme involves more + parental work when used for KSK rollovers as explained in + Section 4.2.3. + + Double signature ZSK rollover: The drawback of this signing scheme + is that during the rollover the number of signatures in your zone + doubles; this may be prohibitive if you have very big zones. An + advantage is that it only requires three steps. + +4.2.2. Key Signing Key Rollovers + + For the rollover of a Key Signing Key, the same considerations as for + the rollover of a Zone Signing Key apply. However, we can use a + double signature scheme to guarantee that old data (only the apex key + set) in caches can be verified with a new key set and vice versa. + Since only the key set is signed with a KSK, zone size considerations + do not apply. + + + + + + + + + + + + + + + + + + + + + + + + + + +Kolkman & Gieben Expires September 8, 2009 [Page 19] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + -------------------------------------------------------------------- + initial new DNSKEY DS change DNSKEY removal + -------------------------------------------------------------------- + Parent: + SOA0 --------> SOA1 --------> + RRSIGpar(SOA0) --------> RRSIGpar(SOA1) --------> + DS1 --------> DS2 --------> + RRSIGpar(DS) --------> RRSIGpar(DS) --------> + + + Child: + SOA0 SOA1 --------> SOA2 + RRSIG10(SOA0) RRSIG10(SOA1) --------> RRSIG10(SOA2) + --------> + DNSKEY1 DNSKEY1 --------> DNSKEY2 + DNSKEY2 --------> + DNSKEY10 DNSKEY10 --------> DNSKEY10 + RRSIG1 (DNSKEY) RRSIG1 (DNSKEY) --------> RRSIG2 (DNSKEY) + RRSIG2 (DNSKEY) --------> + RRSIG10(DNSKEY) RRSIG10(DNSKEY) --------> RRSIG10(DNSKEY) + -------------------------------------------------------------------- + + Stages of Deployment for a Double Signature Key Signing Key Rollover + + initial: Initial version of the zone. The parental DS points to + DNSKEY1. Before the rollover starts, the child will have to + verify what the TTL is of the DS RR that points to DNSKEY1 -- it + is needed during the rollover and we refer to the value as TTL_DS. + + new DNSKEY: During the "new DNSKEY" phase, the zone administrator + generates a second KSK, DNSKEY2. The key is provided to the + parent, and the child will have to wait until a new DS RR has been + generated that points to DNSKEY2. After that DS RR has been + published on all servers authoritative for the parent's zone, the + zone administrator has to wait at least TTL_DS to make sure that + the old DS RR has expired from caches. + + DS change: The parent replaces DS1 with DS2. + + DNSKEY removal: DNSKEY1 has been removed. + + The scenario above puts the responsibility for maintaining a valid + chain of trust with the child. It also is based on the premise that + the parent only has one DS RR (per algorithm) per zone. An + alternative mechanism has been considered. Using an established + trust relation, the interaction can be performed in-band, and the + removal of the keys by the child can possibly be signaled by the + parent. In this mechanism, there are periods where there are two DS + + + +Kolkman & Gieben Expires September 8, 2009 [Page 20] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + RRs at the parent. Since at the moment of writing the protocol for + this interaction has not been developed, further discussion is out of + scope for this document. + +4.2.3. Difference Between ZSK and KSK Rollovers + + Note that KSK rollovers and ZSK rollovers are different in the sense + that a KSK rollover requires interaction with the parent (and + possibly replacing of trust anchors) and the ensuing delay while + waiting for it. + + A zone key rollover can be handled in two different ways: pre-publish + (Section 4.2.1.1) and double signature (Section 4.2.1.2). + + As the KSK is used to validate the key set and because the KSK is not + changed during a ZSK rollover, a cache is able to validate the new + key set of the zone. The pre-publish method would also work for a + KSK rollover. The records that are to be pre-published are the + parental DS RRs. The pre-publish method has some drawbacks for KSKs. + We first describe the rollover scheme and then indicate these + drawbacks. + + + -------------------------------------------------------------------- + initial new DS new DNSKEY DS/DNSKEY removal + -------------------------------------------------------------------- + Parent: + SOA0 SOA1 --------> SOA2 + RRSIGpar(SOA0) RRSIGpar(SOA1) --------> RRSIGpar(SOA2) + DS1 DS1 --------> DS2 + DS2 --------> + RRSIGpar(DS) RRSIGpar(DS) --------> RRSIGpar(DS) + + Child: + SOA0 --------> SOA1 SOA1 + RRSIG10(SOA0) --------> RRSIG10(SOA1) RRSIG10(SOA1) + --------> + DNSKEY1 --------> DNSKEY2 DNSKEY2 + --------> + DNSKEY10 --------> DNSKEY10 DNSKEY10 + RRSIG1 (DNSKEY) --------> RRSIG2(DNSKEY) RRSIG2 (DNSKEY) + RRSIG10(DNSKEY) --------> RRSIG10(DNSKEY) RRSIG10(DNSKEY) + -------------------------------------------------------------------- + + Stages of Deployment for a Pre-Publish Key Signing Key Rollover + + When the child zone wants to roll, it notifies the parent during the + "new DS" phase and submits the new key (or the corresponding DS) to + + + +Kolkman & Gieben Expires September 8, 2009 [Page 21] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + the parent. The parent publishes DS1 and DS2, pointing to DNSKEY1 + and DNSKEY2, respectively. During the rollover ("new DNSKEY" phase), + which can take place as soon as the new DS set propagated through the + DNS, the child replaces DNSKEY1 with DNSKEY2. Immediately after that + ("DS/DNSKEY removal" phase), it can notify the parent that the old DS + record can be deleted. + + The drawbacks of this scheme are that during the "new DS" phase the + parent cannot verify the match between the DS2 RR and DNSKEY2 using + the DNS -- as DNSKEY2 is not yet published. Besides, we introduce a + "security lame" key (see Section 4.4.3). Finally, the child-parent + interaction consists of two steps. The "double signature" method + only needs one interaction. + +4.2.4. Key algorithm rollover + + [OK: The txt of this section is a strawman for the issue in: http:// + www.nlnetlabs.nl/svn/rfc4641bis/trunk/open-issues/Key_algorithm_roll + ] + + A special class of keyrollover is the rollover of key algorithms + (either adding a new algorithm, removing an old algorithm, or both), + additional steps are needed to retain integrity during the rollover. + + Because of the algorithm downgrade protection in RFC4035 section 2.2, + you may not have a key of an algorithm for which you do not have + signatures. + + When adding a new algorithm, the signatures should be added first. + After the TTL has expired, and caches have dropped the old data + covered by those signatures, the DNSKEY with the new algorithm can be + added. When removing an old algorithm, the DNSKEY should be removed + first. + + To do both, the following steps can be used. For simplicity, we use + a zone that is only signed by one zone signing key. + + + + + + + + + + + + + + + +Kolkman & Gieben Expires September 8, 2009 [Page 22] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + ---------------------------------------------------------------- + 1 Initial 2 New RRSIGS 3 New DNSKEY + ---------------------------------------------------------------- + SOA0 SOA1 SOA2 + RRSIG1(SOA0) RRSIG1(SOA1) RRSIG1(SOA2) + RRSIG2(SOA1) RRSIG2(SOA2) + + DNSKEY1 DNSKEY1 DNSKEY1 + RRSIG1(DNSKEY) RRSIG1(DNSKEY) DNSKEY2 + RRSIG2(DNSKEY) RRSIG1(DNSKEY) + RRSIG2(DNSKEY) + ---------------------------------------------------------------- + 4 Remove DNSKEY 5 Remove RRSIGS + ---------------------------------------------------------------- + SOA3 SOA4 + RRSIG1(SOA3) RRSIG2(SOA4) + RRSIG2(SOA3) + + DNSKEY2 DNSKEY2 + RRSIG1(DNSKEY) RRSIG2(DNSKEY) + RRSIG2(DNSKEY) + ---------------------------------------------------------------- + + Stages of Deployment during an Algorithm Rollover. + + In step 2, the signatures for the new key are added, but the key + itself is not. While in theory, the signatures of the keyset should + always be synchronized with the keyset itself, it can be possible + that RRSIGS are requested separately, so it might be prudent to also + sign the DNSKEY set with the new signature. + + After the cache data has expired, the new key can be added to the + zone, as done in step 3. + + The next step is to remove the old algorithm. This time the key + needs to be removed first, before removing the signatures. The key + is removed in step 4, and after the cache data has expired, the + signatures can be removed in step 5. + + The above steps ensure that during the rollover to a new algorithm, + the integrity of the zone is never broken. + +4.2.5. Automated Key Rollovers + + As keys must be renewed periodically, there is some motivation to + automate the rollover process. Consider the following: + + + + + +Kolkman & Gieben Expires September 8, 2009 [Page 23] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + o ZSK rollovers are easy to automate as only the child zone is + involved. + + o A KSK rollover needs interaction between parent and child. Data + exchange is needed to provide the new keys to the parent; + consequently, this data must be authenticated and integrity must + be guaranteed in order to avoid attacks on the rollover. + +4.3. Planning for Emergency Key Rollover + + This section deals with preparation for a possible key compromise. + Our advice is to have a documented procedure ready for when a key + compromise is suspected or confirmed. + + When the private material of one of your keys is compromised it can + be used for as long as a valid trust chain exists. A trust chain + remains intact for + + o as long as a signature over the compromised key in the trust chain + is valid, + + o as long as a parental DS RR (and signature) points to the + compromised key, + + o as long as the key is anchored in a resolver and is used as a + starting point for validation (this is generally the hardest to + update). + + While a trust chain to your compromised key exists, your namespace is + vulnerable to abuse by anyone who has obtained illegitimate + possession of the key. Zone operators have to make a trade-off if + the abuse of the compromised key is worse than having data in caches + that cannot be validated. If the zone operator chooses to break the + trust chain to the compromised key, data in caches signed with this + key cannot be validated. However, if the zone administrator chooses + to take the path of a regular rollover, the malicious key holder can + spoof data so that it appears to be valid. + +4.3.1. KSK Compromise + + A zone containing a DNSKEY RRSet with a compromised KSK is vulnerable + as long as the compromised KSK is configured as trust anchor or a + parental DS points to it. + + A compromised KSK can be used to sign the key set of an attacker's + zone. That zone could be used to poison the DNS. + + Therefore, when the KSK has been compromised, the trust anchor or the + + + +Kolkman & Gieben Expires September 8, 2009 [Page 24] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + parental DS should be replaced as soon as possible. It is local + policy whether to break the trust chain during the emergency + rollover. The trust chain would be broken when the compromised KSK + is removed from the child's zone while the parent still has a DS + pointing to the compromised KSK (the assumption is that there is only + one DS at the parent. If there are multiple DSes this does not apply + -- however the chain of trust of this particular key is broken). + + Note that an attacker's zone still uses the compromised KSK and the + presence of a parental DS would cause the data in this zone to appear + as valid. Removing the compromised key would cause the attacker's + zone to appear as valid and the child's zone as Bogus. Therefore, we + advise not to remove the KSK before the parent has a DS to a new KSK + in place. + +4.3.1.1. Keeping the Chain of Trust Intact + + If we follow this advice, the timing of the replacement of the KSK is + somewhat critical. The goal is to remove the compromised KSK as soon + as the new DS RR is available at the parent. And also make sure that + the signature made with a new KSK over the key set with the + compromised KSK in it expires just after the new DS appears at the + parent, thus removing the old cruft in one swoop. + + The procedure is as follows: + + 1. Introduce a new KSK into the key set, keep the compromised KSK in + the key set. + + 2. Sign the key set, with a short validity period. The validity + period should expire shortly after the DS is expected to appear + in the parent and the old DSes have expired from caches. + + 3. Upload the DS for this new key to the parent. + + 4. Follow the procedure of the regular KSK rollover: Wait for the DS + to appear in the authoritative servers and then wait as long as + the TTL of the old DS RRs. If necessary re-sign the DNSKEY RRSet + and modify/extend the expiration time. + + 5. Remove the compromised DNSKEY RR from the zone and re-sign the + key set using your "normal" validity interval. + + An additional danger of a key compromise is that the compromised key + could be used to facilitate a legitimate DNSKEY/DS rollover and/or + nameserver changes at the parent. When that happens, the domain may + be in dispute. An authenticated out-of-band and secure notify + mechanism to contact a parent is needed in this case. + + + +Kolkman & Gieben Expires September 8, 2009 [Page 25] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + Note that this is only a problem when the DNSKEY and or DS records + are used for authentication at the parent. + +4.3.1.2. Breaking the Chain of Trust + + There are two methods to break the chain of trust. The first method + causes the child zone to appear 'Bogus' to validating resolvers. The + other causes the child zone to appear 'insecure'. These are + described below. + + In the method that causes the child zone to appear 'Bogus' to + validating resolvers, the child zone replaces the current KSK with a + new one and re-signs the key set. Next it sends the DS of the new + key to the parent. Only after the parent has placed the new DS in + the zone is the child's chain of trust repaired. + + An alternative method of breaking the chain of trust is by removing + the DS RRs from the parent zone altogether. As a result, the child + zone would become insecure. + +4.3.2. ZSK Compromise + + Primarily because there is no parental interaction required when a + ZSK is compromised, the situation is less severe than with a KSK + compromise. The zone must still be re-signed with a new ZSK as soon + as possible. As this is a local operation and requires no + communication between the parent and child, this can be achieved + fairly quickly. However, one has to take into account that just as + with a normal rollover the immediate disappearance of the old + compromised key may lead to verification problems. Also note that as + long as the RRSIG over the compromised ZSK is not expired the zone + may be still at risk. + +4.3.3. Compromises of Keys Anchored in Resolvers + + A key can also be pre-configured in resolvers. For instance, if + DNSSEC is successfully deployed the root key may be pre-configured in + most security aware resolvers. + + If trust-anchor keys are compromised, the resolvers using these keys + should be notified of this fact. Zone administrators may consider + setting up a mailing list to communicate the fact that a SEP key is + about to be rolled over. This communication will of course need to + be authenticated, e.g., by using digital signatures. + + End-users faced with the task of updating an anchored key should + always validate the new key. New keys should be authenticated out- + of-band, for example, through the use of an announcement website that + + + +Kolkman & Gieben Expires September 8, 2009 [Page 26] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + is secured using secure sockets (TLS) [23]. + +4.4. Parental Policies + +4.4.1. Initial Key Exchanges and Parental Policies Considerations + + The initial key exchange is always subject to the policies set by the + parent. When designing a key exchange policy one should take into + account that the authentication and authorization mechanisms used + during a key exchange should be as strong as the authentication and + authorization mechanisms used for the exchange of delegation + information between parent and child. That is, there is no implicit + need in DNSSEC to make the authentication process stronger than it + was in DNS. + + Using the DNS itself as the source for the actual DNSKEY material, + with an out-of-band check on the validity of the DNSKEY, has the + benefit that it reduces the chances of user error. A DNSKEY query + tool can make use of the SEP bit [5] to select the proper key from a + DNSSEC key set, thereby reducing the chance that the wrong DNSKEY is + sent. It can validate the self-signature over a key; thereby + verifying the ownership of the private key material. Fetching the + DNSKEY from the DNS ensures that the chain of trust remains intact + once the parent publishes the DS RR indicating the child is secure. + + Note: the out-of-band verification is still needed when the key + material is fetched via the DNS. The parent can never be sure + whether or not the DNSKEY RRs have been spoofed. + +4.4.2. Storing Keys or Hashes? + + When designing a registry system one should consider which of the + DNSKEYs and/or the corresponding DSes to store. Since a child zone + might wish to have a DS published using a message digest algorithm + not yet understood by the registry, the registry can't count on being + able to generate the DS record from a raw DNSKEY. Thus, we recommend + that registry systems at least support storing DS records. + + It may also be useful to store DNSKEYs, since having them may help + during troubleshooting and, as long as the child's chosen message + digest is supported, the overhead of generating DS records from them + is minimal. Having an out-of-band mechanism, such as a registry + directory (e.g., Whois), to find out which keys are used to generate + DS Resource Records for specific owners and/or zones may also help + with troubleshooting. + + The storage considerations also relate to the design of the customer + interface and the method by which data is transferred between + + + +Kolkman & Gieben Expires September 8, 2009 [Page 27] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + registrant and registry; Will the child zone administrator be able to + upload DS RRs with unknown hash algorithms or does the interface only + allow DNSKEYs? In the registry-registrar model, one can use the + DNSSEC extensions to the Extensible Provisioning Protocol (EPP) [15], + which allows transfer of DS RRs and optionally DNSKEY RRs. + +4.4.3. Security Lameness + + Security lameness is defined as what happens when a parent has a DS + RR pointing to a non-existing DNSKEY RR. When this happens, the + child's zone may be marked "Bogus" by verifying DNS clients. + + As part of a comprehensive delegation check, the parent could, at key + exchange time, verify that the child's key is actually configured in + the DNS. However, if a parent does not understand the hashing + algorithm used by child, the parental checks are limited to only + comparing the key id. + + Child zones should be very careful in removing DNSKEY material, + specifically SEP keys, for which a DS RR exists. + + Once a zone is "security lame", a fix (e.g., removing a DS RR) will + take time to propagate through the DNS. + +4.4.4. DS Signature Validity Period + + Since the DS can be replayed as long as it has a valid signature, a + short signature validity period over the DS minimizes the time a + child is vulnerable in the case of a compromise of the child's + KSK(s). A signature validity period that is too short introduces the + possibility that a zone is marked "Bogus" in case of a configuration + error in the signer. There may not be enough time to fix the + problems before signatures expire. Something as mundane as operator + unavailability during weekends shows the need for DS signature + validity periods longer than 2 days. We recommend an absolute + minimum for a DS signature validity period of a few days. + + The maximum signature validity period of the DS record depends on how + long child zones are willing to be vulnerable after a key compromise. + On the other hand, shortening the DS signature validity interval + increases the operational risk for the parent. Therefore, the parent + may have policy to use a signature validity interval that is + considerably longer than the child would hope for. + + A compromise between the operational constraints of the parent and + minimizing damage for the child may result in a DS signature validity + period somewhere between a week and months. + + + + +Kolkman & Gieben Expires September 8, 2009 [Page 28] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + In addition to the signature validity period, which sets a lower + bound on the number of times the zone owner will need to sign the + zone data and which sets an upper bound to the time a child is + vulnerable after key compromise, there is the TTL value on the DS + RRs. Shortening the TTL means that the authoritative servers will + see more queries. But on the other hand, a short TTL lowers the + persistence of DS RRSets in caches thereby increasing the speed with + which updated DS RRSets propagate through the DNS. + +4.4.5. (Non) Cooperating Registrars + + [OK: this is a first strawman, and is intended to start the + discussion of the issue. By no means this is intended to be a final + text.] + + The parent-child relation is often described in terms of a (thin) + registry model. Where a registry maintains the parent zone, and the + registrant (the user of the child-domain name), deals with the + registry through an intermediary called a registrar. (See [12] for a + comprehensive definition). Registrants may out-source the + maintenance of their DNS system, including the maintenance of DNSSEC + key material, to the registrar or to another third party. The entity + that has control over the DNS zone and its keys may prevent the + registrant to make a timely move to a different registrar. [OK: I + use the term registrar below while it is the operator of the DNS zone + who is the actual culprit. For instance, the case also applies when + a registrant passes a zone to another registrant. Should I just use + "DNS Administrator"?] + + Suppose that the registrant wants to move from losing registrar A to + gaining registrar B. Let us first look what would happen in a + cooperative environment. The assumption is that registrar A will not + hand off any private key material to registrar B because that would + be a trivial case. + + In a cooperating environment one could proceed with a pre-publish ZSK + rollover whereby registrar A pre-publishes the ZSK of registrar B, + combined with a double signature KSK rollover where the two + registrars exchange public keys and independently generate a + signature over the keysets that they combine and both publish in the + zone. + + In the non-cooperative case matters are more complicated. The + loosing registrar A may not cooperate and leave the data in the DNS + as is. In the extreme case registrar A may become obstructive and + publish a DNSKEY RR with a high TTL and corresponding signature + validity so that registrar A's DNSKEY, would end up in caches for, in + theory, tens of years. + + + +Kolkman & Gieben Expires September 8, 2009 [Page 29] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + The problem arises when a validator tries to validate with A's key + and there is no signature material produced with Registrars A + available in the delegation path after redelegation from registrar A + to registrar B has taken place. One could imagine a rollover + scenario where registrar B pulls all RRSIGs created by registar A and + publishes those in conjunction with its own signatures, but that + would not allow any changes in the zone content. Since a + redelegation took place the NS RRset has -- per definition-- changed + so such rollover scenario will not work. Besides if zone transfers + are not allowed by A and NSEC3 is deployed in the A's zone then + registrar B will not have certainty that all of A's RRSIGs are + transfered. + + The only viable option for the registrant is to publish its zone + unsigned and ask the registry to remove the DS pointing to registrar + A for as long as the DNSKEY of registrar A, or any of the signatures + produced by registrar A are likely to appear in caches, which as + mentioned above could in theory be for tens of years. [OK: Some + implementations limit the time data is cached. Although that is not + a protocol requirement (and may even be considered a protocol + violation) it seems that that practice may limit the impact of this + problem, is that worth mentioning?] + + [OK: This is really the point that I'm trying to make, is the above + text needed?] There is no operational methodology to work around + this business issue and proper contractual relations ships between + registrants and their registrars seem to be the only solution to cope + with these problems. + +5. Security Considerations + + DNSSEC adds data integrity to the DNS. This document tries to assess + the operational considerations to maintain a stable and secure DNSSEC + service. Not taking into account the 'data propagation' properties + in the DNS will cause validation failures and may make secured zones + unavailable to security-aware resolvers. + +6. IANA considerations + + There are no IANA considerations with respect to this document + +7. Acknowledgments + + Most of the text of this document is copied from RFC4641 [16] people + involved in that work were in random order: Rip Loomis, Olafur + Gudmundsson, Wesley Griffin, Michael Richardson, Scott Rose, Rick van + Rein, Tim McGinnis, Gilles Guette Olivier Courtay, Sam Weiler, Jelte + Jansen, Niall O'Reilly, Holger Zuleger, Ed Lewis, Hilarie Orman, + + + +Kolkman & Gieben Expires September 8, 2009 [Page 30] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + Marcos Sanz, Peter Koch, Mike StJohns, Emmar Bretherick, Adrian + Bedford, and Lindy Foster, G. Guette, and O. Courtay. + + For this version of the document we would like to acknowldge: + + o Paul Hoffman for his contribution on the choice of cryptographic + paramenters and addressing some of the trust anchor issues. + + o Jelte Jansen provided the text in Section 4.2.4 + +8. References + +8.1. Normative References + + [1] Mockapetris, P., "Domain names - concepts and facilities", + STD 13, RFC 1034, November 1987. + + [2] Mockapetris, P., "Domain names - implementation and + specification", STD 13, RFC 1035, November 1987. + + [3] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, + "DNS Security Introduction and Requirements", RFC 4033, + March 2005. + + [4] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, + "Resource Records for the DNS Security Extensions", RFC 4034, + March 2005. + + [5] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, + "Protocol Modifications for the DNS Security Extensions", + RFC 4035, March 2005. + +8.2. Informative References + + [6] Bradner, S., "Key words for use in RFCs to Indicate Requirement + Levels", BCP 14, RFC 2119, March 1997. + + [7] Ohta, M., "Incremental Zone Transfer in DNS", RFC 1995, + August 1996. + + [8] Vixie, P., "A Mechanism for Prompt Notification of Zone Changes + (DNS NOTIFY)", RFC 1996, August 1996. + + [9] Andrews, M., "Negative Caching of DNS Queries (DNS NCACHE)", + RFC 2308, March 1998. + + [10] Eastlake, D., "DNS Security Operational Considerations", + RFC 2541, March 1999. + + + +Kolkman & Gieben Expires September 8, 2009 [Page 31] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + [11] Wellington, B., "Secure Domain Name System (DNS) Dynamic + Update", RFC 3007, November 2000. + + [12] Hollenbeck, S., "Generic Registry-Registrar Protocol + Requirements", RFC 3375, September 2002. + + [13] Orman, H. and P. Hoffman, "Determining Strengths For Public + Keys Used For Exchanging Symmetric Keys", BCP 86, RFC 3766, + April 2004. + + [14] Eastlake, D., Schiller, J., and S. Crocker, "Randomness + Requirements for Security", BCP 106, RFC 4086, June 2005. + + [15] Hollenbeck, S., "Domain Name System (DNS) Security Extensions + Mapping for the Extensible Provisioning Protocol (EPP)", + RFC 4310, December 2005. + + [16] Kolkman, O. and R. Gieben, "DNSSEC Operational Practices", + RFC 4641, September 2006. + + [17] Shirey, R., "Internet Security Glossary, Version 2", RFC 4949, + August 2007. + + [18] StJohns, M., "Automated Updates of DNS Security (DNSSEC) Trust + Anchors", RFC 5011, September 2007. + + [19] Rose, S., "NIST DNSSEC workshop notes", , June 2001. + + [20] Barker, E. and J. Kelsey, "Recommendation for Random Number + Generation Using Deterministic Random Bit Generators + (Revised)", Nist Special Publication 800-90, March 2007. + + [21] Jansen, J., "Use of SHA-2 algorithms with RSA in DNSKEY and + RRSIG Resource Records for DNSSEC", + draft-ietf-dnsext-dnssec-rsasha256-05 (work in progress), + July 2008. + + [22] Hardaker, W., "Use of SHA-256 in DNSSEC Delegation Signer (DS) + Resource Records (RRs)", RFC 4509, May 2006. + + [23] Blake-Wilson, S., Nystrom, M., Hopwood, D., Mikkelsen, J., and + T. Wright, "Transport Layer Security (TLS) Extensions", + RFC 4366, April 2006. + +Appendix A. Terminology + + In this document, there is some jargon used that is defined in other + documents. In most cases, we have not copied the text from the + + + +Kolkman & Gieben Expires September 8, 2009 [Page 32] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + documents defining the terms but have given a more elaborate + explanation of the meaning. Note that these explanations should not + be seen as authoritative. + + Anchored key: A DNSKEY configured in resolvers around the globe. + This key is hard to update, hence the term anchored. + + Bogus: Also see Section 5 of [3]. An RRSet in DNSSEC is marked + "Bogus" when a signature of an RRSet does not validate against a + DNSKEY. + + Key Signing Key or KSK: A Key Signing Key (KSK) is a key that is + used exclusively for signing the apex key set. The fact that a + key is a KSK is only relevant to the signing tool. + + Key size: The term 'key size' can be substituted by 'modulus size' + throughout the document. It is mathematically more correct to use + modulus size, but as this is a document directed at operators we + feel more at ease with the term key size. + + Private and public keys: DNSSEC secures the DNS through the use of + public key cryptography. Public key cryptography is based on the + existence of two (mathematically related) keys, a public key and a + private key. The public keys are published in the DNS by use of + the DNSKEY Resource Record (DNSKEY RR). Private keys should + remain private. + + Key rollover: A key rollover (also called key supercession in some + environments) is the act of replacing one key pair with another at + the end of a key effectivity period. + + Secure Entry Point (SEP) key: A KSK that has a parental DS record + pointing to it or is configured as a trust anchor. Although not + required by the protocol, we recommend that the SEP flag [5] is + set on these keys. + + Self-signature: This only applies to signatures over DNSKEYs; a + signature made with DNSKEY x, over DNSKEY x is called a self- + signature. Note: without further information, self-signatures + convey no trust. They are useful to check the authenticity of the + DNSKEY, i.e., they can be used as a hash. + + Singing the zone file: The term used for the event where an + administrator joyfully signs its zone file while producing melodic + sound patterns. + + + + + + +Kolkman & Gieben Expires September 8, 2009 [Page 33] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + Signer: The system that has access to the private key material and + signs the Resource Record sets in a zone. A signer may be + configured to sign only parts of the zone, e.g., only those RRSets + for which existing signatures are about to expire. + + Zone Signing Key (ZSK): A key that is used for signing all data in a + zone (except, perhaps, the DNSKEY RRSet). The fact that a key is + a ZSK is only relevant to the signing tool. + + Zone administrator: The 'role' that is responsible for signing a + zone and publishing it on the primary authoritative server. + +Appendix B. Zone Signing Key Rollover How-To + + Using the pre-published signature scheme and the most conservative + method to assure oneself that data does not live in caches, here + follows the "how-to". + + Step 0: The preparation: Create two keys and publish both in your + key set. Mark one of the keys "active" and the other "published". + Use the "active" key for signing your zone data. Store the + private part of the "published" key, preferably off-line. The + protocol does not provide for attributes to mark a key as active + or published. This is something you have to do on your own, + through the use of a notebook or key management tool. + + Step 1: Determine expiration: At the beginning of the rollover make + a note of the highest expiration time of signatures in your zone + file created with the current key marked as active. Wait until + the expiration time marked in Step 1 has passed. + + Step 2: Then start using the key that was marked "published" to sign + your data (i.e., mark it "active"). Stop using the key that was + marked "active"; mark it "rolled". + + Step 3: It is safe to engage in a new rollover (Step 1) after at + least one signature validity period. + +Appendix C. Typographic Conventions + + The following typographic conventions are used in this document: + + Key notation: A key is denoted by DNSKEYx, where x is a number or an + identifier, x could be thought of as the key id. + + + + + + + +Kolkman & Gieben Expires September 8, 2009 [Page 34] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + RRSet notations: RRs are only denoted by the type. All other + information -- owner, class, rdata, and TTL -- is left out. Thus: + "example.com 3600 IN A 192.0.2.1" is reduced to "A". RRSets are a + list of RRs. A example of this would be "A1, A2", specifying the + RRSet containing two "A" records. This could again be abbreviated + to just "A". + + Signature notation: Signatures are denoted as RRSIGx(RRSet), which + means that RRSet is signed with DNSKEYx. + + Zone representation: Using the above notation we have simplified the + representation of a signed zone by leaving out all unnecessary + details such as the names and by representing all data by "SOAx" + + SOA representation: SOAs are represented as SOAx, where x is the + serial number. + + Using this notation the following signed zone: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Kolkman & Gieben Expires September 8, 2009 [Page 35] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + example.net. 86400 IN SOA ns.example.net. bert.example.net. ( + 2006022100 ; serial + 86400 ; refresh ( 24 hours) + 7200 ; retry ( 2 hours) + 3600000 ; expire (1000 hours) + 28800 ) ; minimum ( 8 hours) + 86400 RRSIG SOA 5 2 86400 20130522213204 ( + 20130422213204 14 example.net. + cmL62SI6iAX46xGNQAdQ... ) + 86400 NS a.example.net. + 86400 NS b.example.net. + 86400 RRSIG NS 5 2 86400 20130507213204 ( + 20130407213204 14 example.net. + SO5epiJei19AjXoUpFnQ ... ) + 86400 DNSKEY 256 3 5 ( + EtRB9MP5/AvOuVO0I8XDxy0... ) ; id = 14 + 86400 DNSKEY 257 3 5 ( + gsPW/Yy19GzYIY+Gnr8HABU... ) ; id = 15 + 86400 RRSIG DNSKEY 5 2 86400 20130522213204 ( + 20130422213204 14 example.net. + J4zCe8QX4tXVGjV4e1r9... ) + 86400 RRSIG DNSKEY 5 2 86400 20130522213204 ( + 20130422213204 15 example.net. + keVDCOpsSeDReyV6O... ) + 86400 RRSIG NSEC 5 2 86400 20130507213204 ( + 20130407213204 14 example.net. + obj3HEp1GjnmhRjX... ) + a.example.net. 86400 IN TXT "A label" + 86400 RRSIG TXT 5 3 86400 20130507213204 ( + 20130407213204 14 example.net. + IkDMlRdYLmXH7QJnuF3v... ) + 86400 NSEC b.example.com. TXT RRSIG NSEC + 86400 RRSIG NSEC 5 3 86400 20130507213204 ( + 20130407213204 14 example.net. + bZMjoZ3bHjnEz0nIsPMM... ) + ... + + is reduced to the following representation: + + SOA2006022100 + RRSIG14(SOA2006022100) + DNSKEY14 + DNSKEY15 + + RRSIG14(KEY) + RRSIG15(KEY) + + The rest of the zone data has the same signature as the SOA record, + + + +Kolkman & Gieben Expires September 8, 2009 [Page 36] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + i.e., an RRSIG created with DNSKEY 14. + +Appendix D. Document Editing History + + [To be removed prior to publication as an RFC] + +D.1. draft-ietf-dnsop-rfc4641-00 + + Version 0 was differs from RFC4641 in the following ways. + + o Status of this memo appropriate for I-D + + o TOC formatting differs. + + o Whitespaces, linebreaks, and pagebreaks may be slightly different + because of xml2rfc generation. + + o References slightly reordered. + + o Applied the errata from + http://www.rfc-editor.org/errata_search.php?rfc=4641 + + o Inserted trivial "IANA considertations" section. + + In other words it should not contain substantive changes in content + as intended by the workinggroup for the original RFC4641. + +D.2. version 0->1 + + Cryptography details rewritten. (See http://www.nlnetlabs.nl/svn/ + rfc4641bis/trunk/open-issues/cryptography_flawed) + + o Reference to NIST 800-90 added + + o RSA/SHA256 is being recommended in addition to RSA/SHA1. + + o Complete rewrite of Section 3.5 removing the table and suggesting + a keysize of 1024 for keys in use for less than 8 years, issued up + to at least 2015. + + o Replaced the reference to Schneiers' applied cryptograpy with a + reference to RFC4949. + + o Removed the KSK for high level zones consideration + + Applied some differentiation with respect of the use of a KSK for + parent or trust-anchor relation http://www.nlnetlabs.nl/svn/ + rfc4641bis/trunk/open-issues/differentiation_trustanchor_parent + + + +Kolkman & Gieben Expires September 8, 2009 [Page 37] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + http://www.nlnetlabs.nl/svn/rfc4641bis/trunk/open-issues/ + rollover_assumptions + + Added Section 4.2.4 as suggested by Jelte Jansen in http:// + www.nlnetlabs.nl/svn/rfc4641bis/trunk/open-issues/Key_algorithm_roll + + Added Section 4.4.5 Issue identified by Antoin Verschuur http:// + www.nlnetlabs.nl/svn/rfc4641bis/trunk/open-issues/ + non-cooperative-registrars + + In Appendix A: ZSK does not nescessarily sign the DNSKEY RRset. + + $Id: draft-ietf-dnsop-rfc4641bis-01.txt 28 2009-03-06 14:03:57Z olaf $ + +Authors' Addresses + + Olaf M. Kolkman + NLnet Labs + Kruislaan 419 + Amsterdam 1098 VA + The Netherlands + + EMail: olaf@nlnetlabs.nl + URI: http://www.nlnetlabs.nl + + + Miek Gieben + + + EMail: miek@miek.nl + + + + + + + + + + + + + + + + + + + + + +Kolkman & Gieben Expires September 8, 2009 [Page 38] + diff --git a/contrib/zkt-1.1.2/doc/rfc4641.txt b/contrib/zkt-1.1.2/doc/rfc4641.txt new file mode 100644 index 0000000000..0a013bcba5 --- /dev/null +++ b/contrib/zkt-1.1.2/doc/rfc4641.txt @@ -0,0 +1,1963 @@ + + + + + + +Network Working Group O. Kolkman +Request for Comments: 4641 R. Gieben +Obsoletes: 2541 NLnet Labs +Category: Informational September 2006 + + + DNSSEC Operational Practices + +Status of This Memo + + This memo provides information for the Internet community. It does + not specify an Internet standard of any kind. Distribution of this + memo is unlimited. + +Copyright Notice + + Copyright (C) The Internet Society (2006). + +Abstract + + This document describes a set of practices for operating the DNS with + security extensions (DNSSEC). The target audience is zone + administrators deploying DNSSEC. + + The document discusses operational aspects of using keys and + signatures in the DNS. It discusses issues of key generation, key + storage, signature generation, key rollover, and related policies. + + This document obsoletes RFC 2541, as it covers more operational + ground and gives more up-to-date requirements with respect to key + sizes and the new DNSSEC specification. + + + + + + + + + + + + + + + + + + + + +Kolkman & Gieben Informational [Page 1] + +RFC 4641 DNSSEC Operational Practices September 2006 + + +Table of Contents + + 1. Introduction ....................................................3 + 1.1. The Use of the Term 'key' ..................................4 + 1.2. Time Definitions ...........................................4 + 2. Keeping the Chain of Trust Intact ...............................5 + 3. Keys Generation and Storage .....................................6 + 3.1. Zone and Key Signing Keys ..................................6 + 3.1.1. Motivations for the KSK and ZSK Separation ..........6 + 3.1.2. KSKs for High-Level Zones ...........................7 + 3.2. Key Generation .............................................8 + 3.3. Key Effectivity Period .....................................8 + 3.4. Key Algorithm ..............................................9 + 3.5. Key Sizes ..................................................9 + 3.6. Private Key Storage .......................................11 + 4. Signature Generation, Key Rollover, and Related Policies .......12 + 4.1. Time in DNSSEC ............................................12 + 4.1.1. Time Considerations ................................12 + 4.2. Key Rollovers .............................................14 + 4.2.1. Zone Signing Key Rollovers .........................14 + 4.2.1.1. Pre-Publish Key Rollover ..................15 + 4.2.1.2. Double Signature Zone Signing Key + Rollover ..................................17 + 4.2.1.3. Pros and Cons of the Schemes ..............18 + 4.2.2. Key Signing Key Rollovers ..........................18 + 4.2.3. Difference Between ZSK and KSK Rollovers ...........20 + 4.2.4. Automated Key Rollovers ............................21 + 4.3. Planning for Emergency Key Rollover .......................21 + 4.3.1. KSK Compromise .....................................22 + 4.3.1.1. Keeping the Chain of Trust Intact .........22 + 4.3.1.2. Breaking the Chain of Trust ...............23 + 4.3.2. ZSK Compromise .....................................23 + 4.3.3. Compromises of Keys Anchored in Resolvers ..........24 + 4.4. Parental Policies .........................................24 + 4.4.1. Initial Key Exchanges and Parental Policies + Considerations .....................................24 + 4.4.2. Storing Keys or Hashes? ............................25 + 4.4.3. Security Lameness ..................................25 + 4.4.4. DS Signature Validity Period .......................26 + 5. Security Considerations ........................................26 + 6. Acknowledgments ................................................26 + 7. References .....................................................27 + 7.1. Normative References ......................................27 + 7.2. Informative References ....................................28 + Appendix A. Terminology ...........................................30 + Appendix B. Zone Signing Key Rollover How-To ......................31 + Appendix C. Typographic Conventions ...............................32 + + + + +Kolkman & Gieben Informational [Page 2] + +RFC 4641 DNSSEC Operational Practices September 2006 + + +1. Introduction + + This document describes how to run a DNS Security (DNSSEC)-enabled + environment. It is intended for operators who have knowledge of the + DNS (see RFC 1034 [1] and RFC 1035 [2]) and want to deploy DNSSEC. + See RFC 4033 [4] for an introduction to DNSSEC, RFC 4034 [5] for the + newly introduced Resource Records (RRs), and RFC 4035 [6] for the + protocol changes. + + During workshops and early operational deployment tests, operators + and system administrators have gained experience about operating the + DNS with security extensions (DNSSEC). This document translates + these experiences into a set of practices for zone administrators. + At the time of writing, there exists very little experience with + DNSSEC in production environments; this document should therefore + explicitly not be seen as representing 'Best Current Practices'. + + The procedures herein are focused on the maintenance of signed zones + (i.e., signing and publishing zones on authoritative servers). It is + intended that maintenance of zones such as re-signing or key + rollovers be transparent to any verifying clients on the Internet. + + The structure of this document is as follows. In Section 2, we + discuss the importance of keeping the "chain of trust" intact. + Aspects of key generation and storage of private keys are discussed + in Section 3; the focus in this section is mainly on the private part + of the key(s). Section 4 describes considerations concerning the + public part of the keys. Since these public keys appear in the DNS + one has to take into account all kinds of timing issues, which are + discussed in Section 4.1. Section 4.2 and Section 4.3 deal with the + rollover, or supercession, of keys. Finally, Section 4.4 discusses + considerations on how parents deal with their children's public keys + in order to maintain chains of trust. + + The typographic conventions used in this document are explained in + Appendix C. + + Since this is a document with operational suggestions and there are + no protocol specifications, the RFC 2119 [7] language does not apply. + + This document obsoletes RFC 2541 [12] to reflect the evolution of the + underlying DNSSEC protocol since then. Changes in the choice of + cryptographic algorithms, DNS record types and type names, and the + parent-child key and signature exchange demanded a major rewrite and + additional information and explanation. + + + + + + +Kolkman & Gieben Informational [Page 3] + +RFC 4641 DNSSEC Operational Practices September 2006 + + +1.1. The Use of the Term 'key' + + It is assumed that the reader is familiar with the concept of + asymmetric keys on which DNSSEC is based (public key cryptography + [17]). Therefore, this document will use the term 'key' rather + loosely. Where it is written that 'a key is used to sign data' it is + assumed that the reader understands that it is the private part of + the key pair that is used for signing. It is also assumed that the + reader understands that the public part of the key pair is published + in the DNSKEY Resource Record and that it is the public part that is + used in key exchanges. + +1.2. Time Definitions + + In this document, we will be using a number of time-related terms. + The following definitions apply: + + o "Signature validity period" The period that a signature is valid. + It starts at the time specified in the signature inception field + of the RRSIG RR and ends at the time specified in the expiration + field of the RRSIG RR. + + o "Signature publication period" Time after which a signature (made + with a specific key) is replaced with a new signature (made with + the same key). This replacement takes place by publishing the + relevant RRSIG in the master zone file. After one stops + publishing an RRSIG in a zone, it may take a while before the + RRSIG has expired from caches and has actually been removed from + the DNS. + + o "Key effectivity period" The period during which a key pair is + expected to be effective. This period is defined as the time + between the first inception time stamp and the last expiration + date of any signature made with this key, regardless of any + discontinuity in the use of the key. The key effectivity period + can span multiple signature validity periods. + + o "Maximum/Minimum Zone Time to Live (TTL)" The maximum or minimum + value of the TTLs from the complete set of RRs in a zone. Note + that the minimum TTL is not the same as the MINIMUM field in the + SOA RR. See [11] for more information. + + + + + + + + + + +Kolkman & Gieben Informational [Page 4] + +RFC 4641 DNSSEC Operational Practices September 2006 + + +2. Keeping the Chain of Trust Intact + + Maintaining a valid chain of trust is important because broken chains + of trust will result in data being marked as Bogus (as defined in [4] + Section 5), which may cause entire (sub)domains to become invisible + to verifying clients. The administrators of secured zones have to + realize that their zone is, to verifying clients, part of a chain of + trust. + + As mentioned in the introduction, the procedures herein are intended + to ensure that maintenance of zones, such as re-signing or key + rollovers, will be transparent to the verifying clients on the + Internet. + + Administrators of secured zones will have to keep in mind that data + published on an authoritative primary server will not be immediately + seen by verifying clients; it may take some time for the data to be + transferred to other secondary authoritative nameservers and clients + may be fetching data from caching non-authoritative servers. In this + light, note that the time for a zone transfer from master to slave is + negligible when using NOTIFY [9] and incremental transfer (IXFR) [8]. + It increases when full zone transfers (AXFR) are used in combination + with NOTIFY. It increases even more if you rely on full zone + transfers based on only the SOA timing parameters for refresh. + + For the verifying clients, it is important that data from secured + zones can be used to build chains of trust regardless of whether the + data came directly from an authoritative server, a caching + nameserver, or some middle box. Only by carefully using the + available timing parameters can a zone administrator ensure that the + data necessary for verification can be obtained. + + The responsibility for maintaining the chain of trust is shared by + administrators of secured zones in the chain of trust. This is most + obvious in the case of a 'key compromise' when a trade-off between + maintaining a valid chain of trust and replacing the compromised keys + as soon as possible must be made. Then zone administrators will have + to make a trade-off, between keeping the chain of trust intact -- + thereby allowing for attacks with the compromised key -- or + deliberately breaking the chain of trust and making secured + subdomains invisible to security-aware resolvers. Also see Section + 4.3. + + + + + + + + + +Kolkman & Gieben Informational [Page 5] + +RFC 4641 DNSSEC Operational Practices September 2006 + + +3. Keys Generation and Storage + + This section describes a number of considerations with respect to the + security of keys. It deals with the generation, effectivity period, + size, and storage of private keys. + +3.1. Zone and Key Signing Keys + + The DNSSEC validation protocol does not distinguish between different + types of DNSKEYs. All DNSKEYs can be used during the validation. In + practice, operators use Key Signing and Zone Signing Keys and use the + so-called Secure Entry Point (SEP) [3] flag to distinguish between + them during operations. The dynamics and considerations are + discussed below. + + To make zone re-signing and key rollover procedures easier to + implement, it is possible to use one or more keys as Key Signing Keys + (KSKs). These keys will only sign the apex DNSKEY RRSet in a zone. + Other keys can be used to sign all the RRSets in a zone and are + referred to as Zone Signing Keys (ZSKs). In this document, we assume + that KSKs are the subset of keys that are used for key exchanges with + the parent and potentially for configuration as trusted anchors -- + the SEP keys. In this document, we assume a one-to-one mapping + between KSK and SEP keys and we assume the SEP flag to be set on all + KSKs. + +3.1.1. Motivations for the KSK and ZSK Separation + + Differentiating between the KSK and ZSK functions has several + advantages: + + o No parent/child interaction is required when ZSKs are updated. + + o The KSK can be made stronger (i.e., using more bits in the key + material). This has little operational impact since it is only + used to sign a small fraction of the zone data. Also, the KSK is + only used to verify the zone's key set, not for other RRSets in + the zone. + + o As the KSK is only used to sign a key set, which is most probably + updated less frequently than other data in the zone, it can be + stored separately from and in a safer location than the ZSK. + + o A KSK can have a longer key effectivity period. + + For almost any method of key management and zone signing, the KSK is + used less frequently than the ZSK. Once a key set is signed with the + KSK, all the keys in the key set can be used as ZSKs. If a ZSK is + + + +Kolkman & Gieben Informational [Page 6] + +RFC 4641 DNSSEC Operational Practices September 2006 + + + compromised, it can be simply dropped from the key set. The new key + set is then re-signed with the KSK. + + Given the assumption that for KSKs the SEP flag is set, the KSK can + be distinguished from a ZSK by examining the flag field in the DNSKEY + RR. If the flag field is an odd number it is a KSK. If it is an + even number it is a ZSK. + + The Zone Signing Key can be used to sign all the data in a zone on a + regular basis. When a Zone Signing Key is to be rolled, no + interaction with the parent is needed. This allows for signature + validity periods on the order of days. + + The Key Signing Key is only to be used to sign the DNSKEY RRs in a + zone. If a Key Signing Key is to be rolled over, there will be + interactions with parties other than the zone administrator. These + can include the registry of the parent zone or administrators of + verifying resolvers that have the particular key configured as secure + entry points. Hence, the key effectivity period of these keys can + and should be made much longer. Although, given a long enough key, + the key effectivity period can be on the order of years, we suggest + planning for a key effectivity on the order of a few months so that a + key rollover remains an operational routine. + +3.1.2. KSKs for High-Level Zones + + Higher-level zones are generally more sensitive than lower-level + zones. Anyone controlling or breaking the security of a zone thereby + obtains authority over all of its subdomains (except in the case of + resolvers that have locally configured the public key of a subdomain, + in which case this, and only this, subdomain wouldn't be affected by + the compromise of the parent zone). Therefore, extra care should be + taken with high-level zones, and strong keys should be used. + + The root zone is the most critical of all zones. Someone controlling + or compromising the security of the root zone would control the + entire DNS namespace of all resolvers using that root zone (except in + the case of resolvers that have locally configured the public key of + a subdomain). Therefore, the utmost care must be taken in the + securing of the root zone. The strongest and most carefully handled + keys should be used. The root zone private key should always be kept + off-line. + + Many resolvers will start at a root server for their access to and + authentication of DNS data. Securely updating the trust anchors in + an enormous population of resolvers around the world will be + extremely difficult. + + + + +Kolkman & Gieben Informational [Page 7] + +RFC 4641 DNSSEC Operational Practices September 2006 + + +3.2. Key Generation + + Careful generation of all keys is a sometimes overlooked but + absolutely essential element in any cryptographically secure system. + The strongest algorithms used with the longest keys are still of no + use if an adversary can guess enough to lower the size of the likely + key space so that it can be exhaustively searched. Technical + suggestions for the generation of random keys will be found in RFC + 4086 [14]. One should carefully assess if the random number + generator used during key generation adheres to these suggestions. + + Keys with a long effectivity period are particularly sensitive as + they will represent a more valuable target and be subject to attack + for a longer time than short-period keys. It is strongly recommended + that long-term key generation occur off-line in a manner isolated + from the network via an air gap or, at a minimum, high-level secure + hardware. + +3.3. Key Effectivity Period + + For various reasons, keys in DNSSEC need to be changed once in a + while. The longer a key is in use, the greater the probability that + it will have been compromised through carelessness, accident, + espionage, or cryptanalysis. Furthermore, when key rollovers are too + rare an event, they will not become part of the operational habit and + there is risk that nobody on-site will remember the procedure for + rollover when the need is there. + + From a purely operational perspective, a reasonable key effectivity + period for Key Signing Keys is 13 months, with the intent to replace + them after 12 months. An intended key effectivity period of a month + is reasonable for Zone Signing Keys. + + For key sizes that match these effectivity periods, see Section 3.5. + + As argued in Section 3.1.2, securely updating trust anchors will be + extremely difficult. On the other hand, the "operational habit" + argument does also apply to trust anchor reconfiguration. If a short + key effectivity period is used and the trust anchor configuration has + to be revisited on a regular basis, the odds that the configuration + tends to be forgotten is smaller. The trade-off is against a system + that is so dynamic that administrators of the validating clients will + not be able to follow the modifications. + + Key effectivity periods can be made very short, as in a few minutes. + But when replacing keys one has to take the considerations from + Section 4.1 and Section 4.2 into account. + + + + +Kolkman & Gieben Informational [Page 8] + +RFC 4641 DNSSEC Operational Practices September 2006 + + +3.4. Key Algorithm + + There are currently three different types of algorithms that can be + used in DNSSEC: RSA, DSA, and elliptic curve cryptography. The + latter is fairly new and has yet to be standardized for usage in + DNSSEC. + + RSA has been developed in an open and transparent manner. As the + patent on RSA expired in 2000, its use is now also free. + + DSA has been developed by the National Institute of Standards and + Technology (NIST). The creation of signatures takes roughly the same + time as with RSA, but is 10 to 40 times as slow for verification + [17]. + + We suggest the use of RSA/SHA-1 as the preferred algorithm for the + key. The current known attacks on RSA can be defeated by making your + key longer. As the MD5 hashing algorithm is showing cracks, we + recommend the usage of SHA-1. + + At the time of publication, it is known that the SHA-1 hash has + cryptanalysis issues. There is work in progress on addressing these + issues. We recommend the use of public key algorithms based on + hashes stronger than SHA-1 (e.g., SHA-256), as soon as these + algorithms are available in protocol specifications (see [19] and + [20]) and implementations. + +3.5. Key Sizes + + When choosing key sizes, zone administrators will need to take into + account how long a key will be used, how much data will be signed + during the key publication period (see Section 8.10 of [17]), and, + optionally, how large the key size of the parent is. As the chain of + trust really is "a chain", there is not much sense in making one of + the keys in the chain several times larger then the others. As + always, it's the weakest link that defines the strength of the entire + chain. Also see Section 3.1.1 for a discussion of how keys serving + different roles (ZSK vs. KSK) may need different key sizes. + + Generating a key of the correct size is a difficult problem; RFC 3766 + [13] tries to deal with that problem. The first part of the + selection procedure in Section 1 of the RFC states: + + 1. Determine the attack resistance necessary to satisfy the + security requirements of the application. Do this by + estimating the minimum number of computer operations that the + attacker will be forced to do in order to compromise the + + + + +Kolkman & Gieben Informational [Page 9] + +RFC 4641 DNSSEC Operational Practices September 2006 + + + security of the system and then take the logarithm base two of + that number. Call that logarithm value "n". + + A 1996 report recommended 90 bits as a good all-around choice + for system security. The 90 bit number should be increased by + about 2/3 bit/year, or about 96 bits in 2005. + + [13] goes on to explain how this number "n" can be used to calculate + the key sizes in public key cryptography. This culminated in the + table given below (slightly modified for our purpose): + + +-------------+-----------+--------------+ + | System | | | + | requirement | Symmetric | RSA or DSA | + | for attack | key size | modulus size | + | resistance | (bits) | (bits) | + | (bits) | | | + +-------------+-----------+--------------+ + | 70 | 70 | 947 | + | 80 | 80 | 1228 | + | 90 | 90 | 1553 | + | 100 | 100 | 1926 | + | 150 | 150 | 4575 | + | 200 | 200 | 8719 | + | 250 | 250 | 14596 | + +-------------+-----------+--------------+ + + The key sizes given are rather large. This is because these keys are + resilient against a trillionaire attacker. Assuming this rich + attacker will not attack your key and that the key is rolled over + once a year, we come to the following recommendations about KSK + sizes: 1024 bits for low-value domains, 1300 bits for medium-value + domains, and 2048 bits for high-value domains. + + Whether a domain is of low, medium, or high value depends solely on + the views of the zone owner. One could, for instance, view leaf + nodes in the DNS as of low value, and top-level domains (TLDs) or the + root zone of high value. The suggested key sizes should be safe for + the next 5 years. + + As ZSKs can be rolled over more easily (and thus more often), the key + sizes can be made smaller. But as said in the introduction of this + paragraph, making the ZSKs' key sizes too small (in relation to the + KSKs' sizes) doesn't make much sense. Try to limit the difference in + size to about 100 bits. + + + + + + +Kolkman & Gieben Informational [Page 10] + +RFC 4641 DNSSEC Operational Practices September 2006 + + + Note that nobody can see into the future and that these key sizes are + only provided here as a guide. Further information can be found in + [16] and Section 7.5 of [17]. It should be noted though that [16] is + already considered overly optimistic about what key sizes are + considered safe. + + One final note concerning key sizes. Larger keys will increase the + sizes of the RRSIG and DNSKEY records and will therefore increase the + chance of DNS UDP packet overflow. Also, the time it takes to + validate and create RRSIGs increases with larger keys, so don't + needlessly double your key sizes. + +3.6. Private Key Storage + + It is recommended that, where possible, zone private keys and the + zone file master copy that is to be signed be kept and used in off- + line, non-network-connected, physically secure machines only. + Periodically, an application can be run to add authentication to a + zone by adding RRSIG and NSEC RRs. Then the augmented file can be + transferred. + + When relying on dynamic update to manage a signed zone [10], be aware + that at least one private key of the zone will have to reside on the + master server. This key is only as secure as the amount of exposure + the server receives to unknown clients and the security of the host. + Although not mandatory, one could administer the DNS in the following + way. The master that processes the dynamic updates is unavailable + from generic hosts on the Internet, it is not listed in the NS RR + set, although its name appears in the SOA RRs MNAME field. The + nameservers in the NS RRSet are able to receive zone updates through + NOTIFY, IXFR, AXFR, or an out-of-band distribution mechanism. This + approach is known as the "hidden master" setup. + + The ideal situation is to have a one-way information flow to the + network to avoid the possibility of tampering from the network. + Keeping the zone master file on-line on the network and simply + cycling it through an off-line signer does not do this. The on-line + version could still be tampered with if the host it resides on is + compromised. For maximum security, the master copy of the zone file + should be off-net and should not be updated based on an unsecured + network mediated communication. + + In general, keeping a zone file off-line will not be practical and + the machines on which zone files are maintained will be connected to + a network. Operators are advised to take security measures to shield + unauthorized access to the master copy. + + + + + +Kolkman & Gieben Informational [Page 11] + +RFC 4641 DNSSEC Operational Practices September 2006 + + + For dynamically updated secured zones [10], both the master copy and + the private key that is used to update signatures on updated RRs will + need to be on-line. + +4. Signature Generation, Key Rollover, and Related Policies + +4.1. Time in DNSSEC + + Without DNSSEC, all times in the DNS are relative. The SOA fields + REFRESH, RETRY, and EXPIRATION are timers used to determine the time + elapsed after a slave server synchronized with a master server. The + Time to Live (TTL) value and the SOA RR minimum TTL parameter [11] + are used to determine how long a forwarder should cache data after it + has been fetched from an authoritative server. By using a signature + validity period, DNSSEC introduces the notion of an absolute time in + the DNS. Signatures in DNSSEC have an expiration date after which + the signature is marked as invalid and the signed data is to be + considered Bogus. + +4.1.1. Time Considerations + + Because of the expiration of signatures, one should consider the + following: + + o We suggest the Maximum Zone TTL of your zone data to be a fraction + of your signature validity period. + + If the TTL would be of similar order as the signature validity + period, then all RRSets fetched during the validity period + would be cached until the signature expiration time. Section + 7.1 of [4] suggests that "the resolver may use the time + remaining before expiration of the signature validity period of + a signed RRSet as an upper bound for the TTL". As a result, + query load on authoritative servers would peak at signature + expiration time, as this is also the time at which records + simultaneously expire from caches. + + To avoid query load peaks, we suggest the TTL on all the RRs in + your zone to be at least a few times smaller than your + signature validity period. + + o We suggest the signature publication period to end at least one + Maximum Zone TTL duration before the end of the signature validity + period. + + + + + + + +Kolkman & Gieben Informational [Page 12] + +RFC 4641 DNSSEC Operational Practices September 2006 + + + Re-signing a zone shortly before the end of the signature + validity period may cause simultaneous expiration of data from + caches. This in turn may lead to peaks in the load on + authoritative servers. + + o We suggest the Minimum Zone TTL to be long enough to both fetch + and verify all the RRs in the trust chain. In workshop + environments, it has been demonstrated [18] that a low TTL (under + 5 to 10 minutes) caused disruptions because of the following two + problems: + + 1. During validation, some data may expire before the + validation is complete. The validator should be able to + keep all data until it is completed. This applies to all + RRs needed to complete the chain of trust: DSes, DNSKEYs, + RRSIGs, and the final answers, i.e., the RRSet that is + returned for the initial query. + + 2. Frequent verification causes load on recursive nameservers. + Data at delegation points, DSes, DNSKEYs, and RRSIGs + benefit from caching. The TTL on those should be + relatively long. + + o Slave servers will need to be able to fetch newly signed zones + well before the RRSIGs in the zone served by the slave server pass + their signature expiration time. + + When a slave server is out of sync with its master and data in + a zone is signed by expired signatures, it may be better for + the slave server not to give out any answer. + + Normally, a slave server that is not able to contact a master + server for an extended period will expire a zone. When that + happens, the server will respond differently to queries for + that zone. Some servers issue SERVFAIL, whereas others turn + off the 'AA' bit in the answers. The time of expiration is set + in the SOA record and is relative to the last successful + refresh between the master and the slave servers. There exists + no coupling between the signature expiration of RRSIGs in the + zone and the expire parameter in the SOA. + + If the server serves a DNSSEC zone, then it may well happen + that the signatures expire well before the SOA expiration timer + counts down to zero. It is not possible to completely prevent + this from happening by tweaking the SOA parameters. However, + the effects can be minimized where the SOA expiration time is + equal to or shorter than the signature validity period. The + consequence of an authoritative server not being able to update + + + +Kolkman & Gieben Informational [Page 13] + +RFC 4641 DNSSEC Operational Practices September 2006 + + + a zone, whilst that zone includes expired signatures, is that + non-secure resolvers will continue to be able to resolve data + served by the particular slave servers while security-aware + resolvers will experience problems because of answers being + marked as Bogus. + + We suggest the SOA expiration timer being approximately one + third or one fourth of the signature validity period. It will + allow problems with transfers from the master server to be + noticed before the actual signature times out. We also suggest + that operators of nameservers that supply secondary services + develop 'watch dogs' to spot upcoming signature expirations in + zones they slave, and take appropriate action. + + When determining the value for the expiration parameter one has + to take the following into account: What are the chances that + all my secondaries expire the zone? How quickly can I reach an + administrator of secondary servers to load a valid zone? These + questions are not DNSSEC specific but may influence the choice + of your signature validity intervals. + +4.2. Key Rollovers + + A DNSSEC key cannot be used forever (see Section 3.3). So key + rollovers -- or supercessions, as they are sometimes called -- are a + fact of life when using DNSSEC. Zone administrators who are in the + process of rolling their keys have to take into account that data + published in previous versions of their zone still lives in caches. + When deploying DNSSEC, this becomes an important consideration; + ignoring data that may be in caches may lead to loss of service for + clients. + + The most pressing example of this occurs when zone material signed + with an old key is being validated by a resolver that does not have + the old zone key cached. If the old key is no longer present in the + current zone, this validation fails, marking the data "Bogus". + Alternatively, an attempt could be made to validate data that is + signed with a new key against an old key that lives in a local cache, + also resulting in data being marked "Bogus". + +4.2.1. Zone Signing Key Rollovers + + For "Zone Signing Key rollovers", there are two ways to make sure + that during the rollover data still cached can be verified with the + new key sets or newly generated signatures can be verified with the + keys still in caches. One schema, described in Section 4.2.1.2, uses + + + + + +Kolkman & Gieben Informational [Page 14] + +RFC 4641 DNSSEC Operational Practices September 2006 + + + double signatures; the other uses key pre-publication (Section + 4.2.1.1). The pros, cons, and recommendations are described in + Section 4.2.1.3. + +4.2.1.1. Pre-Publish Key Rollover + + This section shows how to perform a ZSK rollover without the need to + sign all the data in a zone twice -- the "pre-publish key rollover". + This method has advantages in the case of a key compromise. If the + old key is compromised, the new key has already been distributed in + the DNS. The zone administrator is then able to quickly switch to + the new key and remove the compromised key from the zone. Another + major advantage is that the zone size does not double, as is the case + with the double signature ZSK rollover. A small "how-to" for this + kind of rollover can be found in Appendix B. + + Pre-publish key rollover involves four stages as follows: + + ---------------------------------------------------------------- + initial new DNSKEY new RRSIGs DNSKEY removal + ---------------------------------------------------------------- + SOA0 SOA1 SOA2 SOA3 + RRSIG10(SOA0) RRSIG10(SOA1) RRSIG11(SOA2) RRSIG11(SOA3) + + DNSKEY1 DNSKEY1 DNSKEY1 DNSKEY1 + DNSKEY10 DNSKEY10 DNSKEY10 DNSKEY11 + DNSKEY11 DNSKEY11 + RRSIG1 (DNSKEY) RRSIG1 (DNSKEY) RRSIG1(DNSKEY) RRSIG1 (DNSKEY) + RRSIG10(DNSKEY) RRSIG10(DNSKEY) RRSIG11(DNSKEY) RRSIG11(DNSKEY) + ---------------------------------------------------------------- + + Pre-Publish Key Rollover + + initial: Initial version of the zone: DNSKEY 1 is the Key Signing + Key. DNSKEY 10 is used to sign all the data of the zone, the Zone + Signing Key. + + new DNSKEY: DNSKEY 11 is introduced into the key set. Note that no + signatures are generated with this key yet, but this does not + secure against brute force attacks on the public key. The minimum + duration of this pre-roll phase is the time it takes for the data + to propagate to the authoritative servers plus TTL value of the + key set. + + new RRSIGs: At the "new RRSIGs" stage (SOA serial 2), DNSKEY 11 is + used to sign the data in the zone exclusively (i.e., all the + signatures from DNSKEY 10 are removed from the zone). DNSKEY 10 + remains published in the key set. This way data that was loaded + + + +Kolkman & Gieben Informational [Page 15] + +RFC 4641 DNSSEC Operational Practices September 2006 + + + into caches from version 1 of the zone can still be verified with + key sets fetched from version 2 of the zone. The minimum time + that the key set including DNSKEY 10 is to be published is the + time that it takes for zone data from the previous version of the + zone to expire from old caches, i.e., the time it takes for this + zone to propagate to all authoritative servers plus the Maximum + Zone TTL value of any of the data in the previous version of the + zone. + + DNSKEY removal: DNSKEY 10 is removed from the zone. The key set, now + only containing DNSKEY 1 and DNSKEY 11, is re-signed with the + DNSKEY 1. + + The above scheme can be simplified by always publishing the "future" + key immediately after the rollover. The scheme would look as follows + (we show two rollovers); the future key is introduced in "new DNSKEY" + as DNSKEY 12 and again a newer one, numbered 13, in "new DNSKEY + (II)": + + ---------------------------------------------------------------- + initial new RRSIGs new DNSKEY + ---------------------------------------------------------------- + SOA0 SOA1 SOA2 + RRSIG10(SOA0) RRSIG11(SOA1) RRSIG11(SOA2) + + DNSKEY1 DNSKEY1 DNSKEY1 + DNSKEY10 DNSKEY10 DNSKEY11 + DNSKEY11 DNSKEY11 DNSKEY12 + RRSIG1(DNSKEY) RRSIG1 (DNSKEY) RRSIG1(DNSKEY) + RRSIG10(DNSKEY) RRSIG11(DNSKEY) RRSIG11(DNSKEY) + ---------------------------------------------------------------- + + ---------------------------------------------------------------- + new RRSIGs (II) new DNSKEY (II) + ---------------------------------------------------------------- + SOA3 SOA4 + RRSIG12(SOA3) RRSIG12(SOA4) + + DNSKEY1 DNSKEY1 + DNSKEY11 DNSKEY12 + DNSKEY12 DNSKEY13 + RRSIG1(DNSKEY) RRSIG1(DNSKEY) + RRSIG12(DNSKEY) RRSIG12(DNSKEY) + ---------------------------------------------------------------- + + Pre-Publish Key Rollover, Showing Two Rollovers + + + + + +Kolkman & Gieben Informational [Page 16] + +RFC 4641 DNSSEC Operational Practices September 2006 + + + Note that the key introduced in the "new DNSKEY" phase is not used + for production yet; the private key can thus be stored in a + physically secure manner and does not need to be 'fetched' every time + a zone needs to be signed. + +4.2.1.2. Double Signature Zone Signing Key Rollover + + This section shows how to perform a ZSK key rollover using the double + zone data signature scheme, aptly named "double signature rollover". + + During the "new DNSKEY" stage the new version of the zone file will + need to propagate to all authoritative servers and the data that + exists in (distant) caches will need to expire, requiring at least + the Maximum Zone TTL. + + Double signature ZSK rollover involves three stages as follows: + + ---------------------------------------------------------------- + initial new DNSKEY DNSKEY removal + ---------------------------------------------------------------- + SOA0 SOA1 SOA2 + RRSIG10(SOA0) RRSIG10(SOA1) RRSIG11(SOA2) + RRSIG11(SOA1) + + DNSKEY1 DNSKEY1 DNSKEY1 + DNSKEY10 DNSKEY10 DNSKEY11 + DNSKEY11 + RRSIG1(DNSKEY) RRSIG1(DNSKEY) RRSIG1(DNSKEY) + RRSIG10(DNSKEY) RRSIG10(DNSKEY) RRSIG11(DNSKEY) + RRSIG11(DNSKEY) + ---------------------------------------------------------------- + + Double Signature Zone Signing Key Rollover + + initial: Initial Version of the zone: DNSKEY 1 is the Key Signing + Key. DNSKEY 10 is used to sign all the data of the zone, the Zone + Signing Key. + + new DNSKEY: At the "New DNSKEY" stage (SOA serial 1) DNSKEY 11 is + introduced into the key set and all the data in the zone is signed + with DNSKEY 10 and DNSKEY 11. The rollover period will need to + continue until all data from version 0 of the zone has expired + from remote caches. This will take at least the Maximum Zone TTL + of version 0 of the zone. + + DNSKEY removal: DNSKEY 10 is removed from the zone. All the + signatures from DNSKEY 10 are removed from the zone. The key set, + now only containing DNSKEY 11, is re-signed with DNSKEY 1. + + + +Kolkman & Gieben Informational [Page 17] + +RFC 4641 DNSSEC Operational Practices September 2006 + + + At every instance, RRSIGs from the previous version of the zone can + be verified with the DNSKEY RRSet from the current version and the + other way around. The data from the current version can be verified + with the data from the previous version of the zone. The duration of + the "new DNSKEY" phase and the period between rollovers should be at + least the Maximum Zone TTL. + + Making sure that the "new DNSKEY" phase lasts until the signature + expiration time of the data in initial version of the zone is + recommended. This way all caches are cleared of the old signatures. + However, this duration could be considerably longer than the Maximum + Zone TTL, making the rollover a lengthy procedure. + + Note that in this example we assumed that the zone was not modified + during the rollover. New data can be introduced in the zone as long + as it is signed with both keys. + +4.2.1.3. Pros and Cons of the Schemes + + Pre-publish key rollover: This rollover does not involve signing the + zone data twice. Instead, before the actual rollover, the new key + is published in the key set and thus is available for + cryptanalysis attacks. A small disadvantage is that this process + requires four steps. Also the pre-publish scheme involves more + parental work when used for KSK rollovers as explained in Section + 4.2.3. + + Double signature ZSK rollover: The drawback of this signing scheme is + that during the rollover the number of signatures in your zone + doubles; this may be prohibitive if you have very big zones. An + advantage is that it only requires three steps. + +4.2.2. Key Signing Key Rollovers + + For the rollover of a Key Signing Key, the same considerations as for + the rollover of a Zone Signing Key apply. However, we can use a + double signature scheme to guarantee that old data (only the apex key + set) in caches can be verified with a new key set and vice versa. + Since only the key set is signed with a KSK, zone size considerations + do not apply. + + + + + + + + + + + +Kolkman & Gieben Informational [Page 18] + +RFC 4641 DNSSEC Operational Practices September 2006 + + + -------------------------------------------------------------------- + initial new DNSKEY DS change DNSKEY removal + -------------------------------------------------------------------- + Parent: + SOA0 --------> SOA1 --------> + RRSIGpar(SOA0) --------> RRSIGpar(SOA1) --------> + DS1 --------> DS2 --------> + RRSIGpar(DS) --------> RRSIGpar(DS) --------> + + + Child: + SOA0 SOA1 --------> SOA2 + RRSIG10(SOA0) RRSIG10(SOA1) --------> RRSIG10(SOA2) + --------> + DNSKEY1 DNSKEY1 --------> DNSKEY2 + DNSKEY2 --------> + DNSKEY10 DNSKEY10 --------> DNSKEY10 + RRSIG1 (DNSKEY) RRSIG1 (DNSKEY) --------> RRSIG2 (DNSKEY) + RRSIG2 (DNSKEY) --------> + RRSIG10(DNSKEY) RRSIG10(DNSKEY) --------> RRSIG10(DNSKEY) + -------------------------------------------------------------------- + + Stages of Deployment for a Double Signature Key Signing Key Rollover + + initial: Initial version of the zone. The parental DS points to + DNSKEY1. Before the rollover starts, the child will have to + verify what the TTL is of the DS RR that points to DNSKEY1 -- it + is needed during the rollover and we refer to the value as TTL_DS. + + new DNSKEY: During the "new DNSKEY" phase, the zone administrator + generates a second KSK, DNSKEY2. The key is provided to the + parent, and the child will have to wait until a new DS RR has been + generated that points to DNSKEY2. After that DS RR has been + published on all servers authoritative for the parent's zone, the + zone administrator has to wait at least TTL_DS to make sure that + the old DS RR has expired from caches. + + DS change: The parent replaces DS1 with DS2. + + DNSKEY removal: DNSKEY1 has been removed. + + The scenario above puts the responsibility for maintaining a valid + chain of trust with the child. It also is based on the premise that + the parent only has one DS RR (per algorithm) per zone. An + alternative mechanism has been considered. Using an established + trust relation, the interaction can be performed in-band, and the + removal of the keys by the child can possibly be signaled by the + parent. In this mechanism, there are periods where there are two DS + + + +Kolkman & Gieben Informational [Page 19] + +RFC 4641 DNSSEC Operational Practices September 2006 + + + RRs at the parent. Since at the moment of writing the protocol for + this interaction has not been developed, further discussion is out of + scope for this document. + +4.2.3. Difference Between ZSK and KSK Rollovers + + Note that KSK rollovers and ZSK rollovers are different in the sense + that a KSK rollover requires interaction with the parent (and + possibly replacing of trust anchors) and the ensuing delay while + waiting for it. + + A zone key rollover can be handled in two different ways: pre-publish + (Section 4.2.1.1) and double signature (Section 4.2.1.2). + + As the KSK is used to validate the key set and because the KSK is not + changed during a ZSK rollover, a cache is able to validate the new + key set of the zone. The pre-publish method would also work for a + KSK rollover. The records that are to be pre-published are the + parental DS RRs. The pre-publish method has some drawbacks for KSKs. + We first describe the rollover scheme and then indicate these + drawbacks. + + -------------------------------------------------------------------- + initial new DS new DNSKEY DS/DNSKEY removal + -------------------------------------------------------------------- + Parent: + SOA0 SOA1 --------> SOA2 + RRSIGpar(SOA0) RRSIGpar(SOA1) --------> RRSIGpar(SOA2) + DS1 DS1 --------> DS2 + DS2 --------> + RRSIGpar(DS) RRSIGpar(DS) --------> RRSIGpar(DS) + + + Child: + SOA0 --------> SOA1 SOA1 + RRSIG10(SOA0) --------> RRSIG10(SOA1) RRSIG10(SOA1) + --------> + DNSKEY1 --------> DNSKEY2 DNSKEY2 + --------> + DNSKEY10 --------> DNSKEY10 DNSKEY10 + RRSIG1 (DNSKEY) --------> RRSIG2(DNSKEY) RRSIG2 (DNSKEY) + RRSIG10(DNSKEY) --------> RRSIG10(DNSKEY) RRSIG10(DNSKEY) + -------------------------------------------------------------------- + + Stages of Deployment for a Pre-Publish Key Signing Key Rollover + + + + + + +Kolkman & Gieben Informational [Page 20] + +RFC 4641 DNSSEC Operational Practices September 2006 + + + When the child zone wants to roll, it notifies the parent during the + "new DS" phase and submits the new key (or the corresponding DS) to + the parent. The parent publishes DS1 and DS2, pointing to DNSKEY1 + and DNSKEY2, respectively. During the rollover ("new DNSKEY" phase), + which can take place as soon as the new DS set propagated through the + DNS, the child replaces DNSKEY1 with DNSKEY2. Immediately after that + ("DS/DNSKEY removal" phase), it can notify the parent that the old DS + record can be deleted. + + The drawbacks of this scheme are that during the "new DS" phase the + parent cannot verify the match between the DS2 RR and DNSKEY2 using + the DNS -- as DNSKEY2 is not yet published. Besides, we introduce a + "security lame" key (see Section 4.4.3). Finally, the child-parent + interaction consists of two steps. The "double signature" method + only needs one interaction. + +4.2.4. Automated Key Rollovers + + As keys must be renewed periodically, there is some motivation to + automate the rollover process. Consider the following: + + o ZSK rollovers are easy to automate as only the child zone is + involved. + + o A KSK rollover needs interaction between parent and child. Data + exchange is needed to provide the new keys to the parent; + consequently, this data must be authenticated and integrity must + be guaranteed in order to avoid attacks on the rollover. + +4.3. Planning for Emergency Key Rollover + + This section deals with preparation for a possible key compromise. + Our advice is to have a documented procedure ready for when a key + compromise is suspected or confirmed. + + When the private material of one of your keys is compromised it can + be used for as long as a valid trust chain exists. A trust chain + remains intact for + + o as long as a signature over the compromised key in the trust chain + is valid, + + o as long as a parental DS RR (and signature) points to the + compromised key, + + o as long as the key is anchored in a resolver and is used as a + starting point for validation (this is generally the hardest to + update). + + + +Kolkman & Gieben Informational [Page 21] + +RFC 4641 DNSSEC Operational Practices September 2006 + + + While a trust chain to your compromised key exists, your namespace is + vulnerable to abuse by anyone who has obtained illegitimate + possession of the key. Zone operators have to make a trade-off if + the abuse of the compromised key is worse than having data in caches + that cannot be validated. If the zone operator chooses to break the + trust chain to the compromised key, data in caches signed with this + key cannot be validated. However, if the zone administrator chooses + to take the path of a regular rollover, the malicious key holder can + spoof data so that it appears to be valid. + +4.3.1. KSK Compromise + + A zone containing a DNSKEY RRSet with a compromised KSK is vulnerable + as long as the compromised KSK is configured as trust anchor or a + parental DS points to it. + + A compromised KSK can be used to sign the key set of an attacker's + zone. That zone could be used to poison the DNS. + + Therefore, when the KSK has been compromised, the trust anchor or the + parental DS should be replaced as soon as possible. It is local + policy whether to break the trust chain during the emergency + rollover. The trust chain would be broken when the compromised KSK + is removed from the child's zone while the parent still has a DS + pointing to the compromised KSK (the assumption is that there is only + one DS at the parent. If there are multiple DSes this does not apply + -- however the chain of trust of this particular key is broken). + + Note that an attacker's zone still uses the compromised KSK and the + presence of a parental DS would cause the data in this zone to appear + as valid. Removing the compromised key would cause the attacker's + zone to appear as valid and the child's zone as Bogus. Therefore, we + advise not to remove the KSK before the parent has a DS to a new KSK + in place. + +4.3.1.1. Keeping the Chain of Trust Intact + + If we follow this advice, the timing of the replacement of the KSK is + somewhat critical. The goal is to remove the compromised KSK as soon + as the new DS RR is available at the parent. And also make sure that + the signature made with a new KSK over the key set with the + compromised KSK in it expires just after the new DS appears at the + parent, thus removing the old cruft in one swoop. + + The procedure is as follows: + + 1. Introduce a new KSK into the key set, keep the compromised KSK in + the key set. + + + +Kolkman & Gieben Informational [Page 22] + +RFC 4641 DNSSEC Operational Practices September 2006 + + + 2. Sign the key set, with a short validity period. The validity + period should expire shortly after the DS is expected to appear + in the parent and the old DSes have expired from caches. + + 3. Upload the DS for this new key to the parent. + + 4. Follow the procedure of the regular KSK rollover: Wait for the DS + to appear in the authoritative servers and then wait as long as + the TTL of the old DS RRs. If necessary re-sign the DNSKEY RRSet + and modify/extend the expiration time. + + 5. Remove the compromised DNSKEY RR from the zone and re-sign the + key set using your "normal" validity interval. + + An additional danger of a key compromise is that the compromised key + could be used to facilitate a legitimate DNSKEY/DS rollover and/or + nameserver changes at the parent. When that happens, the domain may + be in dispute. An authenticated out-of-band and secure notify + mechanism to contact a parent is needed in this case. + + Note that this is only a problem when the DNSKEY and or DS records + are used for authentication at the parent. + +4.3.1.2. Breaking the Chain of Trust + + There are two methods to break the chain of trust. The first method + causes the child zone to appear 'Bogus' to validating resolvers. The + other causes the child zone to appear 'insecure'. These are + described below. + + In the method that causes the child zone to appear 'Bogus' to + validating resolvers, the child zone replaces the current KSK with a + new one and re-signs the key set. Next it sends the DS of the new + key to the parent. Only after the parent has placed the new DS in + the zone is the child's chain of trust repaired. + + An alternative method of breaking the chain of trust is by removing + the DS RRs from the parent zone altogether. As a result, the child + zone would become insecure. + +4.3.2. ZSK Compromise + + Primarily because there is no parental interaction required when a + ZSK is compromised, the situation is less severe than with a KSK + compromise. The zone must still be re-signed with a new ZSK as soon + as possible. As this is a local operation and requires no + communication between the parent and child, this can be achieved + fairly quickly. However, one has to take into account that just as + + + +Kolkman & Gieben Informational [Page 23] + +RFC 4641 DNSSEC Operational Practices September 2006 + + + with a normal rollover the immediate disappearance of the old + compromised key may lead to verification problems. Also note that as + long as the RRSIG over the compromised ZSK is not expired the zone + may be still at risk. + +4.3.3. Compromises of Keys Anchored in Resolvers + + A key can also be pre-configured in resolvers. For instance, if + DNSSEC is successfully deployed the root key may be pre-configured in + most security aware resolvers. + + If trust-anchor keys are compromised, the resolvers using these keys + should be notified of this fact. Zone administrators may consider + setting up a mailing list to communicate the fact that a SEP key is + about to be rolled over. This communication will of course need to + be authenticated, e.g., by using digital signatures. + + End-users faced with the task of updating an anchored key should + always validate the new key. New keys should be authenticated out- + of-band, for example, through the use of an announcement website that + is secured using secure sockets (TLS) [21]. + +4.4. Parental Policies + +4.4.1. Initial Key Exchanges and Parental Policies Considerations + + The initial key exchange is always subject to the policies set by the + parent. When designing a key exchange policy one should take into + account that the authentication and authorization mechanisms used + during a key exchange should be as strong as the authentication and + authorization mechanisms used for the exchange of delegation + information between parent and child. That is, there is no implicit + need in DNSSEC to make the authentication process stronger than it + was in DNS. + + Using the DNS itself as the source for the actual DNSKEY material, + with an out-of-band check on the validity of the DNSKEY, has the + benefit that it reduces the chances of user error. A DNSKEY query + tool can make use of the SEP bit [3] to select the proper key from a + DNSSEC key set, thereby reducing the chance that the wrong DNSKEY is + sent. It can validate the self-signature over a key; thereby + verifying the ownership of the private key material. Fetching the + DNSKEY from the DNS ensures that the chain of trust remains intact + once the parent publishes the DS RR indicating the child is secure. + + Note: the out-of-band verification is still needed when the key + material is fetched via the DNS. The parent can never be sure + whether or not the DNSKEY RRs have been spoofed. + + + +Kolkman & Gieben Informational [Page 24] + +RFC 4641 DNSSEC Operational Practices September 2006 + + +4.4.2. Storing Keys or Hashes? + + When designing a registry system one should consider which of the + DNSKEYs and/or the corresponding DSes to store. Since a child zone + might wish to have a DS published using a message digest algorithm + not yet understood by the registry, the registry can't count on being + able to generate the DS record from a raw DNSKEY. Thus, we recommend + that registry systems at least support storing DS records. + + It may also be useful to store DNSKEYs, since having them may help + during troubleshooting and, as long as the child's chosen message + digest is supported, the overhead of generating DS records from them + is minimal. Having an out-of-band mechanism, such as a registry + directory (e.g., Whois), to find out which keys are used to generate + DS Resource Records for specific owners and/or zones may also help + with troubleshooting. + + The storage considerations also relate to the design of the customer + interface and the method by which data is transferred between + registrant and registry; Will the child zone administrator be able to + upload DS RRs with unknown hash algorithms or does the interface only + allow DNSKEYs? In the registry-registrar model, one can use the + DNSSEC extensions to the Extensible Provisioning Protocol (EPP) [15], + which allows transfer of DS RRs and optionally DNSKEY RRs. + +4.4.3. Security Lameness + + Security lameness is defined as what happens when a parent has a DS + RR pointing to a non-existing DNSKEY RR. When this happens, the + child's zone may be marked "Bogus" by verifying DNS clients. + + As part of a comprehensive delegation check, the parent could, at key + exchange time, verify that the child's key is actually configured in + the DNS. However, if a parent does not understand the hashing + algorithm used by child, the parental checks are limited to only + comparing the key id. + + Child zones should be very careful in removing DNSKEY material, + specifically SEP keys, for which a DS RR exists. + + Once a zone is "security lame", a fix (e.g., removing a DS RR) will + take time to propagate through the DNS. + + + + + + + + + +Kolkman & Gieben Informational [Page 25] + +RFC 4641 DNSSEC Operational Practices September 2006 + + +4.4.4. DS Signature Validity Period + + Since the DS can be replayed as long as it has a valid signature, a + short signature validity period over the DS minimizes the time a + child is vulnerable in the case of a compromise of the child's + KSK(s). A signature validity period that is too short introduces the + possibility that a zone is marked "Bogus" in case of a configuration + error in the signer. There may not be enough time to fix the + problems before signatures expire. Something as mundane as operator + unavailability during weekends shows the need for DS signature + validity periods longer than 2 days. We recommend an absolute + minimum for a DS signature validity period of a few days. + + The maximum signature validity period of the DS record depends on how + long child zones are willing to be vulnerable after a key compromise. + On the other hand, shortening the DS signature validity interval + increases the operational risk for the parent. Therefore, the parent + may have policy to use a signature validity interval that is + considerably longer than the child would hope for. + + A compromise between the operational constraints of the parent and + minimizing damage for the child may result in a DS signature validity + period somewhere between a week and months. + + In addition to the signature validity period, which sets a lower + bound on the number of times the zone owner will need to sign the + zone data and which sets an upper bound to the time a child is + vulnerable after key compromise, there is the TTL value on the DS + RRs. Shortening the TTL means that the authoritative servers will + see more queries. But on the other hand, a short TTL lowers the + persistence of DS RRSets in caches thereby increasing the speed with + which updated DS RRSets propagate through the DNS. + +5. Security Considerations + + DNSSEC adds data integrity to the DNS. This document tries to assess + the operational considerations to maintain a stable and secure DNSSEC + service. Not taking into account the 'data propagation' properties + in the DNS will cause validation failures and may make secured zones + unavailable to security-aware resolvers. + +6. Acknowledgments + + Most of the ideas in this document were the result of collective + efforts during workshops, discussions, and tryouts. + + At the risk of forgetting individuals who were the original + contributors of the ideas, we would like to acknowledge people who + + + +Kolkman & Gieben Informational [Page 26] + +RFC 4641 DNSSEC Operational Practices September 2006 + + + were actively involved in the compilation of this document. In + random order: Rip Loomis, Olafur Gudmundsson, Wesley Griffin, Michael + Richardson, Scott Rose, Rick van Rein, Tim McGinnis, Gilles Guette + Olivier Courtay, Sam Weiler, Jelte Jansen, Niall O'Reilly, Holger + Zuleger, Ed Lewis, Hilarie Orman, Marcos Sanz, and Peter Koch. + + Some material in this document has been copied from RFC 2541 [12]. + + Mike StJohns designed the key exchange between parent and child + mentioned in the last paragraph of Section 4.2.2 + + Section 4.2.4 was supplied by G. Guette and O. Courtay. + + Emma Bretherick, Adrian Bedford, and Lindy Foster corrected many of + the spelling and style issues. + + Kolkman and Gieben take the blame for introducing all miscakes (sic). + + While working on this document, Kolkman was employed by the RIPE NCC + and Gieben was employed by NLnet Labs. + +7. References + +7.1. Normative References + + [1] Mockapetris, P., "Domain names - concepts and facilities", STD + 13, RFC 1034, November 1987. + + [2] Mockapetris, P., "Domain names - implementation and + specification", STD 13, RFC 1035, November 1987. + + [3] Kolkman, O., Schlyter, J., and E. Lewis, "Domain Name System + KEY (DNSKEY) Resource Record (RR) Secure Entry Point (SEP) + Flag", RFC 3757, May 2004. + + [4] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, + "DNS Security Introduction and Requirements", RFC 4033, March + 2005. + + [5] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, + "Resource Records for the DNS Security Extensions", RFC 4034, + March 2005. + + [6] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, + "Protocol Modifications for the DNS Security Extensions", RFC + 4035, March 2005. + + + + + +Kolkman & Gieben Informational [Page 27] + +RFC 4641 DNSSEC Operational Practices September 2006 + + +7.2. Informative References + + [7] Bradner, S., "Key words for use in RFCs to Indicate Requirement + Levels", BCP 14, RFC 2119, March 1997. + + [8] Ohta, M., "Incremental Zone Transfer in DNS", RFC 1995, August + 1996. + + [9] Vixie, P., "A Mechanism for Prompt Notification of Zone Changes + (DNS NOTIFY)", RFC 1996, August 1996. + + [10] Wellington, B., "Secure Domain Name System (DNS) Dynamic + Update", RFC 3007, November 2000. + + [11] Andrews, M., "Negative Caching of DNS Queries (DNS NCACHE)", + RFC 2308, March 1998. + + [12] Eastlake, D., "DNS Security Operational Considerations", RFC + 2541, March 1999. + + [13] Orman, H. and P. Hoffman, "Determining Strengths For Public + Keys Used For Exchanging Symmetric Keys", BCP 86, RFC 3766, + April 2004. + + [14] Eastlake, D., Schiller, J., and S. Crocker, "Randomness + Requirements for Security", BCP 106, RFC 4086, June 2005. + + [15] Hollenbeck, S., "Domain Name System (DNS) Security Extensions + Mapping for the Extensible Provisioning Protocol (EPP)", RFC + 4310, December 2005. + + [16] Lenstra, A. and E. Verheul, "Selecting Cryptographic Key + Sizes", The Journal of Cryptology 14 (255-293), 2001. + + [17] Schneier, B., "Applied Cryptography: Protocols, Algorithms, and + Source Code in C", ISBN (hardcover) 0-471-12845-7, ISBN + (paperback) 0-471-59756-2, Published by John Wiley & Sons Inc., + 1996. + + [18] Rose, S., "NIST DNSSEC workshop notes", June 2001. + + [19] Jansen, J., "Use of RSA/SHA-256 DNSKEY and RRSIG Resource + Records in DNSSEC", Work in Progress, January 2006. + + [20] Hardaker, W., "Use of SHA-256 in DNSSEC Delegation Signer (DS) + Resource Records (RRs)", RFC 4509, May 2006. + + + + + +Kolkman & Gieben Informational [Page 28] + +RFC 4641 DNSSEC Operational Practices September 2006 + + + [21] Blake-Wilson, S., Nystrom, M., Hopwood, D., Mikkelsen, J., and + T. Wright, "Transport Layer Security (TLS) Extensions", RFC + 4366, April 2006. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Kolkman & Gieben Informational [Page 29] + +RFC 4641 DNSSEC Operational Practices September 2006 + + +Appendix A. Terminology + + In this document, there is some jargon used that is defined in other + documents. In most cases, we have not copied the text from the + documents defining the terms but have given a more elaborate + explanation of the meaning. Note that these explanations should not + be seen as authoritative. + + Anchored key: A DNSKEY configured in resolvers around the globe. + This key is hard to update, hence the term anchored. + + Bogus: Also see Section 5 of [4]. An RRSet in DNSSEC is marked + "Bogus" when a signature of an RRSet does not validate against a + DNSKEY. + + Key Signing Key or KSK: A Key Signing Key (KSK) is a key that is used + exclusively for signing the apex key set. The fact that a key is + a KSK is only relevant to the signing tool. + + Key size: The term 'key size' can be substituted by 'modulus size' + throughout the document. It is mathematically more correct to use + modulus size, but as this is a document directed at operators we + feel more at ease with the term key size. + + Private and public keys: DNSSEC secures the DNS through the use of + public key cryptography. Public key cryptography is based on the + existence of two (mathematically related) keys, a public key and a + private key. The public keys are published in the DNS by use of + the DNSKEY Resource Record (DNSKEY RR). Private keys should + remain private. + + Key rollover: A key rollover (also called key supercession in some + environments) is the act of replacing one key pair with another at + the end of a key effectivity period. + + Secure Entry Point (SEP) key: A KSK that has a parental DS record + pointing to it or is configured as a trust anchor. Although not + required by the protocol, we recommend that the SEP flag [3] is + set on these keys. + + Self-signature: This only applies to signatures over DNSKEYs; a + signature made with DNSKEY x, over DNSKEY x is called a self- + signature. Note: without further information, self-signatures + convey no trust. They are useful to check the authenticity of the + DNSKEY, i.e., they can be used as a hash. + + + + + + +Kolkman & Gieben Informational [Page 30] + +RFC 4641 DNSSEC Operational Practices September 2006 + + + Singing the zone file: The term used for the event where an + administrator joyfully signs its zone file while producing melodic + sound patterns. + + Signer: The system that has access to the private key material and + signs the Resource Record sets in a zone. A signer may be + configured to sign only parts of the zone, e.g., only those RRSets + for which existing signatures are about to expire. + + Zone Signing Key (ZSK): A key that is used for signing all data in a + zone. The fact that a key is a ZSK is only relevant to the + signing tool. + + Zone administrator: The 'role' that is responsible for signing a zone + and publishing it on the primary authoritative server. + +Appendix B. Zone Signing Key Rollover How-To + + Using the pre-published signature scheme and the most conservative + method to assure oneself that data does not live in caches, here + follows the "how-to". + + Step 0: The preparation: Create two keys and publish both in your key + set. Mark one of the keys "active" and the other "published". + Use the "active" key for signing your zone data. Store the + private part of the "published" key, preferably off-line. The + protocol does not provide for attributes to mark a key as active + or published. This is something you have to do on your own, + through the use of a notebook or key management tool. + + Step 1: Determine expiration: At the beginning of the rollover make a + note of the highest expiration time of signatures in your zone + file created with the current key marked as active. Wait until + the expiration time marked in Step 1 has passed. + + Step 2: Then start using the key that was marked "published" to sign + your data (i.e., mark it "active"). Stop using the key that was + marked "active"; mark it "rolled". + + Step 3: It is safe to engage in a new rollover (Step 1) after at + least one signature validity period. + + + + + + + + + + +Kolkman & Gieben Informational [Page 31] + +RFC 4641 DNSSEC Operational Practices September 2006 + + +Appendix C. Typographic Conventions + + The following typographic conventions are used in this document: + + Key notation: A key is denoted by DNSKEYx, where x is a number or an + identifier, x could be thought of as the key id. + + RRSet notations: RRs are only denoted by the type. All other + information -- owner, class, rdata, and TTL--is left out. Thus: + "example.com 3600 IN A 192.0.2.1" is reduced to "A". RRSets are a + list of RRs. A example of this would be "A1, A2", specifying the + RRSet containing two "A" records. This could again be abbreviated to + just "A". + + Signature notation: Signatures are denoted as RRSIGx(RRSet), which + means that RRSet is signed with DNSKEYx. + + Zone representation: Using the above notation we have simplified the + representation of a signed zone by leaving out all unnecessary + details such as the names and by representing all data by "SOAx" + + SOA representation: SOAs are represented as SOAx, where x is the + serial number. + + Using this notation the following signed zone: + + example.net. 86400 IN SOA ns.example.net. bert.example.net. ( + 2006022100 ; serial + 86400 ; refresh ( 24 hours) + 7200 ; retry ( 2 hours) + 3600000 ; expire (1000 hours) + 28800 ) ; minimum ( 8 hours) + 86400 RRSIG SOA 5 2 86400 20130522213204 ( + 20130422213204 14 example.net. + cmL62SI6iAX46xGNQAdQ... ) + 86400 NS a.iana-servers.net. + 86400 NS b.iana-servers.net. + 86400 RRSIG NS 5 2 86400 20130507213204 ( + 20130407213204 14 example.net. + SO5epiJei19AjXoUpFnQ ... ) + 86400 DNSKEY 256 3 5 ( + EtRB9MP5/AvOuVO0I8XDxy0... ) ; id = 14 + 86400 DNSKEY 257 3 5 ( + gsPW/Yy19GzYIY+Gnr8HABU... ) ; id = 15 + 86400 RRSIG DNSKEY 5 2 86400 20130522213204 ( + 20130422213204 14 example.net. + J4zCe8QX4tXVGjV4e1r9... ) + + + + +Kolkman & Gieben Informational [Page 32] + +RFC 4641 DNSSEC Operational Practices September 2006 + + + 86400 RRSIG DNSKEY 5 2 86400 20130522213204 ( + 20130422213204 15 example.net. + keVDCOpsSeDReyV6O... ) + 86400 RRSIG NSEC 5 2 86400 20130507213204 ( + 20130407213204 14 example.net. + obj3HEp1GjnmhRjX... ) + a.example.net. 86400 IN TXT "A label" + 86400 RRSIG TXT 5 3 86400 20130507213204 ( + 20130407213204 14 example.net. + IkDMlRdYLmXH7QJnuF3v... ) + 86400 NSEC b.example.com. TXT RRSIG NSEC + 86400 RRSIG NSEC 5 3 86400 20130507213204 ( + 20130407213204 14 example.net. + bZMjoZ3bHjnEz0nIsPMM... ) + ... + + is reduced to the following representation: + + SOA2006022100 + RRSIG14(SOA2006022100) + DNSKEY14 + DNSKEY15 + + RRSIG14(KEY) + RRSIG15(KEY) + + The rest of the zone data has the same signature as the SOA record, + i.e., an RRSIG created with DNSKEY 14. + + + + + + + + + + + + + + + + + + + + + + + +Kolkman & Gieben Informational [Page 33] + +RFC 4641 DNSSEC Operational Practices September 2006 + + +Authors' Addresses + + Olaf M. Kolkman + NLnet Labs + Kruislaan 419 + Amsterdam 1098 VA + The Netherlands + + EMail: olaf@nlnetlabs.nl + URI: http://www.nlnetlabs.nl + + + R. (Miek) Gieben + + EMail: miek@miek.nl + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Kolkman & Gieben Informational [Page 34] + +RFC 4641 DNSSEC Operational Practices September 2006 + + +Full Copyright Statement + + Copyright (C) The Internet Society (2006). + + This document is subject to the rights, licenses and restrictions + contained in BCP 78, and except as set forth therein, the authors + retain all their rights. + + This document and the information contained herein are provided on an + "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS + OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET + ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, + INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE + INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED + WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + +Intellectual Property + + The IETF takes no position regarding the validity or scope of any + Intellectual Property Rights or other rights that might be claimed to + pertain to the implementation or use of the technology described in + this document or the extent to which any license under such rights + might or might not be available; nor does it represent that it has + made any independent effort to identify any such rights. Information + on the procedures with respect to rights in RFC documents can be + found in BCP 78 and BCP 79. + + Copies of IPR disclosures made to the IETF Secretariat and any + assurances of licenses to be made available, or the result of an + attempt made to obtain a general license or permission for the use of + such proprietary rights by implementers or users of this + specification can be obtained from the IETF on-line IPR repository at + http://www.ietf.org/ipr. + + The IETF invites any interested party to bring to its attention any + copyrights, patents or patent applications, or other proprietary + rights that may cover technology that may be required to implement + this standard. Please address the information to the IETF at + ietf-ipr@ietf.org. + +Acknowledgement + + Funding for the RFC Editor function is provided by the IETF + Administrative Support Activity (IASA). + + + + + + + +Kolkman & Gieben Informational [Page 35] + diff --git a/contrib/zkt/doc/rfc5011.txt b/contrib/zkt-1.1.2/doc/rfc5011.txt similarity index 100% rename from contrib/zkt/doc/rfc5011.txt rename to contrib/zkt-1.1.2/doc/rfc5011.txt diff --git a/contrib/zkt/domaincmp.c b/contrib/zkt-1.1.2/domaincmp.c similarity index 100% rename from contrib/zkt/domaincmp.c rename to contrib/zkt-1.1.2/domaincmp.c diff --git a/contrib/zkt/domaincmp.h b/contrib/zkt-1.1.2/domaincmp.h similarity index 100% rename from contrib/zkt/domaincmp.h rename to contrib/zkt-1.1.2/domaincmp.h diff --git a/contrib/zkt/examples/dnssec.conf b/contrib/zkt-1.1.2/examples/dnssec.conf similarity index 100% rename from contrib/zkt/examples/dnssec.conf rename to contrib/zkt-1.1.2/examples/dnssec.conf diff --git a/contrib/zkt-1.1.2/examples/flat/core b/contrib/zkt-1.1.2/examples/flat/core new file mode 100644 index 0000000000..e425dff539 Binary files /dev/null and b/contrib/zkt-1.1.2/examples/flat/core differ diff --git a/contrib/zkt-1.1.2/examples/flat/dist.sh b/contrib/zkt-1.1.2/examples/flat/dist.sh new file mode 100755 index 0000000000..c676ac6807 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/dist.sh @@ -0,0 +1,82 @@ +################################################################# +# +# @(#) dist.sh -- distribute and reload command for dnssec-signer +# +# (c) Jul 2008 Holger Zuleger hznet.de +# +# Feb 2010 action "distkeys" added +# +# This shell script will be run by dnssec-signer as a distribution +# and reload command if: +# +# a) the dnssec.conf file parameter Distribute_Cmd: points +# to this file +# and +# b) the user running the dnssec-signer command is not +# root (uid==0) +# and +# c) the owner of this shell script is the same as the +# running user and the access rights don't allow writing +# for anyone except the owner +# or +# d) the group of this shell script is the same as the +# running user and the access rights don't allow writing +# for anyone except the group +# +################################################################# + +# set path to rndc and scp +PATH="/bin:/usr/bin:/usr/local/sbin" + +# remote server and directory +server=localhost # fqdn of remote name server +dir=/var/named # zone directory on remote name server + +progname=$0 +usage() +{ + echo "usage: $progname distribute|reload []" 1>&2 + test $# -gt 0 && echo $* 1>&2 + exit 1 +} + +if test $# -lt 3 +then + usage +fi +action="$1" +domain="$2" +zonefile="$3" +view="" +test $# -gt 3 && view="$4" + +case $action in +distkeys) + if test -n "$view" + then + echo "scp K$zone+* $server:$dir/$view/$zone/" + : scp K$zone+* $server:$dir/$view/$zone/ + else + echo "scp K$zone+* $server:$dir/$zone/" + : scp K$zone+* $server:$dir/$zone/ + fi + ;; +distribute) + if test -n "$view" + then + echo "scp $zonefile $server:$dir/$view/$domain/" + : scp $zonefile $server:$dir/$view/$domain/ + else + echo "scp $zonefile $server:$dir/$domain/" + : scp $zonefile $server:$dir/$domain/ + fi + ;; +reload) + echo "rndc $action $domain $view" + : rndc $action $domain $view + ;; +*) + usage "illegal action $action" + ;; +esac + diff --git a/contrib/zkt-1.1.2/examples/flat/dnssec.conf b/contrib/zkt-1.1.2/examples/flat/dnssec.conf new file mode 100644 index 0000000000..5384978415 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/dnssec.conf @@ -0,0 +1,45 @@ +# +# @(#) dnssec.conf T1.0rc1 (c) Feb 2005 - Mar 2010 Holger Zuleger hznet.de +# + +# dnssec-zkt options +Zonedir: "." +Recursive: True +PrintTime: False +PrintAge: True +LeftJustify: False + +# zone specific values +ResignInterval: 2d # (172800 seconds) +Sigvalidity: 6d # (518400 seconds) +Max_TTL: 8h # (28800 seconds) +Propagation: 5m # (300 seconds) +KEY_TTL: 1h # (3600 seconds) +Serialformat: incremental + +# signing key parameters +Key_Algo: RSASHA512 +KSK_lifetime: 60d # (5184000 seconds) +KSK_bits: 1300 +KSK_randfile: "/dev/urandom" +ZSK_lifetime: 2w # (1209600 seconds) +ZSK_bits: 1024 +ZSK_randfile: "/dev/urandom" +SaltBits: 24 + +# dnssec-signer options +LogFile: "zkt.log" +LogLevel: DEBUG +LogDomainDir: "." +SyslogFacility: USER +SyslogLevel: NOTICE +VerboseLog: 2 +Keyfile: "dnskey.db" +Zonefile: "zone.db" +KeySetDir: "../keysets" +DLV_Domain: "" +Sig_Pseudorand: True +Sig_GenerateDS: True +Sig_DnsKeyKSK: False +Sig_Parameter: "-n 1" +Distribute_Cmd: "./dist.sh" diff --git a/contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+007+30323.key b/contrib/zkt-1.1.2/examples/flat/dyn.example.net/Kdyn.example.net.+007+30323.key similarity index 100% rename from contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+007+30323.key rename to contrib/zkt-1.1.2/examples/flat/dyn.example.net/Kdyn.example.net.+007+30323.key diff --git a/contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+007+30323.private b/contrib/zkt-1.1.2/examples/flat/dyn.example.net/Kdyn.example.net.+007+30323.private similarity index 100% rename from contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+007+30323.private rename to contrib/zkt-1.1.2/examples/flat/dyn.example.net/Kdyn.example.net.+007+30323.private diff --git a/contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+007+52935.key b/contrib/zkt-1.1.2/examples/flat/dyn.example.net/Kdyn.example.net.+007+52935.key similarity index 100% rename from contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+007+52935.key rename to contrib/zkt-1.1.2/examples/flat/dyn.example.net/Kdyn.example.net.+007+52935.key diff --git a/contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+007+52935.private b/contrib/zkt-1.1.2/examples/flat/dyn.example.net/Kdyn.example.net.+007+52935.private similarity index 100% rename from contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+007+52935.private rename to contrib/zkt-1.1.2/examples/flat/dyn.example.net/Kdyn.example.net.+007+52935.private diff --git a/contrib/zkt-1.1.2/examples/flat/dyn.example.net/dnskey.db b/contrib/zkt-1.1.2/examples/flat/dyn.example.net/dnskey.db new file mode 100644 index 0000000000..d16eb9b617 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/dyn.example.net/dnskey.db @@ -0,0 +1,23 @@ +; +; !!! Don't edit this file by hand. +; !!! It will be generated by zkt-signer. +; +; Last generation time Mar 02 2010 10:59:46 +; + +; *** List of Key Signing Keys *** +; dyn.example.net. tag=52935 algo=NSEC3RSASHA1 generated Feb 21 2010 19:43:15 +dyn.example.net. 3600 IN DNSKEY 257 3 7 ( + AwEAAeqEDYgA5lns1VsMJiZfTWMEguameVmOoBYx8s1uLzmS/3APsh1e + WCeoBgAjRry1tpM/bPowyuygE4H0LpzNQLm9RbjDmpDN8Gwi3AjEnG4H + CT58TuAVxjiefN+vb1pvyFlAL58YOkuGf9tG/NJMNc+XrULAU1ey2dT9 + Fh+SCVO3 + ) ; key id = 52935 + +; *** List of Zone Signing Keys *** +; dyn.example.net. tag=30323 algo=NSEC3RSASHA1 generated Feb 21 2010 19:43:15 +dyn.example.net. 3600 IN DNSKEY 256 3 7 ( + AwEAAfqG0rb9Ear+Pv7xBg9lc9czF+2YUa8Ris63E/oRRGQEH5U/ZS3A + xz3aOhPFKzAAhjfaG3vTNW3Wl4bl4ITFZrk= + ) ; key id = 30323 + diff --git a/contrib/zkt-1.1.2/examples/flat/dyn.example.net/dnssec.conf b/contrib/zkt-1.1.2/examples/flat/dyn.example.net/dnssec.conf new file mode 100644 index 0000000000..c3be73e563 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/dyn.example.net/dnssec.conf @@ -0,0 +1,3 @@ +Key_Algo: NSEC3RSASHA1 # (Algorithm ID 7) +KSK_lifetime: 60d # (5184000 seconds) +KSK_bits: 1024 diff --git a/contrib/zkt/examples/flat/dyn.example.net/zktlog-dyn.example.net. b/contrib/zkt-1.1.2/examples/flat/dyn.example.net/zktlog-dyn.example.net. similarity index 100% rename from contrib/zkt/examples/flat/dyn.example.net/zktlog-dyn.example.net. rename to contrib/zkt-1.1.2/examples/flat/dyn.example.net/zktlog-dyn.example.net. diff --git a/contrib/zkt-1.1.2/examples/flat/dyn.example.net/zone.db b/contrib/zkt-1.1.2/examples/flat/dyn.example.net/zone.db new file mode 100644 index 0000000000..e002576928 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/dyn.example.net/zone.db @@ -0,0 +1,135 @@ +; File written on Thu Feb 25 23:42:29 2010 +; dnssec_signzone version 9.7.0 +dyn.example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. ( + 18 ; serial + 43200 ; refresh (12 hours) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 7200 RRSIG SOA 7 3 7200 20100303214229 ( + 20100225214229 30323 dyn.example.net. + Ih9WgRBKZVDT3zJR9eFcB0VKU0o2G7h13XHZ + W6j2Jr1H4Db5IC1xiHXq+hI9UMkVQA3fu1Ub + +tjqAJE+y3hUFg== ) + 7200 NS ns1.example.net. + 7200 NS ns2.example.net. + 7200 RRSIG NS 7 3 7200 20100227180048 ( + 20100221180048 30323 dyn.example.net. + uvTn2MCWjTfS/piH3kKEmF1gPoeN8jIdcFFJ + 5t3b8RIwjorD81gWIRmzkGDE59hoL4mMvEnO + 32sAi8qkYhvBOA== ) + 3600 DNSKEY 256 3 7 ( + AwEAAfqG0rb9Ear+Pv7xBg9lc9czF+2YUa8R + is63E/oRRGQEH5U/ZS3Axz3aOhPFKzAAhjfa + G3vTNW3Wl4bl4ITFZrk= + ) ; key id = 30323 + 3600 DNSKEY 257 3 7 ( + AwEAAeqEDYgA5lns1VsMJiZfTWMEguameVmO + oBYx8s1uLzmS/3APsh1eWCeoBgAjRry1tpM/ + bPowyuygE4H0LpzNQLm9RbjDmpDN8Gwi3AjE + nG4HCT58TuAVxjiefN+vb1pvyFlAL58YOkuG + f9tG/NJMNc+XrULAU1ey2dT9Fh+SCVO3 + ) ; key id = 52935 + 3600 RRSIG DNSKEY 7 3 3600 20100227180048 ( + 20100221180048 30323 dyn.example.net. + je5kBhDdp9b9fjH/lJ1o9WDBL2YxZ+6UNuF9 + zNbeeDlfBHe7XlTGw9MHyvZh46wx2OUmLoGM + DFhPfIwUwtttUA== ) + 3600 RRSIG DNSKEY 7 3 3600 20100227180048 ( + 20100221180048 52935 dyn.example.net. + MuyIUCa3XlttWuSnaQegQnRgTrTsx0Mj4EGI + fwtZs2H3L079Y/brqMvtlIGxtlr9meLg43oo + jX1w48ilerzf1PwYhUVpFefZTgmClK0h2ej4 + Ho9Qh4/6snesVj06kWsQDkhuVs58zHmhRtEy + P4YlqP/R1CAk166RhwSmGuSx1O8= ) + 0 NSEC3PARAM 1 0 10 76931F + 0 RRSIG NSEC3PARAM 7 3 0 20100227180048 ( + 20100221180048 30323 dyn.example.net. + LGD8bq/sX9yvDUpmyaRczfTshrR6T9HmQ5/a + MwMSY+5LDAD/YdwtpVF7uNwdMa6ydJFQW37u + Rma0TxEqKPGPyQ== ) +localhost.dyn.example.net. 7200 IN A 127.0.0.1 + 7200 RRSIG A 7 4 7200 20100227180048 ( + 20100221180048 30323 dyn.example.net. + SHLL1lIJZaEGKphkFm3NShS6H33mBnwwACkH + eF3JE5vWwTuT7hffdJlwcahYQfcr3egPv64d + iyCNYNjdvlJpsg== ) +ns1.dyn.example.net. 7200 IN A 1.0.0.5 + 7200 RRSIG A 7 4 7200 20100227180048 ( + 20100221180048 30323 dyn.example.net. + 6PF5dGgOJdolEyxrHqyA66BFLrUORQLZvVBw + 9fX9uGWWKiu6yRR3i4LwIkQ+VelTpCbTsLh4 + gm+rcSMFNeOtxA== ) + 7200 AAAA 2001:db8::53 + 7200 RRSIG AAAA 7 4 7200 20100227180048 ( + 20100221180048 30323 dyn.example.net. + dk1DfG0y9qjCi3VD4e9B1NGKWEig7q8hFdaR + 3hElCIzGlflvgHRiE7iTJxDMB+kTA0by4BMZ + yssUuXP2FMlB2g== ) +ns2.dyn.example.net. 7200 IN A 1.2.0.6 + 7200 RRSIG A 7 4 7200 20100227180048 ( + 20100221180048 30323 dyn.example.net. + Ei5VGwE7CNBQ7ZOHpyKZXtuC8I7lusZ4d+gx + MwpLROH+6OSu26x2ScPdwg1qpZ5Mui01ss6O + IcJL36PRqAM26A== ) +x.dyn.example.net. 7200 IN A 1.2.3.4 + 7200 RRSIG A 7 4 7200 20100227180048 ( + 20100221180048 30323 dyn.example.net. + ieiExNeDjeucDjtMVj0F9kwIsL0ngZfAmEU/ + /UlYe8/8pg2NzFulOviI09ekgOOnMfcnb4n4 + /pRIkFddCEOt0g== ) +y.dyn.example.net. 7200 IN A 1.2.3.5 + 7200 RRSIG A 7 4 7200 20100227180048 ( + 20100221180048 30323 dyn.example.net. + NfDUCrArDXCTPrTpiesQYCoZ039YE/KwlN25 + EZ9vOVt6dE2R9KkAWezkdY9zDmJMGTN1XYI/ + vgd56J8B5Y/uQQ== ) +z.dyn.example.net. 7200 IN A 1.2.3.6 + 7200 RRSIG A 7 4 7200 20100227180048 ( + 20100221180048 30323 dyn.example.net. + VH3BsA8JLlqmL0xkXgXlPXT0xfRcdFy7vPYh + 27exw16LDbQF15KjkHvUJ+Bkei/SmRa20Dll + Yy536Dj+ar5ABQ== ) +A54T6DKFVU4QCAFFNJ0KEU0FH0I4OJSN.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F AJHVGTICN6K0VDA53GCHFMT219SRRQLM A RRSIG + 7200 RRSIG NSEC3 7 4 7200 20100227180048 ( + 20100221180048 30323 dyn.example.net. + 9BhZcQdLwRPU/Dz38uMis/nCcddyhKEm0Zb+ + Mhh3V3OsGI202cebTaxbwVEbQQOeowpUmf8l + AmK/cNX7+IS2rw== ) +AJHVGTICN6K0VDA53GCHFMT219SRRQLM.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F FQ7RBG86KRMACA1NAAKP2KQRQALBA0C7 A RRSIG + 7200 RRSIG NSEC3 7 4 7200 20100227180048 ( + 20100221180048 30323 dyn.example.net. + lVyEaxejO5qFlyyBp8gYyQnG+DkIm8vofj+B + SuTxalc2l+TYen1RnSTeeXfMqc9YpGu4SCaG + Fyznu1K88oUhMg== ) +FQ7RBG86KRMACA1NAAKP2KQRQALBA0C7.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F I7A7A184GGMI35K1E3IR650LKO7NOB5R A AAAA RRSIG + 7200 RRSIG NSEC3 7 4 7200 20100227180048 ( + 20100221180048 30323 dyn.example.net. + 577WZnTQemStx+ciON9rEGXAGnU7C0KLjrFL + VyhocnBnNtxJS8eRMSWvb9XuYCMNhYKOurtt + Ar4qh4VW1+unmA== ) +I7A7A184GGMI35K1E3IR650LKO7NOB5R.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F IMQ912BREQP1POLAH3RMONG3UED541AS A RRSIG + 7200 RRSIG NSEC3 7 4 7200 20100227180048 ( + 20100221180048 30323 dyn.example.net. + +PKntiPlw2om9e0KJX/L2VxSCbxL95eIV2f+ + 5YBMq3npDguHaUiBwan8Vsm+aNsdr1NDDLY/ + HdJzEfVmSNGs7Q== ) +IMQ912BREQP1POLAH3RMONG3UED541AS.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F S3USV4M1HLVJ8F88EDSG8N9PVQRQ20N7 A RRSIG + 7200 RRSIG NSEC3 7 4 7200 20100227180048 ( + 20100221180048 30323 dyn.example.net. + smsg35snQ9PpeG2r8ZGxBl44pwSReh/1rIil + u/n8aa5nKbBpkqtbcc7q1OpUgb1Q7+Tl/wes + kB6bohsRdrwEJA== ) +S3USV4M1HLVJ8F88EDSG8N9PVQRQ20N7.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F T320G5LC07QE1BLR074KORIJTG9DPTI9 A RRSIG + 7200 RRSIG NSEC3 7 4 7200 20100227180048 ( + 20100221180048 30323 dyn.example.net. + XalRIESpdeVK1aNbwu9ym2Spk981Y127rKua + xsoals0Zn2tTjF9wpOYVGVOto3FcWBbyKD1g + 69BTRlv634UIOw== ) +T320G5LC07QE1BLR074KORIJTG9DPTI9.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F A54T6DKFVU4QCAFFNJ0KEU0FH0I4OJSN NS SOA RRSIG DNSKEY NSEC3PARAM + 7200 RRSIG NSEC3 7 4 7200 20100227180048 ( + 20100221180048 30323 dyn.example.net. + D3xq+CkK/a8YSbh9o8WwWnenjDQ3weVdtZ0x + i6bOv3iRITOfCRjYgbeIYtjMFb1rZwgCPD40 + JQgGu5mx1TjnGA== ) diff --git a/contrib/zkt-1.1.2/examples/flat/dyn.example.net/zone.db.dsigned b/contrib/zkt-1.1.2/examples/flat/dyn.example.net/zone.db.dsigned new file mode 100644 index 0000000000..24511a5e08 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/dyn.example.net/zone.db.dsigned @@ -0,0 +1,135 @@ +; File written on Tue Mar 2 10:59:46 2010 +; dnssec_signzone version 9.7.0 +dyn.example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. ( + 19 ; serial + 43200 ; refresh (12 hours) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 7200 RRSIG SOA 7 3 7200 20100308085946 ( + 20100302085946 30323 dyn.example.net. + eNZruaQkUB/jteZtRkZ957BX65zjXIGaKlkf + Bq0XW8OgyHYCvJiB7waJYyiWKeQskp0Z90JF + 34WMUztuTvWUTA== ) + 7200 NS ns1.example.net. + 7200 NS ns2.example.net. + 7200 RRSIG NS 7 3 7200 20100308085946 ( + 20100302085946 30323 dyn.example.net. + obQoowLwuBixnopoSvUsXvwveB7Pqmeblt2S + 5SXo7ztPNcM1hTdWfIEwRDpQ2DhOfGYi0Ov0 + xEmMlPheVZkW6g== ) + 3600 DNSKEY 256 3 7 ( + AwEAAfqG0rb9Ear+Pv7xBg9lc9czF+2YUa8R + is63E/oRRGQEH5U/ZS3Axz3aOhPFKzAAhjfa + G3vTNW3Wl4bl4ITFZrk= + ) ; key id = 30323 + 3600 DNSKEY 257 3 7 ( + AwEAAeqEDYgA5lns1VsMJiZfTWMEguameVmO + oBYx8s1uLzmS/3APsh1eWCeoBgAjRry1tpM/ + bPowyuygE4H0LpzNQLm9RbjDmpDN8Gwi3AjE + nG4HCT58TuAVxjiefN+vb1pvyFlAL58YOkuG + f9tG/NJMNc+XrULAU1ey2dT9Fh+SCVO3 + ) ; key id = 52935 + 3600 RRSIG DNSKEY 7 3 3600 20100308085946 ( + 20100302085946 30323 dyn.example.net. + 4xQy+G1g8IHVp3NTxHtUIaz/G+h6+ce4SRum + bftLFS9rXV13wSa761J1YoDYx8lj98IDBuED + 94980qJWjgNfdw== ) + 3600 RRSIG DNSKEY 7 3 3600 20100308085946 ( + 20100302085946 52935 dyn.example.net. + VmL0mzUoBzSX+5gB/9MsHUFWBbHrVoyMUjnw + mR7FyrZMfNgz4rf6J2bZ8a8zYGvSXEBrangQ + kkPlxuvNxzn2s+Ji+crfUNa2ZFzRKA8BBczU + 0WLETC5QKonjiAzofCcP15OPN4H18y9WMfE/ + wU0oPhcd8d31Ckf2jPaSdTS8NMk= ) + 0 NSEC3PARAM 1 0 10 76931F + 0 RRSIG NSEC3PARAM 7 3 0 20100308085946 ( + 20100302085946 30323 dyn.example.net. + GSTGjHni3oZ1Nod57kXFkxcOiKXTzjfJ0PDy + hjDfzYS1QKtKA6LzkaBzyl5HK+Yy3DOcep7G + dj7VJG8bsa9S/A== ) +localhost.dyn.example.net. 7200 IN A 127.0.0.1 + 7200 RRSIG A 7 4 7200 20100308085946 ( + 20100302085946 30323 dyn.example.net. + N5t+OxMeH2rozoIM1ZtXUpnpSep3Qd1J/KUE + LjkisP6KvmwVhkbdcv44KbgS5aR16RJOlFdW + +ilc8QpZ4bvqlQ== ) +ns1.dyn.example.net. 7200 IN A 1.0.0.5 + 7200 RRSIG A 7 4 7200 20100308085946 ( + 20100302085946 30323 dyn.example.net. + 2DoRBkfIQEBmEeo2Z02SA329ebgp2lFQ2Ykl + Qe5S+J6ZMjVdZyjW8XqBCiqEg6fNbQyUFn3X + pSVvabUPjJpHWA== ) + 7200 AAAA 2001:db8::53 + 7200 RRSIG AAAA 7 4 7200 20100308085946 ( + 20100302085946 30323 dyn.example.net. + XD+JHAergnT3NDQqEUGv52GNdcF1U1SitccE + y5iL4Dk0qVu+uEA4TVupnMhwOK+wl8759Yw/ + SF6h6CzzKx0Eiw== ) +ns2.dyn.example.net. 7200 IN A 1.2.0.6 + 7200 RRSIG A 7 4 7200 20100308085946 ( + 20100302085946 30323 dyn.example.net. + S+CpXVolhedS2bFTNdoNAPd+T2Bi/5iKVcKJ + 9S27k/tpifBNVjAQPktM9iya60upXxuOkHqt + /uuF4iTlh9Yukw== ) +x.dyn.example.net. 7200 IN A 1.2.3.4 + 7200 RRSIG A 7 4 7200 20100308085946 ( + 20100302085946 30323 dyn.example.net. + Fb+8g0K+/6ZkXctNOprGKyJC1Y5pFizibI3o + k2E6aDN8hUJ5FK/1fkRl5IQ7HDpAUZviWaQp + j9tfr9r9xW0bMw== ) +y.dyn.example.net. 7200 IN A 1.2.3.5 + 7200 RRSIG A 7 4 7200 20100308085946 ( + 20100302085946 30323 dyn.example.net. + S1l/dM/Ez91B4Py7mI/GESjgqccGIwi9clyc + Vj3S40uF4dGaAgxoCDS0pMvyS0k7ir0g1qbK + /csopbL0wHSaVg== ) +z.dyn.example.net. 7200 IN A 1.2.3.6 + 7200 RRSIG A 7 4 7200 20100308085946 ( + 20100302085946 30323 dyn.example.net. + SgorWJQS6SiDvv6KRmWQEcUaaCkMCHZDcSMx + JiOT84ygkUBCzwTykQskoNtbUSIfAASU3lE7 + e31RZotcxlkirQ== ) +A54T6DKFVU4QCAFFNJ0KEU0FH0I4OJSN.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F AJHVGTICN6K0VDA53GCHFMT219SRRQLM A RRSIG + 7200 RRSIG NSEC3 7 4 7200 20100308085946 ( + 20100302085946 30323 dyn.example.net. + hp879kZpD/Qe+d4FoanRewI4CXMuTOMcao5G + S7quT3mr+Mgi1nrSSz+/IBhlzCipziFjY42a + TNt8FoYo9Z8irw== ) +AJHVGTICN6K0VDA53GCHFMT219SRRQLM.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F FQ7RBG86KRMACA1NAAKP2KQRQALBA0C7 A RRSIG + 7200 RRSIG NSEC3 7 4 7200 20100308085946 ( + 20100302085946 30323 dyn.example.net. + 1MC5bqNXkVG4gaFKJQJBG7v4ZKOht6EJEkUZ + nAwTF2Nw5mWFFMBbOwVMtbJFA+ewHrebB6cK + FitvPi3yLDW8aA== ) +FQ7RBG86KRMACA1NAAKP2KQRQALBA0C7.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F I7A7A184GGMI35K1E3IR650LKO7NOB5R A AAAA RRSIG + 7200 RRSIG NSEC3 7 4 7200 20100308085946 ( + 20100302085946 30323 dyn.example.net. + 7Y+yhH11EojLDu43C8dCuD6D0F4RZYUt9J0+ + KUfRVUMhftYsMl6G2qgkfsgJE+FG1Nj/nI+b + pO7VSJGfV5Za4A== ) +I7A7A184GGMI35K1E3IR650LKO7NOB5R.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F IMQ912BREQP1POLAH3RMONG3UED541AS A RRSIG + 7200 RRSIG NSEC3 7 4 7200 20100308085946 ( + 20100302085946 30323 dyn.example.net. + K0ggT6yH7z1YshOb08se84cRWvWWeQFdMTDG + XhA/2UEamfE1NHetPuYzJZQdrVPeX3tgjCjS + Jmb3YuSE1XD3zQ== ) +IMQ912BREQP1POLAH3RMONG3UED541AS.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F S3USV4M1HLVJ8F88EDSG8N9PVQRQ20N7 A RRSIG + 7200 RRSIG NSEC3 7 4 7200 20100308085946 ( + 20100302085946 30323 dyn.example.net. + mQoG3VBXfi7u2+zlmJttsGaStP3WvDPDQ99T + l2ha4zmpZPd1JUKHMXYTLTlUuWAq7BcS9MUn + hfhXcmSEr96K1Q== ) +S3USV4M1HLVJ8F88EDSG8N9PVQRQ20N7.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F T320G5LC07QE1BLR074KORIJTG9DPTI9 A RRSIG + 7200 RRSIG NSEC3 7 4 7200 20100308085946 ( + 20100302085946 30323 dyn.example.net. + 0/TWe9HMZiA+yW0oLHkYKeIXrrXU/1ec8XDy + cbZM1IGPjHlMEjKKorZgx983FuiyKFLa97+3 + bB3abnKo7e2yRQ== ) +T320G5LC07QE1BLR074KORIJTG9DPTI9.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F A54T6DKFVU4QCAFFNJ0KEU0FH0I4OJSN NS SOA RRSIG DNSKEY NSEC3PARAM + 7200 RRSIG NSEC3 7 4 7200 20100308085946 ( + 20100302085946 30323 dyn.example.net. + BXRjHUGEmoz1cMAXSCmfFVe6+qCYVyivjeAT + 7hPcfB8iS2ck8Sq/CjOAKBu0BeSBim+9Oduu + kKNL3thgyMPcug== ) diff --git a/contrib/zkt-1.1.2/examples/flat/dyn.example.net/zone.org b/contrib/zkt-1.1.2/examples/flat/dyn.example.net/zone.org new file mode 100644 index 0000000000..c536fc8744 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/dyn.example.net/zone.org @@ -0,0 +1,30 @@ +;----------------------------------------------------------------- +; +; @(#) dyn.example.net/zone.org +; +;----------------------------------------------------------------- + +$TTL 7200 + +@ IN SOA ns1.example.net. hostmaster.example.net. ( + 1 ; Serial + 43200 ; Refresh + 1800 ; Retry + 2W ; Expire + 7200 ) ; Minimum + + IN NS ns1.example.net. + IN NS ns2.example.net. + +ns1 IN A 1.0.0.5 + IN AAAA 2001:db8::53 +ns2 IN A 1.2.0.6 + +localhost IN A 127.0.0.1 + +x IN A 1.2.3.4 +y IN A 1.2.3.5 +z IN A 1.2.3.6 + +$INCLUDE dnskey.db + diff --git a/contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+02957.key b/contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+02957.key new file mode 100644 index 0000000000..0c30120724 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+02957.key @@ -0,0 +1,3 @@ +;% generationtime=20110125190230 +;% lifetime=63d +example.net. IN DNSKEY 256 3 8 BQEAAAAB7desjYpHAzsGmTzPFFuG4KGIG7ne8tII7DIMRIFaxuSYbQz0 kwC61utqnqzcgCXJQiKJxpKBt/Ikaf2K4JW0gQ== diff --git a/contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+02957.published b/contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+02957.published new file mode 100644 index 0000000000..8ffbe72315 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+02957.published @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 8 (RSASHA256) +Modulus: 7desjYpHAzsGmTzPFFuG4KGIG7ne8tII7DIMRIFaxuSYbQz0kwC61utqnqzcgCXJQiKJxpKBt/Ikaf2K4JW0gQ== +PublicExponent: AQAAAAE= +PrivateExponent: IVO4lg5Ev/f/GpSRfYuXmUMH3qrv5Cr+ZAMqT+xGNJdyvlMAVV0ZDZehj/ar8brkm+sdrJ3LepVTEz0vLXPCgQ== +Prime1: /Ru1X3jzyO19+aLhf/Hsu0WOdjn0MAWzKx0KwWPkxcs= +Prime2: 8I9Q89DvF0qZqkF9kVzZ4B1LYdHz3uhKaxD40vu4xWM= +Exponent1: fSAVRShndbuiQZtsVHyekvPH4Xjl1dJ3hF03O4InOAc= +Exponent2: JJDvU+0J0KXaBArxDjoblXTKWVC3kGnLR+2AEpxei7k= +Coefficient: RviZPpnVpS30oBPH1freoUgcXJ4bKnivP41BUxcVh4U= diff --git a/contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+21605.key b/contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+21605.key new file mode 100644 index 0000000000..2dc28991da --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+21605.key @@ -0,0 +1,3 @@ +;% generationtime=20110125091121 +;% lifetime=84d +example.net. IN DNSKEY 256 3 8 BQEAAAABvX6JNSNXHzrqpKi2REOwcsAuGjWI1VCJlz1NzV/pIt9PqGnJ DqtlV3vxuy7fAu85Z5Syaikiyx/z2uT4VMCvxw== diff --git a/contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+21605.private b/contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+21605.private new file mode 100644 index 0000000000..6cb1da9021 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+21605.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 8 (RSASHA256) +Modulus: vX6JNSNXHzrqpKi2REOwcsAuGjWI1VCJlz1NzV/pIt9PqGnJDqtlV3vxuy7fAu85Z5Syaikiyx/z2uT4VMCvxw== +PublicExponent: AQAAAAE= +PrivateExponent: a77DD9J85SYlVi2lIKdzfHFkqtTFvQjTiLih+sx3lnhefQ5N20ABJVpTMwMOoA5tiDanSmKkk7O+GJXvI6E+KQ== +Prime1: 7S87u5BoQFYbGZzGaBPAqznZt7X1g2J/qop4W9rziy0= +Prime2: zIbOBuf2onI1ThmHXGPQEdQoFoJx3GqTkYjzUQQOL0M= +Exponent1: YfyQEtL2twRiwb8RIlKR3OE/rhnfqZYr9dwgRa0qjAU= +Exponent2: x73r1pDdvUShLs8hvmY0soX6a2Dcbokdf1D82/iCDU8= +Coefficient: 1r/5mih7lqQx4ZIEcr8TmQWMscwDGk3eERsFuSYGt0c= diff --git a/contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+52101.key b/contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+52101.key new file mode 100644 index 0000000000..8dca89403c --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+52101.key @@ -0,0 +1,3 @@ +;% generationtime=20100924112635 +;% lifetime=365d +example.net. IN DNSKEY 257 3 8 BQEAAAABC6qZRCQRp2qnmxvWal1kergOJ1xQ5wGD+HZFLEvsvD8sU0i1 BGJoeDK5N/07S7s0aYVdIViQ1/CmpqBgahnlOKAoMO3eYnTuFRE7HqJK 1CSN2+nvN1m+miz+vfSPSOLeP2u8GAwIJmq/gb78AWStvW6HAXrDfaiq vqb4MDZCvplachhyHfngVLFYI22tyivUmzN/pRBePYGQ1nVsK1cPYDPp 4Q== diff --git a/contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+52101.private b/contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+52101.private new file mode 100644 index 0000000000..d95a4f6c29 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+52101.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 8 (RSASHA256) +Modulus: C6qZRCQRp2qnmxvWal1kergOJ1xQ5wGD+HZFLEvsvD8sU0i1BGJoeDK5N/07S7s0aYVdIViQ1/CmpqBgahnlOKAoMO3eYnTuFRE7HqJK1CSN2+nvN1m+miz+vfSPSOLeP2u8GAwIJmq/gb78AWStvW6HAXrDfaiqvqb4MDZCvplachhyHfngVLFYI22tyivUmzN/pRBePYGQ1nVsK1cPYDPp4Q== +PublicExponent: AQAAAAE= +PrivateExponent: A3MjVh+KkQuwpnsGnr/xPRs8PfwUIDu7NYQVKpQAttLnZPOEXsjPniy3QuBpIMnnBCbxYaOV0ctiYQOx6vU8qprrSD8OfXXI8OhBNgExvw/Bsfki3MQINAHX0wY9juuIoMLKdqcMpsUC6ILE4FSkcc+jVFbTrDqjQgDDykkpABrlG1SUz51hLOZMAz2vu8QE8m57LaPUPpRhNPf4J2dDfkX/KQ== +Prime1: A3lFNBrVdcJBUq0ekPjtEZ0xCOTgSgUHAB+KJkdpiB0tV0jYf1Yaj7Kr98pKIM8jaZOhQnEKhAD947h4XG6IuxgraCNWonOyt5Yo9WjXFHzK0w== +Prime2: A1vFf9Tp7MxblYWLsFUsMZxXVRxPpeoGtwmNm24k5bUPpH6/B7Yd8DcE6O3cYyHcShq8sZcuOuPhNkGwgg7IMRABXcLyCXqoEKvy0nhnbKCf+w== +Exponent1: AQKRURkK7K15jiVVpw4nhd7Qtck1GkZon10UCQ5p2iE+weL+qhzi5L9u5mXLVaeGffwGkMkU6wvj5KSAuEiJr08+AxWfLy3Tf1fbiaiimPGDNQ== +Exponent2: AfnXuwDet4BuUGa8EHswqADRk0XeWtxztKQ48YOh5Q5/3rauIIMm+6ERfu0gWfnkYaRNamKSXMDVC5PUQHT33u0gGnopMipao6xICXGxbrGhCQ== +Coefficient: AYM1htjFUUAPKrVoajGJF+wLlQHBR3vrylKNpT5IFqr6Qczw54kfhx9n/18vIvtGIpj07xSEIfgBf+itZIRxPOwphkwaJXmHZKpYHpEvdqiyjA== diff --git a/contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+56360.depreciated b/contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+56360.depreciated new file mode 100644 index 0000000000..b9d28076dd --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+56360.depreciated @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 8 (RSASHA256) +Modulus: 2IOedrEUxH0Mxn3f24ZP9b5r+SHcFyFZ2vXNIqmuILVO40MrW+R4H0UsQURAfKTFZeka2EsC7CEIyuEgkloDBQ== +PublicExponent: AQAAAAE= +PrivateExponent: FzC3Jdpl35o/UUyvZ/7sc8BRpfDuIgMnHA1a9WwxZz20Tqki3snE/Nz4ePNNv/5LGrzFlOnPtEd1GT2biUKzVQ== +Prime1: /4YvvO0nbMJxZ4dHbYKl2pGe0hSgEUYnTNnuVbSEKrM= +Prime2: 2OrV7XGOYCMXr/WIrD0NCBnqU1tsizPQNMIjwXuuV2c= +Exponent1: 63ub+oH78z6TercHscYOS7HpYttDzC1YV3oupGyRNDs= +Exponent2: A4HpxW8K6ivUb2RbKDBaze8ivr5u41hJPsbn4FQzB3E= +Coefficient: Lz1Gg/PtC9HOrhFORXlzzkzb+5PeFIGq43mtGx7oAUo= diff --git a/contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+56360.key b/contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+56360.key new file mode 100644 index 0000000000..db374735ca --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+56360.key @@ -0,0 +1,3 @@ +;% generationtime=20100924112635 +;% lifetime=84d +example.net. IN DNSKEY 256 3 8 BQEAAAAB2IOedrEUxH0Mxn3f24ZP9b5r+SHcFyFZ2vXNIqmuILVO40Mr W+R4H0UsQURAfKTFZeka2EsC7CEIyuEgkloDBQ== diff --git a/contrib/zkt-1.1.2/examples/flat/example.net/dnskey.db b/contrib/zkt-1.1.2/examples/flat/example.net/dnskey.db new file mode 100644 index 0000000000..07ef6ee945 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/example.net/dnskey.db @@ -0,0 +1,36 @@ +; +; !!! Don't edit this file by hand. +; !!! It will be generated by zkt-signer. +; +; Last generation time Jan 25 2011 20:02:30 +; + +; *** List of Key Signing Keys *** +; example.net. tag=52101 algo=RSASHA256 generated Sep 24 2010 13:26:35 +example.net. 14400 IN DNSKEY 257 3 8 ( + BQEAAAABC6qZRCQRp2qnmxvWal1kergOJ1xQ5wGD+HZFLEvsvD8sU0i1 + BGJoeDK5N/07S7s0aYVdIViQ1/CmpqBgahnlOKAoMO3eYnTuFRE7HqJK + 1CSN2+nvN1m+miz+vfSPSOLeP2u8GAwIJmq/gb78AWStvW6HAXrDfaiq + vqb4MDZCvplachhyHfngVLFYI22tyivUmzN/pRBePYGQ1nVsK1cPYDPp + 4Q== + ) ; key id = 52101 + +; *** List of Zone Signing Keys *** +; example.net. tag=21605 algo=RSASHA256 generated Jan 25 2011 19:39:25 +example.net. 14400 IN DNSKEY 256 3 8 ( + BQEAAAABvX6JNSNXHzrqpKi2REOwcsAuGjWI1VCJlz1NzV/pIt9PqGnJ + DqtlV3vxuy7fAu85Z5Syaikiyx/z2uT4VMCvxw== + ) ; key id = 21605 + +; example.net. tag=56360 algo=RSASHA256 generated Jan 25 2011 19:39:25 +example.net. 14400 IN DNSKEY 256 3 8 ( + BQEAAAAB2IOedrEUxH0Mxn3f24ZP9b5r+SHcFyFZ2vXNIqmuILVO40Mr + W+R4H0UsQURAfKTFZeka2EsC7CEIyuEgkloDBQ== + ) ; key id = 56360 + +; example.net. tag=2957 algo=RSASHA256 generated Jan 25 2011 20:02:30 +example.net. 14400 IN DNSKEY 256 3 8 ( + BQEAAAAB7desjYpHAzsGmTzPFFuG4KGIG7ne8tII7DIMRIFaxuSYbQz0 + kwC61utqnqzcgCXJQiKJxpKBt/Ikaf2K4JW0gQ== + ) ; key id = 2957 + diff --git a/contrib/zkt/examples/flat/example.net/dnssec.conf b/contrib/zkt-1.1.2/examples/flat/example.net/dnssec.conf similarity index 73% rename from contrib/zkt/examples/flat/example.net/dnssec.conf rename to contrib/zkt-1.1.2/examples/flat/example.net/dnssec.conf index ea85a8b7b1..aaef586834 100644 --- a/contrib/zkt/examples/flat/example.net/dnssec.conf +++ b/contrib/zkt-1.1.2/examples/flat/example.net/dnssec.conf @@ -1,2 +1,3 @@ Key_Algo: RSASHA256 # (Algorithm ID 8) NSEC3: OPTOUT +ZSKpermanent: true diff --git a/contrib/zkt/examples/flat/example.net/z.db b/contrib/zkt-1.1.2/examples/flat/example.net/z.db similarity index 100% rename from contrib/zkt/examples/flat/example.net/z.db rename to contrib/zkt-1.1.2/examples/flat/example.net/z.db diff --git a/contrib/zkt/examples/flat/example.net/zktlog-example.net. b/contrib/zkt-1.1.2/examples/flat/example.net/zktlog-example.net. similarity index 52% rename from contrib/zkt/examples/flat/example.net/zktlog-example.net. rename to contrib/zkt-1.1.2/examples/flat/example.net/zktlog-example.net. index 3363cabe43..a205675b97 100644 --- a/contrib/zkt/examples/flat/example.net/zktlog-example.net. +++ b/contrib/zkt-1.1.2/examples/flat/example.net/zktlog-example.net. @@ -272,3 +272,241 @@ 2010-03-11 23:53:27.856: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 67AA7F -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1" 2010-03-11 23:53:27.920: debug: Cmd dnssec-signzone return: "zone.db.signed" 2010-03-11 23:53:27.920: debug: Signing completed after 0s. +2010-07-05 08:15:24.179: debug: Check RFC5011 status +2010-07-05 08:15:24.179: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-07-05 08:15:24.179: debug: Check KSK status +2010-07-05 08:15:24.179: warning: "example.net.": lifetime of key signing key 8406 exceeded since 4w5d12h49m44s +2010-07-05 08:15:24.179: debug: Check ZSK status +2010-07-05 08:15:24.179: debug: Lifetime(1209600 +/-150 sec) of active key 36257 exceeded (8081384 sec) +2010-07-05 08:15:24.179: debug: ->waiting for published key +2010-07-05 08:15:24.179: notice: "example.net.": lifetime of zone signing key 36257 exceeded since 11w2d12h49m44s: ZSK rollover deferred: waiting for published key +2010-07-05 08:15:24.179: debug: New key for publishing needed +2010-07-05 08:15:24.278: debug: ->creating new key 48476 +2010-07-05 08:15:24.278: info: "example.net.": new key 48476 generated for publishing +2010-07-05 08:15:24.278: debug: Re-signing necessary: Modfied zone key set +2010-07-05 08:15:24.278: notice: "example.net.": re-signing triggered: Modfied zone key set +2010-07-05 08:15:24.278: debug: Writing key file "./example.net/dnskey.db" +2010-07-05 08:15:24.278: debug: Incrementing serial number in file "./example.net/zone.db" +2010-07-05 08:15:24.278: debug: Signing zone "example.net." +2010-07-05 08:15:24.278: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 5816F0 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1" +2010-07-05 08:15:24.315: debug: Cmd dnssec-signzone return: "zone.db.signed" +2010-07-05 08:15:24.315: debug: Signing completed after 0s. +2010-07-05 08:15:28.174: debug: Check RFC5011 status +2010-07-05 08:15:28.174: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-07-05 08:15:28.174: debug: Check KSK status +2010-07-05 08:15:28.174: warning: "example.net.": lifetime of key signing key 8406 exceeded since 4w5d12h49m48s +2010-07-05 08:15:28.174: debug: Check ZSK status +2010-07-05 08:15:28.174: debug: Lifetime(1209600 +/-150 sec) of active key 36257 exceeded (8081388 sec) +2010-07-05 08:15:28.174: debug: ->waiting for published key +2010-07-05 08:15:28.174: notice: "example.net.": lifetime of zone signing key 36257 exceeded since 11w2d12h49m48s: ZSK rollover deferred: waiting for published key +2010-07-05 08:15:28.174: debug: Re-signing not necessary! +2010-07-05 08:15:28.174: debug: Check if there is a parent file to copy +2010-07-05 08:15:58.502: debug: Check RFC5011 status +2010-07-05 08:15:58.502: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-07-05 08:15:58.503: debug: Check KSK status +2010-07-05 08:15:58.503: warning: "example.net.": lifetime of key signing key 8406 exceeded since 4w5d12h50m18s +2010-07-05 08:15:58.503: debug: Check ZSK status +2010-07-05 08:15:58.503: debug: Lifetime(1209600 +/-150 sec) of active key 36257 exceeded (8081418 sec) +2010-07-05 08:15:58.503: debug: ->waiting for published key +2010-07-05 08:15:58.503: notice: "example.net.": lifetime of zone signing key 36257 exceeded since 11w2d12h50m18s: ZSK rollover deferred: waiting for published key +2010-07-05 08:15:58.503: debug: Re-signing not necessary! +2010-07-05 08:15:58.503: debug: Check if there is a parent file to copy +2010-07-05 08:16:04.937: debug: Check RFC5011 status +2010-07-05 08:16:04.937: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-07-05 08:16:04.937: debug: Check KSK status +2010-07-05 08:16:04.937: warning: "example.net.": lifetime of key signing key 8406 exceeded since 4w5d12h50m24s +2010-07-05 08:16:04.937: debug: Check ZSK status +2010-07-05 08:16:04.937: debug: Lifetime(1209600 +/-150 sec) of active key 36257 exceeded (8081424 sec) +2010-07-05 08:16:04.937: debug: ->waiting for published key +2010-07-05 08:16:04.937: notice: "example.net.": lifetime of zone signing key 36257 exceeded since 11w2d12h50m24s: ZSK rollover deferred: waiting for published key +2010-07-05 08:16:04.937: debug: Re-signing necessary: Option -f +2010-07-05 08:16:04.937: notice: "example.net.": re-signing triggered: Option -f +2010-07-05 08:16:04.937: debug: Writing key file "./example.net/dnskey.db" +2010-07-05 08:16:04.937: debug: Incrementing serial number in file "./example.net/zone.db" +2010-07-05 08:16:04.937: debug: Signing zone "example.net." +2010-07-05 08:16:04.937: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 C58544 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1" +2010-07-05 08:16:04.993: debug: Cmd dnssec-signzone return: "zone.db.signed" +2010-07-05 08:16:04.993: debug: Signing completed after 0s. +2010-07-05 08:16:33.604: debug: Check RFC5011 status +2010-07-05 08:16:33.604: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-07-05 08:16:33.604: debug: Check KSK status +2010-07-05 08:16:33.604: warning: "example.net.": lifetime of key signing key 8406 exceeded since 4w5d12h50m53s +2010-07-05 08:16:33.604: debug: Check ZSK status +2010-07-05 08:16:33.604: debug: Lifetime(1209600 +/-150 sec) of active key 36257 exceeded (8081453 sec) +2010-07-05 08:16:33.604: debug: ->waiting for published key +2010-07-05 08:16:33.604: notice: "example.net.": lifetime of zone signing key 36257 exceeded since 11w2d12h50m53s: ZSK rollover deferred: waiting for published key +2010-07-05 08:16:33.604: debug: Re-signing necessary: Option -f +2010-07-05 08:16:33.604: notice: "example.net.": re-signing triggered: Option -f +2010-07-05 08:16:33.604: debug: Writing key file "./example.net/dnskey.db" +2010-07-05 08:16:33.605: debug: Incrementing serial number in file "./example.net/zone.db" +2010-07-05 08:16:33.605: debug: Signing zone "example.net." +2010-07-05 08:16:33.605: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 FCB8E2 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1" +2010-07-05 08:16:33.648: debug: Cmd dnssec-signzone return: "zone.db.signed" +2010-07-05 08:16:33.648: debug: Signing completed after 0s. +2010-07-30 01:30:55.411: debug: Check RFC5011 status +2010-07-30 01:30:55.411: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-07-30 01:30:55.411: debug: Check KSK status +2010-07-30 01:30:55.411: debug: Check ZSK status +2010-07-30 01:30:55.411: debug: Lifetime(1209600 +/-150 sec) of active key 36257 exceeded (2130473 sec) +2010-07-30 01:30:55.411: debug: ->depreciate it +2010-07-30 01:30:55.411: debug: ->activate published key 48476 +2010-07-30 01:30:55.411: notice: "example.net.": lifetime of zone signing key 36257 exceeded: ZSK rollover done +2010-07-30 01:30:55.411: debug: New key for publishing needed +2010-07-30 01:30:55.493: debug: ->creating new key 1775 +2010-07-30 01:30:55.493: info: "example.net.": new key 1775 generated for publishing +2010-07-30 01:30:55.493: debug: Re-signing necessary: Modfied zone key set +2010-07-30 01:30:55.493: notice: "example.net.": re-signing triggered: Modfied zone key set +2010-07-30 01:30:55.493: debug: Writing key file "./example.net/dnskey.db" +2010-07-30 01:30:55.493: debug: Incrementing serial number in file "./example.net/zone.db" +2010-07-30 01:30:55.493: debug: Signing zone "example.net." +2010-07-30 01:30:55.494: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 3723BA -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1" +2010-07-30 01:30:55.563: debug: Cmd dnssec-signzone return: "zone.db.signed" +2010-07-30 01:30:55.563: debug: Signing completed after 0s. +2010-08-26 22:52:09.539: debug: Check RFC5011 status +2010-08-26 22:52:09.539: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-08-26 22:52:09.539: debug: Check KSK status +2010-08-26 22:52:09.539: debug: Check ZSK status +2010-08-26 22:52:09.539: debug: Lifetime(29100 sec) of depreciated key 36257 exceeded (2409674 sec) +2010-08-26 22:52:09.539: info: "example.net.": old ZSK 36257 removed +2010-08-26 22:52:09.572: debug: ->remove it +2010-08-26 22:52:09.572: debug: Lifetime(1209600 +/-150 sec) of active key 48476 exceeded (2409674 sec) +2010-08-26 22:52:09.572: debug: ->depreciate it +2010-08-26 22:52:09.572: debug: ->activate published key 1775 +2010-08-26 22:52:09.572: notice: "example.net.": lifetime of zone signing key 48476 exceeded: ZSK rollover done +2010-08-26 22:52:09.572: debug: New key for publishing needed +2010-08-26 22:52:09.640: debug: ->creating new key 26477 +2010-08-26 22:52:09.640: info: "example.net.": new key 26477 generated for publishing +2010-08-26 22:52:09.640: debug: Re-signing necessary: Modfied zone key set +2010-08-26 22:52:09.640: notice: "example.net.": re-signing triggered: Modfied zone key set +2010-08-26 22:52:09.640: debug: Writing key file "./example.net/dnskey.db" +2010-08-26 22:52:09.641: debug: Incrementing serial number in file "./example.net/zone.db" +2010-08-26 22:52:09.641: debug: Signing zone "example.net." +2010-08-26 22:52:09.641: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 2F41F9 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1" +2010-08-26 22:52:09.704: debug: Cmd dnssec-signzone return: "zone.db.signed" +2010-08-26 22:52:09.704: debug: Signing completed after 0s. +2010-08-26 22:56:02.938: debug: Check RFC5011 status +2010-08-26 22:56:02.938: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-08-26 22:56:02.938: debug: Check KSK status +2010-08-26 22:56:02.938: debug: Check ZSK status +2010-08-26 22:56:02.938: debug: Re-signing not necessary! +2010-08-26 22:56:02.938: debug: Check if there is a parent file to copy +2010-08-26 23:06:00.593: debug: Check RFC5011 status +2010-08-26 23:06:00.593: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-08-26 23:06:00.593: debug: Check KSK status +2010-08-26 23:06:00.593: debug: Check ZSK status +2010-08-26 23:06:00.593: debug: New key for publishing needed +2010-08-26 23:06:00.631: debug: ->creating new key 18026 +2010-08-26 23:06:00.631: info: "example.net.": new key 18026 generated for publishing +2010-08-26 23:06:00.631: debug: Re-signing necessary: Modfied zone key set +2010-08-26 23:06:00.631: notice: "example.net.": re-signing triggered: Modfied zone key set +2010-08-26 23:06:00.631: debug: Writing key file "./example.net/dnskey.db" +2010-08-26 23:06:00.631: debug: Incrementing serial number in file "./example.net/zone.db" +2010-08-26 23:06:00.631: debug: Signing zone "example.net." +2010-08-26 23:06:00.631: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 5EA89E -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1" +2010-08-26 23:06:00.672: debug: Cmd dnssec-signzone return: "zone.db.signed" +2010-08-26 23:06:00.672: debug: Signing completed after 0s. +2010-08-26 23:11:33.808: debug: Check RFC5011 status +2010-08-26 23:11:33.808: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-08-26 23:11:33.809: debug: Check KSK status +2010-08-26 23:11:33.809: debug: Check ZSK status +2010-08-26 23:11:33.809: debug: Re-signing not necessary! +2010-08-26 23:11:33.809: debug: Check if there is a parent file to copy +2010-08-26 23:12:51.012: debug: Check RFC5011 status +2010-08-26 23:12:51.012: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-08-26 23:12:51.012: debug: Check KSK status +2010-08-26 23:12:51.012: debug: Check ZSK status +2010-08-26 23:12:51.012: debug: Re-signing not necessary! +2010-08-26 23:12:51.012: debug: Check if there is a parent file to copy +2010-08-26 23:23:47.886: debug: Check RFC5011 status +2010-08-26 23:23:47.886: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-08-26 23:23:47.886: debug: Check KSK status +2010-08-26 23:23:47.886: debug: Check ZSK status +2010-08-26 23:23:47.886: debug: Re-signing not necessary! +2010-08-26 23:23:47.886: debug: Check if there is a parent file to copy +2010-08-26 23:50:15.724: debug: Check RFC5011 status +2010-08-26 23:50:15.724: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-08-26 23:50:15.724: debug: Check KSK status +2010-08-26 23:50:15.724: debug: Check ZSK status +2010-08-26 23:50:15.725: debug: Re-signing not necessary! +2010-08-26 23:50:15.725: debug: Check if there is a parent file to copy +2010-08-26 23:50:55.124: debug: Check RFC5011 status +2010-08-26 23:50:55.124: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-08-26 23:50:55.124: debug: Check KSK status +2010-08-26 23:50:55.124: debug: Check ZSK status +2010-08-26 23:50:55.124: debug: Re-signing not necessary! +2010-08-26 23:50:55.124: debug: Check if there is a parent file to copy +2010-08-26 23:51:46.719: debug: Check RFC5011 status +2010-08-26 23:51:46.719: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-08-26 23:51:46.719: debug: Check KSK status +2010-08-26 23:51:46.719: debug: Check ZSK status +2010-08-26 23:51:46.719: debug: Re-signing not necessary! +2010-08-26 23:51:46.719: debug: Check if there is a parent file to copy +2010-08-26 23:54:22.824: debug: Check RFC5011 status +2010-08-26 23:54:22.824: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-08-26 23:54:22.824: debug: Check KSK status +2010-08-26 23:54:22.824: debug: Check ZSK status +2010-08-26 23:54:22.824: debug: Re-signing not necessary! +2010-08-26 23:54:22.825: debug: Check if there is a parent file to copy +2010-08-26 23:55:00.018: debug: Check RFC5011 status +2010-08-26 23:55:00.018: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-08-26 23:55:00.018: debug: Check KSK status +2010-08-26 23:55:00.018: debug: Check ZSK status +2010-08-26 23:55:00.018: debug: New key for pre-publishing needed +2010-08-26 23:55:00.110: debug: ->creating new key 18293 +2010-08-26 23:55:00.110: info: "example.net.": new key 18293 generated for pre-publishing +2010-08-26 23:55:00.110: debug: Re-signing necessary: Modfied zone key set +2010-08-26 23:55:00.110: notice: "example.net.": re-signing triggered: Modfied zone key set +2010-08-26 23:55:00.110: debug: Writing key file "./example.net/dnskey.db" +2010-08-26 23:55:00.110: debug: Incrementing serial number in file "./example.net/zone.db" +2010-08-26 23:55:00.110: debug: Signing zone "example.net." +2010-08-26 23:55:00.111: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 EBE919 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1" +2010-08-26 23:55:00.168: debug: Cmd dnssec-signzone return: "zone.db.signed" +2010-08-26 23:55:00.169: debug: Signing completed after 0s. +2010-08-26 23:56:17.466: debug: Check RFC5011 status +2010-08-26 23:56:17.466: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-08-26 23:56:17.466: debug: Check KSK status +2010-08-26 23:56:17.466: debug: Check ZSK status +2010-08-26 23:56:17.466: debug: Re-signing necessary: Modfied zone key set +2010-08-26 23:56:17.466: notice: "example.net.": re-signing triggered: Modfied zone key set +2010-08-26 23:56:17.466: debug: Writing key file "./example.net/dnskey.db" +2010-08-26 23:56:17.467: debug: Incrementing serial number in file "./example.net/zone.db" +2010-08-26 23:56:17.467: debug: Signing zone "example.net." +2010-08-26 23:56:17.467: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 A876E5 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1" +2010-08-26 23:56:17.531: debug: Cmd dnssec-signzone return: "zone.db.signed" +2010-08-26 23:56:17.531: debug: Signing completed after 0s. +2010-08-26 23:57:00.178: debug: Check RFC5011 status +2010-08-26 23:57:00.178: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-08-26 23:57:00.178: debug: Check KSK status +2010-08-26 23:57:00.178: debug: Check ZSK status +2010-08-26 23:57:00.178: debug: Re-signing not necessary! +2010-08-26 23:57:00.178: debug: Check if there is a parent file to copy +2010-10-21 14:01:35.546: debug: Check RFC5011 status +2010-10-21 14:01:35.546: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-10-21 14:01:35.546: debug: Check KSK status +2010-10-21 14:01:35.546: debug: Check ZSK status +2010-10-21 14:01:35.546: debug: Re-signing necessary: re-signing interval (2d) reached +2010-10-21 14:01:35.546: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached +2010-10-21 14:01:35.546: debug: Writing key file "./example.net/dnskey.db" +2010-10-21 14:01:35.607: debug: Incrementing serial number in file "./example.net/zone.db" +2010-10-21 14:01:35.607: debug: Signing zone "example.net." +2010-10-21 14:01:35.607: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 9FC981 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1" +2010-10-21 14:01:35.761: debug: Cmd dnssec-signzone return: "zone.db.signed" +2010-10-21 14:01:35.761: debug: Signing completed after 0s. +2010-10-21 14:02:09.209: debug: Check RFC5011 status +2010-10-21 14:02:09.209: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-10-21 14:02:09.209: debug: Check KSK status +2010-10-21 14:02:09.209: debug: Check ZSK status +2010-10-21 14:02:09.209: debug: Re-signing not necessary! +2010-10-21 14:02:09.209: debug: Check if there is a parent file to copy +2010-10-21 14:05:36.170: debug: Check RFC5011 status +2010-10-21 14:05:36.170: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-10-21 14:05:36.170: debug: Check KSK status +2010-10-21 14:05:36.170: debug: Check ZSK status +2010-10-21 14:05:36.170: debug: Re-signing not necessary! +2010-10-21 14:05:36.170: debug: Check if there is a parent file to copy +2010-10-21 14:30:43.892: debug: Check RFC5011 status +2010-10-21 14:30:43.892: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-10-21 14:30:43.892: debug: Check KSK status +2010-10-21 14:30:43.892: debug: Check ZSK status +2010-10-21 14:30:43.892: debug: Re-signing not necessary! +2010-10-21 14:30:43.892: debug: Check if there is a parent file to copy diff --git a/contrib/zkt-1.1.2/examples/flat/example.net/zone.db b/contrib/zkt-1.1.2/examples/flat/example.net/zone.db new file mode 100644 index 0000000000..1dda246202 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/example.net/zone.db @@ -0,0 +1,43 @@ +;----------------------------------------------------------------- +; +; @(#) example.net/zone.db +; +;----------------------------------------------------------------- + +$TTL 7200 + +; Ensure that the serial number below is left +; justified in a field of at least 10 chars!! +; 0123456789; +; It's also possible to use the date format e.g. 2005040101 +@ IN SOA ns1.example.net. hostmaster.example.net. ( + 386 ; Serial + 43200 ; Refresh + 1800 ; Retry + 2W ; Expire + 7200 ) ; Minimum + + IN NS ns1.example.net. + IN NS ns2.example.net. + +ns1 IN A 1.0.0.5 + IN AAAA 2001:db8::53 +ns2 IN A 1.2.0.6 + +localhost IN A 127.0.0.1 + +a IN A 1.2.3.1 +b IN MX 10 a +;c IN A 1.2.3.2 +d IN A 1.2.3.3 + IN AAAA 2001:0db8::3 + +; Delegation to secure zone; The DS resource record will +; be added by dnssec-signzone automatically if the +; keyset-sub.example.net file is present (run dnssec-signzone +; with option -g or use the dnssec-signer tool) ;-) +sub IN NS ns1.example.net. + +; this file will contain all the zone keys +$INCLUDE dnskey.db + diff --git a/contrib/zkt-1.1.2/examples/flat/example.net/zone.db.signed b/contrib/zkt-1.1.2/examples/flat/example.net/zone.db.signed new file mode 100644 index 0000000000..8f45df3387 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/example.net/zone.db.signed @@ -0,0 +1,169 @@ +; File written on Thu Oct 21 14:01:35 2010 +; dnssec_signzone version 9.7.2-P2 +example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. ( + 384 ; serial + 43200 ; refresh (12 hours) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 7200 RRSIG SOA 8 2 7200 20101027110135 ( + 20101021110135 56360 example.net. + f+HC41CGvNmlXSvPzzMbtVreNYKWyBhvbeb+ + NUSvbBfuSlVt6VbyPUBYSe5Vg1QJO3YKu0ZR + Pw5Y9TNCaWqZCA== ) + 7200 NS ns1.example.net. + 7200 NS ns2.example.net. + 7200 RRSIG NS 8 2 7200 20101027110135 ( + 20101021110135 56360 example.net. + aQpW5SQJ8Yx7++QWtRWMDoV+3OPjgTRC0PQC + zns3MTbpk2wIlhE7hqty+b+1EktEoMzmx73u + 5Fu0OPKO+2PS5w== ) + 3600 DNSKEY 256 3 8 ( + BQEAAAAB2IOedrEUxH0Mxn3f24ZP9b5r+SHc + FyFZ2vXNIqmuILVO40MrW+R4H0UsQURAfKTF + Zeka2EsC7CEIyuEgkloDBQ== + ) ; key id = 56360 + 3600 DNSKEY 257 3 8 ( + BQEAAAABC6qZRCQRp2qnmxvWal1kergOJ1xQ + 5wGD+HZFLEvsvD8sU0i1BGJoeDK5N/07S7s0 + aYVdIViQ1/CmpqBgahnlOKAoMO3eYnTuFRE7 + HqJK1CSN2+nvN1m+miz+vfSPSOLeP2u8GAwI + Jmq/gb78AWStvW6HAXrDfaiqvqb4MDZCvpla + chhyHfngVLFYI22tyivUmzN/pRBePYGQ1nVs + K1cPYDPp4Q== + ) ; key id = 52101 + 3600 RRSIG DNSKEY 8 2 3600 20101027110135 ( + 20101021110135 52101 example.net. + BlWP6PoxZFRZoLav7/+yPEgNIss17oxEJZtB + rVSiVb0BfwhL96KJ1uIOhK9r1+Tj8w3Ed7Oi + pocSTkZueV3OxFkBgSQAgc1JeUQTOVKYe80L + UFjl7UzV0eITIV1DE/QqWTBBblxjXF3Egy6O + 6/9IrD65LWOGnLFFOSUZQ9IU8jFX/zqq5FWQ + Sta2/tQkzhq5F42qw3dRBNsoUC1bQ38UsYSk + SQ== ) + 3600 RRSIG DNSKEY 8 2 3600 20101027110135 ( + 20101021110135 56360 example.net. + VXJh+xZt8/5Eeo8oQyI89nXGJ0bWeBN25kpw + asam+qpoKsH6g8qJRyL3mEwIFOaud2mlQx9y + cdv42Vf3kfY71w== ) + 0 NSEC3PARAM 1 0 10 9FC981 + 0 RRSIG NSEC3PARAM 8 2 0 20101027110135 ( + 20101021110135 56360 example.net. + Fr4DrVORiEYUVCBmlRzjcEaKQ2VymMiMeJfd + gSWJzTzXbcuBbXDCfBRdph96Nz1xFvdOWvFn + xXxVOXW996AfEw== ) +a.example.net. 7200 IN A 1.2.3.1 + 7200 RRSIG A 8 3 7200 20101027110135 ( + 20101021110135 56360 example.net. + ZAuaFsvYdV1i4EqIgQoSzpkhMFJpJOOPIG9h + RXTT+LAUSFjOrFx2ovSgnySSiUV/LOsIV7bj + 08ZkIzSPYKi4Ow== ) +b.example.net. 7200 IN MX 10 a.example.net. + 7200 RRSIG MX 8 3 7200 20101027110135 ( + 20101021110135 56360 example.net. + SEIMAVtIT/2TGxkS2NFMRQfrUROKO1pbxYcS + FHImCGhWILb1E7qQ0saLi9QTMftCwRmYtJ4w + aDwAukjuLXOAnA== ) +d.example.net. 7200 IN A 1.2.3.3 + 7200 RRSIG A 8 3 7200 20101027110135 ( + 20101021110135 56360 example.net. + 1URwzkjdIhBCBtBWV9aUhJQ3yFwqwgscvcVN + 9dvNqH5g7xLz+maqdeva065z0AkO5Et/9809 + tm/0X2g0wQcoMQ== ) + 7200 AAAA 2001:db8::3 + 7200 RRSIG AAAA 8 3 7200 20101027110135 ( + 20101021110135 56360 example.net. + fIUOcVYR9Ut+iWzE+R3N01bzLJ0gpSI1E0y0 + cqEGpaU8mbgwnm4tAh57GKs8XZBbLEOH2zO8 + 5WTEjWHpKjqx3Q== ) +localhost.example.net. 7200 IN A 127.0.0.1 + 7200 RRSIG A 8 3 7200 20101027110135 ( + 20101021110135 56360 example.net. + iIfD1pCP+uHs1RarezGlZZhoyQ6R+3K3s6ba + xZZ5JCremDhFYPeMinRMjZSPos2QyEM1aHI8 + 2gXlxcb/y4+XRA== ) +ns1.example.net. 7200 IN A 1.0.0.5 + 7200 RRSIG A 8 3 7200 20101027110135 ( + 20101021110135 56360 example.net. + xBwgaFNo7+s4n4KnyZPR+1CESNVvXwUZHroC + dkEcLo8EF7+rbzFdDooJvD8wzlpy2nhwjLOL + ZxIfgZfNgkVXBw== ) + 7200 AAAA 2001:db8::53 + 7200 RRSIG AAAA 8 3 7200 20101027110135 ( + 20101021110135 56360 example.net. + uSuzZH2J+pwcP1PKKgrdJrwyvh1kpWBsprgd + 9h59q9HYKR56LPx/3iuW7oCAO5fBFTp9pvcK + BI6f+4cs1Qpp6g== ) +ns2.example.net. 7200 IN A 1.2.0.6 + 7200 RRSIG A 8 3 7200 20101027110135 ( + 20101021110135 56360 example.net. + N+U/A0VJU9HWwk1j0CJtUN7Nw9g0A3oNeKP1 + 7YJ1p0H6QvgRHDe9w8oX3iCg+IEBS9oLdTer + DXsbWVlZNXjTSw== ) +sub.example.net. 7200 IN NS ns1.example.net. + 7200 DS 855 7 1 ( + 338E1808511D3E533F1C6B1DF27E0AABA8CC + 6FE8 ) + 7200 DS 855 7 2 ( + C07C1F2004ED12D40EEC82E4358BD8D2EDC1 + 99C8E6126DD293A8E402E591C98A ) + 7200 DS 33176 10 1 ( + B7D045F9D7176BD0D00AF389856D18C0E361 + C443 ) + 7200 DS 33176 10 2 ( + 627102FACA12A10C88F6C67915B720CC6888 + 7CF1C10BC3E8EB864160F1965A18 ) + 7200 RRSIG DS 8 3 7200 20101027110135 ( + 20101021110135 56360 example.net. + N8A1y3qpsaJ0lP6d2I1y8YEuda7c2GY1kuCt + 9Mdao6oh7tL6XP2b/ELIBo6fsghfuW1KZfou + WkTbI4/HV5732g== ) +0SFBC13DNQA2CKBS24U09GPJMGD5QCF2.example.net. 7200 IN NSEC3 1 1 10 9FC981 16DIB0QP1341N7TSMI2MGCQ2MDNP6TFO NS SOA RRSIG DNSKEY NSEC3PARAM + 7200 RRSIG NSEC3 8 3 7200 20101027110135 ( + 20101021110135 56360 example.net. + irEoMAQ1uehoU51rEkuM20++pBX8iPrFzQZk + 4VAe0AXbeMBphSh3oBB0I3p7w4UGXLuYR7MW + bDPNteuoui5QmQ== ) +16DIB0QP1341N7TSMI2MGCQ2MDNP6TFO.example.net. 7200 IN NSEC3 1 1 10 9FC981 222FFA4JCL3KC4NLGH9R685ISJKB205Q MX RRSIG + 7200 RRSIG NSEC3 8 3 7200 20101027110135 ( + 20101021110135 56360 example.net. + 1rCPDG0uz8PbKQ98WLlu1R39HhKOrfjory5r + tTi/e3RA2IAksL8ZQaVW+EyRzLGSDM7TtciM + UEgK/utbE0WlqQ== ) +222FFA4JCL3KC4NLGH9R685ISJKB205Q.example.net. 7200 IN NSEC3 1 1 10 9FC981 AMEE10EPLHBGI9Q6ICVFSNVP2U0D0TVB A RRSIG + 7200 RRSIG NSEC3 8 3 7200 20101027110135 ( + 20101021110135 56360 example.net. + 1jS0RwIW59DFCr2d+ghFW8yFdcaGJDCQFgVh + pNiTIijvvyiObt7EqfJJ5PPV8CqJsZEiIoh+ + JRDEuSSrKCU6eA== ) +AMEE10EPLHBGI9Q6ICVFSNVP2U0D0TVB.example.net. 7200 IN NSEC3 1 1 10 9FC981 BOS6983BFUCMFRIQF1QMC1U4AU37TR6O A AAAA RRSIG + 7200 RRSIG NSEC3 8 3 7200 20101027110135 ( + 20101021110135 56360 example.net. + OHYj80ju8hKFNSDNj//yDIXgTKM2NUyRO2cs + K1knzM/3L/GvmEm5nvHNepxj+surAl6mmaiT + k2wl4DOdTml60w== ) +BOS6983BFUCMFRIQF1QMC1U4AU37TR6O.example.net. 7200 IN NSEC3 1 1 10 9FC981 D8S4S8KU5O1TCASTGO9FEHHGUGO696U4 A AAAA RRSIG + 7200 RRSIG NSEC3 8 3 7200 20101027110135 ( + 20101021110135 56360 example.net. + HwT0gQ7fVc5TYTc/SDQw9zMPmlSwlEW3cmVk + mjIQANQPFi597frcuVt26xAoUB71TXgGp+62 + 3y2MyRs66kCrNg== ) +D8S4S8KU5O1TCASTGO9FEHHGUGO696U4.example.net. 7200 IN NSEC3 1 1 10 9FC981 DBLIJ0LAN19DVGU1E46BJ9R9SN5BRETC NS DS RRSIG + 7200 RRSIG NSEC3 8 3 7200 20101027110135 ( + 20101021110135 56360 example.net. + R/YtEmQgd+tHTNQ8itKrFhy880QLYTpAVaER + 0dd9vITUKHG7Fhr67ACkWBOEec+d9kiL76cH + DHrDGZ+wKksLxg== ) +DBLIJ0LAN19DVGU1E46BJ9R9SN5BRETC.example.net. 7200 IN NSEC3 1 1 10 9FC981 H108GFD5147KMF1CLFQLQQBNSD733MPQ A RRSIG + 7200 RRSIG NSEC3 8 3 7200 20101027110135 ( + 20101021110135 56360 example.net. + KTPX36NTHepXsZoUGwBTq6Qt86mSF4Z0hlaP + HbhF9A+BJwLx+Sg0ifX0qobfMwh+BZZQZ8E3 + nSSyA5sIJWL39Q== ) +H108GFD5147KMF1CLFQLQQBNSD733MPQ.example.net. 7200 IN NSEC3 1 1 10 9FC981 0SFBC13DNQA2CKBS24U09GPJMGD5QCF2 A RRSIG + 7200 RRSIG NSEC3 8 3 7200 20101027110135 ( + 20101021110135 56360 example.net. + dmGULq6gwCxRscDm0oCeFD6RnDkXWtaw85DO + UGwgczRooNDBkbD608EJgqDT+ds0IGwZazGq + ufB2hCiFNnNjyg== ) diff --git a/contrib/zkt-1.1.2/examples/flat/keysets/dlvset-sub.example.net. b/contrib/zkt-1.1.2/examples/flat/keysets/dlvset-sub.example.net. new file mode 100644 index 0000000000..5a70921e17 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/keysets/dlvset-sub.example.net. @@ -0,0 +1,4 @@ +sub.example.net.dlv.trusted-keys.de. IN DLV 42834 7 1 9660E85E9542C823D4E9860D778350AA5D8904E9 +sub.example.net.dlv.trusted-keys.de. IN DLV 42834 7 2 1337FB51C697B7CD20C8D6BBC498310588C78B3595FB53F35C871DBF EC86DAAE +sub.example.net.dlv.trusted-keys.de. IN DLV 48516 7 1 CC5E20F75F02BE11BC040960669A3F5058F30DC0 +sub.example.net.dlv.trusted-keys.de. IN DLV 48516 7 2 D124B0B50CF51780707FFBF91DC305617832C09E21F32F28B8A88EFB E1F03ACE diff --git a/contrib/zkt-1.1.2/examples/flat/keysets/dsset-dyn.example.net. b/contrib/zkt-1.1.2/examples/flat/keysets/dsset-dyn.example.net. new file mode 100644 index 0000000000..79b3a0d664 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/keysets/dsset-dyn.example.net. @@ -0,0 +1,2 @@ +dyn.example.net. IN DS 52935 7 1 C8B16DDC8AFC66AFAB2E9BB5DD6D047A393870A9 +dyn.example.net. IN DS 52935 7 2 56D089B139FEB68FB9D09038920E51DF067C4FCFE62D6C67C61395BC 24E7D425 diff --git a/contrib/zkt-1.1.2/examples/flat/keysets/dsset-example.net. b/contrib/zkt-1.1.2/examples/flat/keysets/dsset-example.net. new file mode 100644 index 0000000000..d473f2a844 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/keysets/dsset-example.net. @@ -0,0 +1,2 @@ +example.net. IN DS 52101 8 1 F362C7CD57C0D663B783B763564C00C40A85AA69 +example.net. IN DS 52101 8 2 0F94D302E97BBAFD0495E7C13B2428E8597084604053183DE9C8C4C3 EF2FAED1 diff --git a/contrib/zkt-1.1.2/examples/flat/keysets/dsset-sub.example.net. b/contrib/zkt-1.1.2/examples/flat/keysets/dsset-sub.example.net. new file mode 100644 index 0000000000..0ea7b3b917 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/keysets/dsset-sub.example.net. @@ -0,0 +1,4 @@ +sub.example.net. IN DS 855 7 1 338E1808511D3E533F1C6B1DF27E0AABA8CC6FE8 +sub.example.net. IN DS 855 7 2 C07C1F2004ED12D40EEC82E4358BD8D2EDC199C8E6126DD293A8E402 E591C98A +sub.example.net. IN DS 33176 10 1 B7D045F9D7176BD0D00AF389856D18C0E361C443 +sub.example.net. IN DS 33176 10 2 627102FACA12A10C88F6C67915B720CC68887CF1C10BC3E8EB864160 F1965A18 diff --git a/contrib/zkt-1.1.2/examples/flat/keysets/keyset-dyn.example.net. b/contrib/zkt-1.1.2/examples/flat/keysets/keyset-dyn.example.net. new file mode 100644 index 0000000000..8d1b1d55c2 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/keysets/keyset-dyn.example.net. @@ -0,0 +1,8 @@ +$ORIGIN . +dyn.example.net 7200 IN DNSKEY 257 3 7 ( + AwEAAeqEDYgA5lns1VsMJiZfTWMEguameVmO + oBYx8s1uLzmS/3APsh1eWCeoBgAjRry1tpM/ + bPowyuygE4H0LpzNQLm9RbjDmpDN8Gwi3AjE + nG4HCT58TuAVxjiefN+vb1pvyFlAL58YOkuG + f9tG/NJMNc+XrULAU1ey2dT9Fh+SCVO3 + ) ; key id = 52935 diff --git a/contrib/zkt-1.1.2/examples/flat/keysets/keyset-example.net. b/contrib/zkt-1.1.2/examples/flat/keysets/keyset-example.net. new file mode 100644 index 0000000000..4c5f301de1 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/keysets/keyset-example.net. @@ -0,0 +1,10 @@ +$ORIGIN . +example.net 7200 IN DNSKEY 257 3 8 ( + BQEAAAABC6qZRCQRp2qnmxvWal1kergOJ1xQ + 5wGD+HZFLEvsvD8sU0i1BGJoeDK5N/07S7s0 + aYVdIViQ1/CmpqBgahnlOKAoMO3eYnTuFRE7 + HqJK1CSN2+nvN1m+miz+vfSPSOLeP2u8GAwI + Jmq/gb78AWStvW6HAXrDfaiqvqb4MDZCvpla + chhyHfngVLFYI22tyivUmzN/pRBePYGQ1nVs + K1cPYDPp4Q== + ) ; key id = 52101 diff --git a/contrib/zkt-1.1.2/examples/flat/keysets/keyset-sub.example.net. b/contrib/zkt-1.1.2/examples/flat/keysets/keyset-sub.example.net. new file mode 100644 index 0000000000..29b0bcfc40 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/keysets/keyset-sub.example.net. @@ -0,0 +1,15 @@ +$ORIGIN . +sub.example.net 7200 IN DNSKEY 257 3 7 ( + AwEAAcN4oi+shB1ZNhIXtSBuhAJKDp95Bc4H + 3MyhMxUos7VWVrsAxNK8u900fdubtofcoLR4 + FAoaPpX7LhQ1OPh+9RR4VIYrwilGkf2ZtZh0 + URwOruYqvJAIf6ZTxyakaUaY5m0ABl1learg + +XhjBHcMz3Lvx4Opnw5qsM+vnqJT15vd + ) ; key id = 855 + 7200 IN DNSKEY 257 3 10 ( + BQEAAAABug/pvRR/mv4qDN3gWFRiir/6UNpn + uBuVC4z7xeaNk/KdvcdDibLrSZaGfcq7no3c + PvRsJ/U7S6VvYXFZNaXvqJ66ZGcCtImIoaCZ + IQboz3hFelJb/62KqZWcj1anv7+LmfYpuA1U + JCWpFriWYhzuT3q98lG/c7XqiX79Ytoy6P0= + ) ; key id = 33176 diff --git a/contrib/zkt-1.1.2/examples/flat/named.conf b/contrib/zkt-1.1.2/examples/flat/named.conf new file mode 100644 index 0000000000..f672fc6315 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/named.conf @@ -0,0 +1,111 @@ +/***************************************************************** +** +** #(@) named.conf (c) 6. May 2004 (hoz) +** +*****************************************************************/ + +/***************************************************************** +** logging options +*****************************************************************/ +logging { + channel "named-log" { + file "/var/log/named" versions 3 size 2m; + print-time yes; + print-category yes; + print-severity yes; + severity info; + }; + channel "resolver-log" { + file "/var/log/named"; + print-time yes; + print-category yes; + print-severity yes; + severity debug 1; + }; + channel "dnssec-log" { +# file "/var/log/named-dnssec" ; + file "/var/log/named" ; + print-time yes; + print-category yes; + print-severity yes; + severity debug 3; + }; + category "dnssec" { "dnssec-log"; }; + category "default" { "named-log"; }; + category "resolver" { "resolver-log"; }; + category "client" { "resolver-log"; }; + category "queries" { "resolver-log"; }; +}; + +/***************************************************************** +** name server options +*****************************************************************/ +options { + directory "."; + + dump-file "/var/log/named_dump.db"; + statistics-file "/var/log/named.stats"; + + listen-on-v6 { any; }; + + query-source address * port 53; + transfer-source * port 53; + notify-source * port 53; + + recursion yes; + dnssec-enable yes; + edns-udp-size 4096; + +# dnssec-lookaside "." trust-anchor "trusted-keys.de."; + + querylog yes; + +}; + +/***************************************************************** +** include shared secrets... +*****************************************************************/ +/** for control sessions ... **/ +controls { + inet 127.0.0.1 + allow { localhost; }; + inet ::1 + allow { localhost; }; +}; + +/***************************************************************** +** ... and trusted_keys +*****************************************************************/ +# include "trusted-keys.conf" ; + +/***************************************************************** +** root server hints and required 127 stuff +*****************************************************************/ +zone "." in { + type hint; + file "root.hint"; +}; + +zone "localhost" in { + type master; + file "localhost.zone"; +}; + +zone "0.0.127.in-addr.ARPA" in { + type master; + file "127.0.0.zone"; +}; + +#include "zone.conf"; + +zone "example.NET." in { + type master; + file "example.net/zone.db.signed"; + zone-statistics yes; +}; + +zone "sub.example.NET." in { + type master; + file "sub.example.net/zone.db.signed"; + zone-statistics no; +}; diff --git a/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+005+24183.key b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+005+24183.key new file mode 100644 index 0000000000..c887acefec --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+005+24183.key @@ -0,0 +1,3 @@ +;% generationtime=20110125091121 +;% lifetime=365d +sub.example.net. IN DNSKEY 257 3 5 BQEAAAABCwsLhN2Fe4nAorCoXf8CU2c4QqxPyNDVOoGrOSw/u883bF0w hFeEDwQjnHD5xMwNvMk8gNJnxv2kp6lgUcx7CgC08VQD2ko9e4zLSvoR WqFZ57LXKDpKdNLuVHDA6RObDX1PG0wjeWTa2lXshlhGgnGnrQhnCjYl nnCCxgKdxwvRdLRpnqnpGCHRtj9THHOlkJuAC6bor4qlNlODIcDFBsFf +Q== diff --git a/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+005+24183.private b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+005+24183.private new file mode 100644 index 0000000000..e959a857db --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+005+24183.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: CwsLhN2Fe4nAorCoXf8CU2c4QqxPyNDVOoGrOSw/u883bF0whFeEDwQjnHD5xMwNvMk8gNJnxv2kp6lgUcx7CgC08VQD2ko9e4zLSvoRWqFZ57LXKDpKdNLuVHDA6RObDX1PG0wjeWTa2lXshlhGgnGnrQhnCjYlnnCCxgKdxwvRdLRpnqnpGCHRtj9THHOlkJuAC6bor4qlNlODIcDFBsFf+Q== +PublicExponent: AQAAAAE= +PrivateExponent: BEip8I3ZrAekBP8C78C/uCkGVPhLKRUmRzrtHIw+v1winCPwresHjn3RYzkG1ZRe+976t472XQK7hTqUjCRz6sHdboDr9JB3XX3szZc8oIRN+mE4ubolYA6KsKsXNPFZCR/njFe9q6pgW83o9KFls3zmERI2Au4dgahvMBurAQd0ALgnDeWQ9D6sHduUVsE9y8QNj2ePxwMoqaa7z2YLNjNHgQ== +Prime1: A5oDBCAqjh1f1jvQp1QSlnnwcU8TkS3bZHvWsD2Mb8IDpUvEHgPtLk8B1mxOQ37X9r7Acv8qLaQghBNSKE/eQtI9xboJhzqAEXlGn3FMPHMJSQ== +Prime2: AxDwhsYfyz+524Ox+PF4S1RvKidLrFg+W+xvSxmX5hoFPtUVM6Rg5o1Gszb41YrRhOUOTu0EUg3s68F/H90Y8Z3upU5joDfDYt5irPEaIOjRMQ== +Exponent1: Af2chU+hAR/vDAfC+sRSYF/b6A8OgpV66oTymQ3vd9Epy0HtSPo6Pbp7ocI9NC0gXX8RpshsWuGY0Vp9Q1iNg/k0GcxNlmBhVbEICfUovKikQQ== +Exponent2: AeaYvLF2gEOPhE2A6SVd/wavTtozTK7MHUvGzxhUrzcQpr6Q9J+jt1KuQFy12SXtEx5Ksmb9X8HM8wSYp4LWoWDUT3dr6vm81TXk282DtDMPsQ== +Coefficient: Af+eH8CX1yPFLO/zkmGfl6O0jbTlaMLyCpVat/gcnuP99Njpir9T66c0AUYplmAU39gRp/Fes5v4Zg0k3oqMKDETqIDUAzLAw/jPtG4lleP93Q== diff --git a/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+005+44660.key b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+005+44660.key new file mode 100644 index 0000000000..ced83af67f --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+005+44660.key @@ -0,0 +1,3 @@ +;% generationtime=20110125091121 +;% lifetime=84d +sub.example.net. IN DNSKEY 256 3 5 BQEAAAABn6df/D+TwBypmBlabmitCSWnYLJFa/8Kk3W7Zj+ODS/kJA6s QZIQiLUK0sd/dM+A8+qAVlgwgQDxkAiuwrc7Lw== diff --git a/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+005+44660.private b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+005+44660.private new file mode 100644 index 0000000000..06e5bf5878 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+005+44660.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: n6df/D+TwBypmBlabmitCSWnYLJFa/8Kk3W7Zj+ODS/kJA6sQZIQiLUK0sd/dM+A8+qAVlgwgQDxkAiuwrc7Lw== +PublicExponent: AQAAAAE= +PrivateExponent: PG5iufxb7TEulI2ByOZ0XgY2PTGWg0S7yN4ac+sXC290afYP5ZHDaq95YVQk99951eB9qshc1kSZ/NBD+fNa+Q== +Prime1: zDTjPGm+Np3hO4B5bz3KJgFqi1KwsU7ZQ+lj+M91G9s= +Prime2: yCWuBVdxUKUebhrEcaLc7SRVXXxqtlzBOIF+o/oOSD0= +Exponent1: yEjJnrWAGD79aaNqjzo2vCM3Cnfl7KxZxIXSdRisHXc= +Exponent2: gJhrWsLDkyZq42RRAt7Krhvc0CUF0w50uzn6X8yqjLE= +Coefficient: LgMQFUiUSrbRtwKnzWmOo94ssIVB91TQIVQSVuuqvHQ= diff --git a/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+00855.key b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+00855.key new file mode 100644 index 0000000000..29f7116891 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+00855.key @@ -0,0 +1,3 @@ +;% generationtime=20100924112625 +;% lifetime=7d +sub.example.net. IN DNSKEY 257 3 7 AwEAAcN4oi+shB1ZNhIXtSBuhAJKDp95Bc4H3MyhMxUos7VWVrsAxNK8 u900fdubtofcoLR4FAoaPpX7LhQ1OPh+9RR4VIYrwilGkf2ZtZh0URwO ruYqvJAIf6ZTxyakaUaY5m0ABl1learg+XhjBHcMz3Lvx4Opnw5qsM+v nqJT15vd diff --git a/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+00855.private b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+00855.private new file mode 100644 index 0000000000..e3eec9739a --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+00855.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 7 (NSEC3RSASHA1) +Modulus: w3iiL6yEHVk2Ehe1IG6EAkoOn3kFzgfczKEzFSiztVZWuwDE0ry73TR925u2h9ygtHgUCho+lfsuFDU4+H71FHhUhivCKUaR/Zm1mHRRHA6u5iq8kAh/plPHJqRpRpjmbQAGXWV5quD5eGMEdwzPcu/Hg6mfDmqwz6+eolPXm90= +PublicExponent: AQAB +PrivateExponent: fNWHzqaAYTXeIEPfuuyZhdTB7fqeSGwhCNZSB0tNKZwQG7FsAaHi4GxrjFqvgajXQSoGskT8f1BAp0suLRT3cpKH/FXeYknuwGMETTKk+4zZ7LAcSqU6b/dQptYdBJK1IdwMJjEAf5XT5y3OpPUbcm+o/9KxuepPsxXpQnu8rUk= +Prime1: 8xZNFTO8y0gbq93Qo9Hg0BVxrR9byVBVg++p/7n5Qvr+bftE7FQ0OGbRCYksSf00jPbVBdzfn1IxlQL7Gipomw== +Prime2: zdrP9WaH7jYWbBuTEnsPDDcE1wHBNer2bHtGCvD6FFpCahP8zq//p2OvYEvljxXe2gqbzYASaeMd7c8EZeEo5w== +Exponent1: HjMxFGc/F0o4FdwS5adXdMKVQtrYfmQ6m4+U4S5rp0Sjg2pqH6o+aptrcPHXzMFmW/T2dioApjyB6G9cXt3R7Q== +Exponent2: ftqygGVYqsEF/ETZ0u+mjD5zaxOXvuQ2Sw+EUEXDtjsQ5lG+3peykbJqZosewZgWpoMXFAIyVrIwxVVnPmkMTQ== +Coefficient: GZcwPOtNNbsqM2Qw1oS9m4/rPwYp6iwDcSSnypmn1jliaDMZOEiHqEUZ223khlhJxlW21kQAtZGgL2kX1LETaQ== diff --git a/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+34493.key b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+34493.key new file mode 100644 index 0000000000..6953e1918b --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+34493.key @@ -0,0 +1,3 @@ +;% generationtime=20100924112625 +;% lifetime=3d +sub.example.net. IN DNSKEY 256 3 7 AwEAAa5bMLD0fx/ZGgiuhgslScPhm3c3sbLKn5Kc9w63+VBcq5Bg9td+ pME6uVtNvvAsgjoE2ORcqULqPp6ITd7VpTE= diff --git a/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+34493.private b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+34493.private new file mode 100644 index 0000000000..882df30742 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+34493.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 7 (NSEC3RSASHA1) +Modulus: rlswsPR/H9kaCK6GCyVJw+Gbdzexssqfkpz3Drf5UFyrkGD2136kwTq5W02+8CyCOgTY5FypQuo+nohN3tWlMQ== +PublicExponent: AQAB +PrivateExponent: p+LU2r9CnWcOA2gRWDAafEwDx+LP74nd523PEtQhc7eA9YL1d0w5DsxNUbGp1a2fuYCO/V1jew7E/PQkBOEHQQ== +Prime1: 1S2btDM6sqSVM66/V5x8T3d6tqLxZz/+0hP2064u68k= +Prime2: 0WE3l1yD6SzCKYaCHRdmOvMvzwcoooHOFu7nIqIv0ik= +Exponent1: SoSn4gTqZtoLYcabEkgcWDb+yWsKEbqYG91osbQ4qKk= +Exponent2: QHZO2DHqhtJ54LEBxBUdK08NzA5nK0kNezAIRzhpwqk= +Coefficient: c6ICoCH4ZQeCVuEn5HwBof93cBjc0A4s5AIOw3YhmYE= diff --git a/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+55983.key b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+55983.key new file mode 100644 index 0000000000..3c2afbd8d5 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+55983.key @@ -0,0 +1,3 @@ +;% generationtime=20101127101703 +;% lifetime=7d +sub.example.net. IN DNSKEY 257 3 7 AwEAAbv0XLM9qAEncwc4HjBamccNu/z+gPmnsp4bFEdz6YgPtSSIdUA+ OChIBJg2fADBupHsmibB5E6IVHcuKO0OF4uiSv4FSk9p/2mioI9RxeSR xGQ6gds3DJBN8sw86LH8BjLynqY/Jw/D3BudvcDHJtz7HtCH0mNEL9eG hjzq+GW/ diff --git a/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+55983.private b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+55983.private new file mode 100644 index 0000000000..ef53614a57 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+55983.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 7 (NSEC3RSASHA1) +Modulus: u/Rcsz2oASdzBzgeMFqZxw27/P6A+aeynhsUR3PpiA+1JIh1QD44KEgEmDZ8AMG6keyaJsHkTohUdy4o7Q4Xi6JK/gVKT2n/aaKgj1HF5JHEZDqB2zcMkE3yzDzosfwGMvKepj8nD8PcG529wMcm3Pse0IfSY0Qv14aGPOr4Zb8= +PublicExponent: AQAB +PrivateExponent: I3QCkGTO7fjM/82cFC7i1uNGVICFP5JcZOpitt+sa1fbKVr8EvQpj5+WDkgot9PTJ3dj1G+6av3YQOraGW0RD5hVfuuJD3B10e7wVuaYRwA1uF/Lj0UTjag5d1KV0L38Zj73jEhA50ZAqDKNykwV3Ir4mVlIH0t4AINYrL84vCE= +Prime1: +H9jAgtRG+/Co4e+ef8JKkiwFlM3deV1PUa8EjvnLuY5g3de+RARJQ5stDdHPik4xaau3sQB/5atI4zxDTqBNw== +Prime2: waELRgLV2acQzUQu1zbGWqucgItEmx1bg9SJhKatJpAA0dBGvU42rOMA+eKm47uRY2CZkNaJneiQFFbbIW2juQ== +Exponent1: j3Sq6aEy39fYG6Pf2HndBqYT0a+U0uD2f7t4E2a1naOXDEg7cblOzH+5TYij/kS525DQXxX0uWJ47Y8OEb72nQ== +Exponent2: iBfYI6I0iqF5Fr04qv2N1wbNni/Ezb2JqBQHgBvikbsfSFk6jy3dEhEPi5M5t9EK9C1eYkXYPgvK0PDnXgyAyQ== +Coefficient: oZYj4nmY+QE6/sOjBelpaEm7BgGasIIZqQN2D3DBpiVUmQDtJ6XTcpcdZ14IVsTIijvS7mXM+hzbCH/UG/pL0Q== diff --git a/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+59870.key b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+59870.key new file mode 100644 index 0000000000..c17531fe28 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+59870.key @@ -0,0 +1,3 @@ +;% generationtime=20101127101703 +;% lifetime=3d +sub.example.net. IN DNSKEY 256 3 7 AwEAAcbKVFdrzJmGoQCMYf9vwxdKrGrLk86OqVHVlXAwoHgdGpAjsga0 FenJ7FwC4eqAxK0dUC86/dUX/YUFz0fBLo0= diff --git a/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+59870.private b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+59870.private new file mode 100644 index 0000000000..ffa2fc4736 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+59870.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 7 (NSEC3RSASHA1) +Modulus: xspUV2vMmYahAIxh/2/DF0qsasuTzo6pUdWVcDCgeB0akCOyBrQV6cnsXALh6oDErR1QLzr91Rf9hQXPR8EujQ== +PublicExponent: AQAB +PrivateExponent: nuTaxYXE5HJX/rg3HJWYuuVVK4fNfS1K6b5u1F4J5fbzBR+NZnWpRWMG3qQ9rlMp1jZOKCKfmJPjrYpahjbQAQ== +Prime1: +Ns6U9aZkGqxp+tfNwwCueu6zyIyQZKgLGVPcEZpbK0= +Prime2: zH8uZiJTrlY39Az3+eiTMS4SGgBxAWeXlMC4DUrCJWE= +Exponent1: +CZrwERDNy4dX2ums5aHdWvqCTh5UsfqbrrLfxLHd7U= +Exponent2: Rz5Hu+1ZmfMPq0aZXcdZAFk8lTJyLDsa5AgAFyFkYgE= +Coefficient: Rf2NFyo0bBow/KT2fAww0ePV8X24wk2Y/TPKWn8a99Y= diff --git a/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+010+07987.key b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+010+07987.key new file mode 100644 index 0000000000..a8af5c78e0 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+010+07987.key @@ -0,0 +1,3 @@ +;% generationtime=20101021120536 +;% lifetime=3d +sub.example.net. IN DNSKEY 256 3 10 BQEAAAABn8UTQYIEkX5bd7hPSpQ1VPJKNxl6iRQVozij1a5r4LcRPK3v mvMhZCOIvD3A1iym6hGnwkUHbmzpQx7W+J9uZbCtMA+NjnEwqR7Ac4WO 4ZJPovWjQhDpHuZzy6++9X5BY6GS2KSB6k5YE7Rtuc5SY+fIZhQnZ7Si fjGNJVWF98k= diff --git a/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+010+07987.private b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+010+07987.private new file mode 100644 index 0000000000..a8d924e16c --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+010+07987.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 10 (RSASHA512) +Modulus: n8UTQYIEkX5bd7hPSpQ1VPJKNxl6iRQVozij1a5r4LcRPK3vmvMhZCOIvD3A1iym6hGnwkUHbmzpQx7W+J9uZbCtMA+NjnEwqR7Ac4WO4ZJPovWjQhDpHuZzy6++9X5BY6GS2KSB6k5YE7Rtuc5SY+fIZhQnZ7SifjGNJVWF98k= +PublicExponent: AQAAAAE= +PrivateExponent: JGn91bZcjzq8WiGhHg5kIsbDfb5kSpjhqbAypDkYPpby4T2Hd6rDqhRZMEZH5o7mC9tuzwwaY0jp7uZKiy0IZ62IqAUAsj/u1pjWh1TWQ7XrOIxkd2dNgkvvJ1sm7aAoDaSi/MrwinaFaqHoO0zmpMosBNL1parHedn5yWxeZQE= +Prime1: 0ANDDIRnVYwNkuKYZ+TbawYq7DLdixk3L01nNt8BHts7Q8WXACfj3dfHO3qB/dT/xxbUDYWMOTGQXpXN2p5SoQ== +Prime2: xKCziYPsyGD2yezOC9Awvy2vfb1Ev5zYAdXLSsbuy3sOGSJp7QiTuE+wazyUbkhhaKu5FpBnMdmFQgY2YK08KQ== +Exponent1: SxN8PWTIv5haN0Mz4DE+9lN9qCxEqeuu9644AcD4w1GvgQEKN+nR5nYHhrSAgjQchD0G52sTVAAg9RVjSN/RgQ== +Exponent2: CgqfFKLaSOmao8l4vmFyWjc1VWKSVHaVEOwYCqwFeXceni/OaN4ba5aXxhqxavj+M4/w2kURppUms00lkrv3QQ== +Coefficient: nnIoXkPAvUfT5ypPCg4sM+OnZ38I4BlIdnjrWcNl340TG83bSH4mdf9mkIfvjpBBue9fHQ7WPRnawIUiU3/iNQ== diff --git a/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+010+33176.key b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+010+33176.key new file mode 100644 index 0000000000..73a16fd959 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+010+33176.key @@ -0,0 +1,3 @@ +;% generationtime=20101021113820 +;% lifetime=7d +sub.example.net. IN DNSKEY 257 3 10 BQEAAAABug/pvRR/mv4qDN3gWFRiir/6UNpnuBuVC4z7xeaNk/KdvcdD ibLrSZaGfcq7no3cPvRsJ/U7S6VvYXFZNaXvqJ66ZGcCtImIoaCZIQbo z3hFelJb/62KqZWcj1anv7+LmfYpuA1UJCWpFriWYhzuT3q98lG/c7Xq iX79Ytoy6P0= diff --git a/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+010+33176.private b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+010+33176.private new file mode 100644 index 0000000000..b62d1620c0 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+010+33176.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 10 (RSASHA512) +Modulus: ug/pvRR/mv4qDN3gWFRiir/6UNpnuBuVC4z7xeaNk/KdvcdDibLrSZaGfcq7no3cPvRsJ/U7S6VvYXFZNaXvqJ66ZGcCtImIoaCZIQboz3hFelJb/62KqZWcj1anv7+LmfYpuA1UJCWpFriWYhzuT3q98lG/c7XqiX79Ytoy6P0= +PublicExponent: AQAAAAE= +PrivateExponent: IFVOvH94pIiUBAq8ix/GuYg0kLLpKFM0iBQ+j8OmyiZIKQUDSWSP7IU7UMFgh2DELdzwF6cTqBO5gjbesotzPvPny1/isM7N8Z1FN7j4/zBTDAXVHMYdcIZEC+UZkCEu6g206BnCCsLSQm1gcDFxkaqYtSD+I/dJ82YeWVM66OU= +Prime1: 5hNJZCTszlcCQvDmXffAjt3oV4qDd1HJDcknvcmtimRqVFIDgK8UcCD2DMI1PBA+SmPSSiSU3mo4y/YKjXBvQw== +Prime2: zwcHpDKsA5Pr9e+KcjFmZbNTCEqY2GiABxvOcmuqYvLf5pkjTkEiZm3pn23/eypzjpxnyDFzk6NM0HkKQkMivw== +Exponent1: ZDECG7FYUKBEtvsq1t1lNUkyH9LAYl1eEt1rpnPXXK/JDSy5tMQeq4iCJY8hy+BE/WlxYQQ3OUENqhvhLgtC6Q== +Exponent2: FifCGPMN4sIq/+rZC/F4AfEe8f0ZmTshsfVilVVkqUnavPahK9kk2jSEInk50CKpMqNCywF+fer/77+mxW7fCQ== +Coefficient: yvTbE7YdfrvskUqVo+/KjEH3cu0oYl99AshpIOeBaQ5sNJtuZzHA6UEnVY0rc5Apli7sRVSsrJSZSqBeD6hMdQ== diff --git a/contrib/zkt-1.1.2/examples/flat/sub.example.net/dlvset-sub.example.net. b/contrib/zkt-1.1.2/examples/flat/sub.example.net/dlvset-sub.example.net. new file mode 100644 index 0000000000..b9d0017467 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/sub.example.net/dlvset-sub.example.net. @@ -0,0 +1,2 @@ +sub.example.net.dlv.trusted-keys.de. IN DLV 48516 7 1 CC5E20F75F02BE11BC040960669A3F5058F30DC0 +sub.example.net.dlv.trusted-keys.de. IN DLV 48516 7 2 D124B0B50CF51780707FFBF91DC305617832C09E21F32F28B8A88EFB E1F03ACE diff --git a/contrib/zkt-1.1.2/examples/flat/sub.example.net/dnskey.db b/contrib/zkt-1.1.2/examples/flat/sub.example.net/dnskey.db new file mode 100644 index 0000000000..c6ed4e8f0d --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/sub.example.net/dnskey.db @@ -0,0 +1,68 @@ +; +; !!! Don't edit this file by hand. +; !!! It will be generated by zkt-signer. +; +; Last generation time Jan 25 2011 20:02:30 +; + +; *** List of Key Signing Keys *** +; sub.example.net. tag=855 algo=NSEC3RSASHA1 generated Sep 24 2010 13:26:25 +sub.example.net. 14400 IN DNSKEY 257 3 7 ( + AwEAAcN4oi+shB1ZNhIXtSBuhAJKDp95Bc4H3MyhMxUos7VWVrsAxNK8 + u900fdubtofcoLR4FAoaPpX7LhQ1OPh+9RR4VIYrwilGkf2ZtZh0URwO + ruYqvJAIf6ZTxyakaUaY5m0ABl1learg+XhjBHcMz3Lvx4Opnw5qsM+v + nqJT15vd + ) ; key id = 855 + +; sub.example.net. tag=33176 algo=RSASHA512 generated Oct 21 2010 13:38:20 +sub.example.net. 14400 IN DNSKEY 257 3 10 ( + BQEAAAABug/pvRR/mv4qDN3gWFRiir/6UNpnuBuVC4z7xeaNk/KdvcdD + ibLrSZaGfcq7no3cPvRsJ/U7S6VvYXFZNaXvqJ66ZGcCtImIoaCZIQbo + z3hFelJb/62KqZWcj1anv7+LmfYpuA1UJCWpFriWYhzuT3q98lG/c7Xq + iX79Ytoy6P0= + ) ; key id = 33176 + +; sub.example.net. tag=55983 algo=NSEC3RSASHA1 generated Nov 27 2010 11:17:03 +sub.example.net. 14400 IN DNSKEY 257 3 7 ( + AwEAAbv0XLM9qAEncwc4HjBamccNu/z+gPmnsp4bFEdz6YgPtSSIdUA+ + OChIBJg2fADBupHsmibB5E6IVHcuKO0OF4uiSv4FSk9p/2mioI9RxeSR + xGQ6gds3DJBN8sw86LH8BjLynqY/Jw/D3BudvcDHJtz7HtCH0mNEL9eG + hjzq+GW/ + ) ; key id = 55983 + +; sub.example.net. tag=24183 algo=RSASHA1 generated Jan 25 2011 10:11:21 +sub.example.net. 14400 IN DNSKEY 257 3 5 ( + BQEAAAABCwsLhN2Fe4nAorCoXf8CU2c4QqxPyNDVOoGrOSw/u883bF0w + hFeEDwQjnHD5xMwNvMk8gNJnxv2kp6lgUcx7CgC08VQD2ko9e4zLSvoR + WqFZ57LXKDpKdNLuVHDA6RObDX1PG0wjeWTa2lXshlhGgnGnrQhnCjYl + nnCCxgKdxwvRdLRpnqnpGCHRtj9THHOlkJuAC6bor4qlNlODIcDFBsFf + +Q== + ) ; key id = 24183 + +; *** List of Zone Signing Keys *** +; sub.example.net. tag=34493 algo=NSEC3RSASHA1 generated Sep 24 2010 13:26:25 +sub.example.net. 14400 IN DNSKEY 256 3 7 ( + AwEAAa5bMLD0fx/ZGgiuhgslScPhm3c3sbLKn5Kc9w63+VBcq5Bg9td+ + pME6uVtNvvAsgjoE2ORcqULqPp6ITd7VpTE= + ) ; key id = 34493 + +; sub.example.net. tag=7987 algo=RSASHA512 generated Oct 21 2010 14:05:36 +sub.example.net. 14400 IN DNSKEY 256 3 10 ( + BQEAAAABn8UTQYIEkX5bd7hPSpQ1VPJKNxl6iRQVozij1a5r4LcRPK3v + mvMhZCOIvD3A1iym6hGnwkUHbmzpQx7W+J9uZbCtMA+NjnEwqR7Ac4WO + 4ZJPovWjQhDpHuZzy6++9X5BY6GS2KSB6k5YE7Rtuc5SY+fIZhQnZ7Si + fjGNJVWF98k= + ) ; key id = 7987 + +; sub.example.net. tag=59870 algo=NSEC3RSASHA1 generated Nov 27 2010 11:17:03 +sub.example.net. 14400 IN DNSKEY 256 3 7 ( + AwEAAcbKVFdrzJmGoQCMYf9vwxdKrGrLk86OqVHVlXAwoHgdGpAjsga0 + FenJ7FwC4eqAxK0dUC86/dUX/YUFz0fBLo0= + ) ; key id = 59870 + +; sub.example.net. tag=44660 algo=RSASHA1 generated Jan 25 2011 10:11:21 +sub.example.net. 14400 IN DNSKEY 256 3 5 ( + BQEAAAABn6df/D+TwBypmBlabmitCSWnYLJFa/8Kk3W7Zj+ODS/kJA6s + QZIQiLUK0sd/dM+A8+qAVlgwgQDxkAiuwrc7Lw== + ) ; key id = 44660 + diff --git a/contrib/zkt-1.1.2/examples/flat/sub.example.net/dnssec.conf b/contrib/zkt-1.1.2/examples/flat/sub.example.net/dnssec.conf new file mode 100644 index 0000000000..f1f8dec394 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/sub.example.net/dnssec.conf @@ -0,0 +1,7 @@ +ResignInterval: 1d # (86400 seconds) +SigValidity: 2d # (172800 seconds) +MaximumTTL: 90s # (90 seconds) +KSKlifetime: 1w # (604800 seconds) +KSKbits: 1024 +ZSKlifetime: 3d # (259200 seconds) +NSEC3: On # (On|Off|OptOut) diff --git a/contrib/zkt-1.1.2/examples/flat/sub.example.net/maxhexsalt b/contrib/zkt-1.1.2/examples/flat/sub.example.net/maxhexsalt new file mode 100644 index 0000000000..94bc5aff31 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/sub.example.net/maxhexsalt @@ -0,0 +1 @@ +1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDE \ No newline at end of file diff --git a/contrib/zkt-1.1.2/examples/flat/sub.example.net/maxhexsalt+1 b/contrib/zkt-1.1.2/examples/flat/sub.example.net/maxhexsalt+1 new file mode 100644 index 0000000000..6f1f3b5ccb --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/sub.example.net/maxhexsalt+1 @@ -0,0 +1 @@ +1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDE1 \ No newline at end of file diff --git a/contrib/zkt-1.1.2/examples/flat/sub.example.net/zktlog-sub.example.net. b/contrib/zkt-1.1.2/examples/flat/sub.example.net/zktlog-sub.example.net. new file mode 100644 index 0000000000..e40bdad4fe --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/sub.example.net/zktlog-sub.example.net. @@ -0,0 +1,48 @@ +2010-10-21 14:01:35.486: debug: Check RFC5011 status +2010-10-21 14:01:35.486: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-10-21 14:01:35.486: debug: Check KSK status +2010-10-21 14:01:35.486: debug: Check ZSK status +2010-10-21 14:01:35.486: debug: No active ZSK found: generate new one +2010-10-21 14:01:35.495: error: sub.example.net.": can't generate new ZSK +2010-10-21 14:01:35.495: debug: Re-signing necessary: Modfied zone key set +2010-10-21 14:01:35.496: notice: "sub.example.net.": re-signing triggered: Modfied zone key set +2010-10-21 14:01:35.496: debug: Writing key file "./sub.example.net/dnskey.db" +2010-10-21 14:01:35.496: debug: Incrementing serial number in file "./sub.example.net/zone.db" +2010-10-21 14:01:35.496: debug: Signing zone "sub.example.net." +2010-10-21 14:01:35.496: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 9FC981 -C -g -p -d ../keysets -o sub.example.net. -e +172800 zone.db K*.private 2>&1" +2010-10-21 14:01:35.546: debug: Cmd dnssec-signzone return: "dnssec-signzone: fatal: DNSSEC completeness test failed." +2010-10-21 14:01:35.546: error: "sub.example.net.": signing failed! +2010-10-21 14:02:09.146: debug: Check RFC5011 status +2010-10-21 14:02:09.146: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-10-21 14:02:09.146: debug: Check KSK status +2010-10-21 14:02:09.146: debug: Check ZSK status +2010-10-21 14:02:09.146: debug: No active ZSK found: generate new one +2010-10-21 14:02:09.156: error: sub.example.net.": can't generate new ZSK +2010-10-21 14:02:09.156: debug: Re-signing necessary: Modified keys +2010-10-21 14:02:09.156: notice: "sub.example.net.": re-signing triggered: Modified keys +2010-10-21 14:02:09.156: debug: Writing key file "./sub.example.net/dnskey.db" +2010-10-21 14:02:09.157: debug: Incrementing serial number in file "./sub.example.net/zone.db" +2010-10-21 14:02:09.157: debug: Signing zone "sub.example.net." +2010-10-21 14:02:09.157: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 BD326D -C -g -p -d ../keysets -o sub.example.net. -e +172800 zone.db K*.private 2>&1" +2010-10-21 14:02:09.208: debug: Cmd dnssec-signzone return: "dnssec-signzone: fatal: DNSSEC completeness test failed." +2010-10-21 14:02:09.208: error: "sub.example.net.": signing failed! +2010-10-21 14:05:35.988: debug: Check RFC5011 status +2010-10-21 14:05:35.988: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-10-21 14:05:35.988: debug: Check KSK status +2010-10-21 14:05:35.988: debug: Check ZSK status +2010-10-21 14:05:35.988: debug: No active ZSK found: generate new one +2010-10-21 14:05:36.091: info: "sub.example.net.": generated new ZSK 7987 +2010-10-21 14:05:36.091: debug: Re-signing necessary: Modfied zone key set +2010-10-21 14:05:36.091: notice: "sub.example.net.": re-signing triggered: Modfied zone key set +2010-10-21 14:05:36.091: debug: Writing key file "./sub.example.net/dnskey.db" +2010-10-21 14:05:36.091: debug: Incrementing serial number in file "./sub.example.net/zone.db" +2010-10-21 14:05:36.091: debug: Signing zone "sub.example.net." +2010-10-21 14:05:36.091: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 75DE06 -C -g -p -d ../keysets -o sub.example.net. -e +172800 zone.db K*.private 2>&1" +2010-10-21 14:05:36.170: debug: Cmd dnssec-signzone return: "zone.db.signed" +2010-10-21 14:05:36.170: debug: Signing completed after 0s. +2010-10-21 14:30:43.892: debug: Check RFC5011 status +2010-10-21 14:30:43.892: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-10-21 14:30:43.892: debug: Check KSK status +2010-10-21 14:30:43.892: debug: Check ZSK status +2010-10-21 14:30:43.892: debug: Re-signing not necessary! +2010-10-21 14:30:43.892: debug: Check if there is a parent file to copy diff --git a/contrib/zkt-1.1.2/examples/flat/sub.example.net/zone.db b/contrib/zkt-1.1.2/examples/flat/sub.example.net/zone.db new file mode 100644 index 0000000000..837535bcb2 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/sub.example.net/zone.db @@ -0,0 +1,25 @@ +;----------------------------------------------------------------- +; +; @(#) sub.example.net/zone.db +; +;----------------------------------------------------------------- + +$TTL 7200 + +@ IN SOA ns1.example.net. hostmaster.example.net. ( + 8 ; Serial + 86400 ; Refresh (RIPE recommendation if NOTIFY is used) + 1800 ; Retry + 2W ; Expire + 7200 ) ; Minimum + + + IN NS ns1.example.net. + +$INCLUDE dnskey.db + +localhost IN A 127.0.0.1 + +a IN A 1.2.3.4 +b IN A 1.2.3.5 +c IN A 1.2.3.6 diff --git a/contrib/zkt-1.1.2/examples/flat/sub.example.net/zone.db.signed b/contrib/zkt-1.1.2/examples/flat/sub.example.net/zone.db.signed new file mode 100644 index 0000000000..4745d6b4f1 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/sub.example.net/zone.db.signed @@ -0,0 +1,216 @@ +; File written on Thu Oct 21 14:05:36 2010 +; dnssec_signzone version 9.7.2-P2 +sub.example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. ( + 6 ; serial + 86400 ; refresh (1 day) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 7200 RRSIG SOA 7 3 7200 20101023110536 ( + 20101021110536 34493 sub.example.net. + MgaHCyEt33DXRMiHMpZr4x52phpp8hdqu05a + bcQ7E2KGxpvsH8DtBDixo0WV73qDM45XT8mA + 9xLn3HBRSXP8Ag== ) + 7200 RRSIG SOA 10 3 7200 20101023110536 ( + 20101021110536 7987 sub.example.net. + H3B12qsYiBhrloBItfIOkakV6kUfFEhdplBv + T4n0rVihInOkC6SssFEMbe69rGvMgnzL8aCX + rIsYDT7z0fCD5mvdFJ+rsYFCAW35nlZil9Lc + xB27U+lMIngODjHiNShtjEXtKaQPKxbvbgSX + nkZ0joeWdMIEYhihgCvWc+A1mv4= ) + 7200 NS ns1.example.net. + 7200 RRSIG NS 7 3 7200 20101023110536 ( + 20101021110536 34493 sub.example.net. + QAt2BZsV7nxer/TFQLtQ/Xp8TYwiqqkmAcLa + pLf8wBWMXFTxz3O29QF+RBSdmLqeoCgW+Q5g + ygScSISe5nvKfw== ) + 7200 RRSIG NS 10 3 7200 20101023110536 ( + 20101021110536 7987 sub.example.net. + cZHqQnIA/fTFZx6LroJNWj9jPLxrnZtTHvlp + NqkTbLG5uu/+sljkOUOqHVqK9ubUESkRNP3u + Nl/oROMcgISsDWRcEOu4Vc48zBn/90vJK5WY + ZcXeGcp34pFMK7/03vEH4U1tZKc7Guvm3reh + gcfNBotu57wvctbjlqq3DM4axwI= ) + 3600 DNSKEY 256 3 7 ( + AwEAAa5bMLD0fx/ZGgiuhgslScPhm3c3sbLK + n5Kc9w63+VBcq5Bg9td+pME6uVtNvvAsgjoE + 2ORcqULqPp6ITd7VpTE= + ) ; key id = 34493 + 3600 DNSKEY 256 3 10 ( + BQEAAAABn8UTQYIEkX5bd7hPSpQ1VPJKNxl6 + iRQVozij1a5r4LcRPK3vmvMhZCOIvD3A1iym + 6hGnwkUHbmzpQx7W+J9uZbCtMA+NjnEwqR7A + c4WO4ZJPovWjQhDpHuZzy6++9X5BY6GS2KSB + 6k5YE7Rtuc5SY+fIZhQnZ7SifjGNJVWF98k= + ) ; key id = 7987 + 3600 DNSKEY 257 3 7 ( + AwEAAcN4oi+shB1ZNhIXtSBuhAJKDp95Bc4H + 3MyhMxUos7VWVrsAxNK8u900fdubtofcoLR4 + FAoaPpX7LhQ1OPh+9RR4VIYrwilGkf2ZtZh0 + URwOruYqvJAIf6ZTxyakaUaY5m0ABl1learg + +XhjBHcMz3Lvx4Opnw5qsM+vnqJT15vd + ) ; key id = 855 + 3600 DNSKEY 257 3 10 ( + BQEAAAABug/pvRR/mv4qDN3gWFRiir/6UNpn + uBuVC4z7xeaNk/KdvcdDibLrSZaGfcq7no3c + PvRsJ/U7S6VvYXFZNaXvqJ66ZGcCtImIoaCZ + IQboz3hFelJb/62KqZWcj1anv7+LmfYpuA1U + JCWpFriWYhzuT3q98lG/c7XqiX79Ytoy6P0= + ) ; key id = 33176 + 3600 RRSIG DNSKEY 7 3 3600 20101023110536 ( + 20101021110536 855 sub.example.net. + NcmO3PoVofXHe6EbmnSCkr4eTfuTkdtEQQWv + 8pbHY0Ze8NR4ISjzJf1zC4U4fJsYeS9AUL5A + 2l6qEWoY8cbPRdDnf2iKfHKTllXFubM6EtYF + aKmK38BU1Ldh6jdcJ0bFUN4cMPVhX9BA+yTM + Hm0EdYZvC6QICrlQBdJuyzS3FSA= ) + 3600 RRSIG DNSKEY 7 3 3600 20101023110536 ( + 20101021110536 34493 sub.example.net. + GLVb5YgQWtP2bHWBihGhCymm9P7pjDdN9s0c + 9nK6Pi8OWoa2uK7k/ebVXDNc/yBI/hp5Xsxs + x332lhi8AdMW3Q== ) + 3600 RRSIG DNSKEY 10 3 3600 20101023110536 ( + 20101021110536 7987 sub.example.net. + UwnLE8FmOtd0DbTXzv9QJZigJThWAw29ov6N + HnSI4cO4pyFRjiGee7+/u4DfKFUkzQp2ySIW + +jhGsF/b2TEpLyLSwY/r8iDhO0GkaU5t/tzr + wCX7HCmr6VAJaPpZhf/xLEh7pbB60jQmiHXy + 4tEfQtpkPx6ncQ95lcoN2ia43Ow= ) + 3600 RRSIG DNSKEY 10 3 3600 20101023110536 ( + 20101021110536 33176 sub.example.net. + HclPEAN+ii66jqPzYE4hbSnUNg1/xFfM0R/a + iVh40da5Wre0GzzfYouOdJegJoyDGsz+xEzN + g+RiUYFDg2cK9Y7HqX3T3nEtMMavRbb+4q93 + PRk0kZ9H/xjSqK+qTipCMz6IubOXZjzvK+sB + VOxv3uzhmR8WmKoVraB5uDeK+vA= ) + 0 NSEC3PARAM 1 0 10 75DE06 + 0 RRSIG NSEC3PARAM 7 3 0 20101023110536 ( + 20101021110536 34493 sub.example.net. + hPzjAlPJldxukEVzgVKHbJdGI/0M5JhvfOu5 + +s5+5mst1tp6goSpOxdyklpBSC4eJmPFQk2A + gWenAJCHr6s5NQ== ) + 0 RRSIG NSEC3PARAM 10 3 0 20101023110536 ( + 20101021110536 7987 sub.example.net. + hEjMFl/Znyvr73gN4fAvWHsy2Sxlga8L6xu+ + IffQTRiA0itHseM2G4TfAZju7g9HmFxSsCZO + EKdn3WwsyxBD0mfaBdHSaNrQu6EttiMyoMVu + WhiitsOAXB1iHRzE21jfZJpQSFBHPiNMCz1F + cQoRlBqYUWeyRMJN+wEHthuSpl0= ) +a.sub.example.net. 7200 IN A 1.2.3.4 + 7200 RRSIG A 7 4 7200 20101023110536 ( + 20101021110536 34493 sub.example.net. + oGoHPU1IgTXwKhHef6Dsq7X2r1eRbSK+8fsD + zPGfmYo4BMKBrTPiKvTapulXIWxNslLbJhoq + Mx3prAl4n0JbBw== ) + 7200 RRSIG A 10 4 7200 20101023110536 ( + 20101021110536 7987 sub.example.net. + ePqwuNrBwH2rkAFoHR1nHCIc9Daz/Hsze5R0 + x9p2GXujziIuvLPz9G7DpytY+pDpJr9m0djG + J1jcceazK11q53FN9gby2Tv39hEoyaySEoiy + cv1ArJaeppfeUgJmBp6GsHznz6amGXG0vig3 + 4I6tdWpwfbl+rnOUDAf5AIxUHEE= ) +b.sub.example.net. 7200 IN A 1.2.3.5 + 7200 RRSIG A 7 4 7200 20101023110536 ( + 20101021110536 34493 sub.example.net. + X2X5/rztMhu0Es2A7dsENoAf/sCTahSa6cPL + M4j/r9ofiV+tQDn8cnfnrArA5d9/wND+5Iv+ + /O1GOzwOhzhLHg== ) + 7200 RRSIG A 10 4 7200 20101023110536 ( + 20101021110536 7987 sub.example.net. + TxLKcfmsmHovdKvzgmqTOI5x1ve4VrLNxXnv + 0cBflqfHTTVH6glO1nsC9q15wI4xt3INq6fp + /+CRhIASy63i1UA5PPQ4UgxcgOTEuSgu51XJ + SVvxBatjzTVPWO5K+bNJRz9O7sDbFbKLuSIv + 94ZmQIpBERh5pLglmYESwcCwv/U= ) +c.sub.example.net. 7200 IN A 1.2.3.6 + 7200 RRSIG A 7 4 7200 20101023110536 ( + 20101021110536 34493 sub.example.net. + S1BC7yaofioxw9W6lH5EXOjGrj0nSCdbnwcX + orVRkaWq4Ic8rDsvmlL70UMLUwwUKv7cmUEH + 61KhLHI6L7bk0Q== ) + 7200 RRSIG A 10 4 7200 20101023110536 ( + 20101021110536 7987 sub.example.net. + NRiWhJ8oTAyyJUiJI9bBWDG/OzF0dQ6WqBES + pJq5LyN10EeHSX96xcgPHMdGw9VGqep1e9G4 + B+sYfmcsET7LdUNncyKS8Plvs/9rO7QW2lfE + S0gnoCmLe8PK8Z33Bh8k/tXjJjB5GpYCwXnn + WnBuKZk6KL6yr/BRz7SpmYYn7zY= ) +localhost.sub.example.net. 7200 IN A 127.0.0.1 + 7200 RRSIG A 7 4 7200 20101023110536 ( + 20101021110536 34493 sub.example.net. + jYhG4Tp8AxSnwl9bFIzNcLHj+MMi2QY8cW+U + Mbw2++3fDsDyrzV9qOAkemUTeTw+wX/z7Iu8 + wtPCTzy6oKPZew== ) + 7200 RRSIG A 10 4 7200 20101023110536 ( + 20101021110536 7987 sub.example.net. + F03HIz1yPabXrvyaByqN6tvGCThqI/FVZXl1 + l5oSJJ4gGE9wjtbgSbyMnQQ09Vp/FxZD5nk0 + zWYJXSyJCi1eWD3CV1xp6zbl2Z5jh6X70qpq + Z8mAj+tt8gFrlvR49doEnIKtz7Nupmk8VM0Q + ir091k0On6d6xkAaG2DdB6Cd8IY= ) +E23J36747M9QAHTBMRSQ0EHB5D8JF31O.sub.example.net. 7200 IN NSEC3 1 0 10 75DE06 GMMG72L8KNTF7A2QLCMLH1I5RG5V8RKK A RRSIG + 7200 RRSIG NSEC3 7 4 7200 20101023110536 ( + 20101021110536 34493 sub.example.net. + YnvMl6XcqOZq4T/nz688NADoYegQu6Ct1+wU + Abx5vuVLb5CkwK6cGTPazni2xZnNTiXiIi87 + dzLHGQTaup4xxg== ) + 7200 RRSIG NSEC3 10 4 7200 20101023110536 ( + 20101021110536 7987 sub.example.net. + P/8DdSZU4Ag3ibdsalE+FBDa7+a0W4R/jB5a + pqvmkox4fZB20k8MrMxn8hbHJOxFD4FAdOrm + Bc+ut45HYx4c0wE3WekmuBIkS5gWWGsvCqji + hquZMORyZjT9Tk/VezHXuJ9jMA4vCuPbqTsX + Y2liJS0Vzrr6rssF5Mz36OQrG/w= ) +GMMG72L8KNTF7A2QLCMLH1I5RG5V8RKK.sub.example.net. 7200 IN NSEC3 1 0 10 75DE06 H856ATS51TP5R6A4PJ4H623HBD22MMP8 A RRSIG + 7200 RRSIG NSEC3 7 4 7200 20101023110536 ( + 20101021110536 34493 sub.example.net. + IHxHqJw0w0yzAdM9Dc0wdH9t9vdqXO9Xxx7/ + CSyL+852/nuflS/a/+AwDyZhuMwqKR021/Jm + 0E2bTZvH8qNuGA== ) + 7200 RRSIG NSEC3 10 4 7200 20101023110536 ( + 20101021110536 7987 sub.example.net. + VssB9MTMT6Meh7pVOF0aWcpx6PLRR7z97Jf4 + LeWFPhw3w5BTWff4BL45omopYaMCDamqirYa + zmhlKyqE7qEtGop8fUiNmFdK5+cPhhGGVbhV + B+k7ZWC5H9fwI61owUG2btP+oLaOgJejXLqr + 27EnZ8aE2bmGdYcN1Ji8QtRWaXQ= ) +H856ATS51TP5R6A4PJ4H623HBD22MMP8.sub.example.net. 7200 IN NSEC3 1 0 10 75DE06 T9JU0DUS5QPJR2HUCAOK4CTRF8OFCVCJ A RRSIG + 7200 RRSIG NSEC3 7 4 7200 20101023110536 ( + 20101021110536 34493 sub.example.net. + LKo4fE/ql/oQCkZeNxNcT6o/201bdnpEvreO + EcOTjUGfGiJ5KCUH4dSz8aQFdVwBfJEmA0v1 + NpjbLSeDJ2ArNg== ) + 7200 RRSIG NSEC3 10 4 7200 20101023110536 ( + 20101021110536 7987 sub.example.net. + ePRVEMqfub0TQ7NciAg+PXzIBa2CJ8226mqn + wuSymuImvb5TJ6uwNX1b17WJ3XrXxE/mBbZ6 + LqpU3KNEsi0hb3mx9atSy9d3/oAi/A1QeC78 + y/LxyyYoIgoBrnQ6AF7zsqX1SWz+DjFl8E58 + uaZnYfL0q6RbGZ5cJxu1bhPw1Vo= ) +T9JU0DUS5QPJR2HUCAOK4CTRF8OFCVCJ.sub.example.net. 7200 IN NSEC3 1 0 10 75DE06 V5QI8VK5I93U0UCL19L7B0SU5SVTJQS7 NS SOA RRSIG DNSKEY NSEC3PARAM + 7200 RRSIG NSEC3 7 4 7200 20101023110536 ( + 20101021110536 34493 sub.example.net. + BZ8wR07wrdenmmNFWKhMGckWQwZlfVuZhULf + 4VZfWLo+8NFhDk6MjdVV3QrpEsF5XhR8r+0V + ZxU2ZsHWpcYbsw== ) + 7200 RRSIG NSEC3 10 4 7200 20101023110536 ( + 20101021110536 7987 sub.example.net. + TnOhLkcIl30DqXTbGMarRvLPfGbv/HHBG44E + 07Gpcq2M/+nbPW8A35sHsaalTi7Jdr870mk8 + XvvgUzoLlm200ssnGX+PAfzz7MyISqO2XBaa + k54+2A3V20Aecgk0sjkG8uS1vIcWmXqXUxcp + JpkNIio9S/WjTX85sVo+ug3qDYQ= ) +V5QI8VK5I93U0UCL19L7B0SU5SVTJQS7.sub.example.net. 7200 IN NSEC3 1 0 10 75DE06 E23J36747M9QAHTBMRSQ0EHB5D8JF31O A RRSIG + 7200 RRSIG NSEC3 7 4 7200 20101023110536 ( + 20101021110536 34493 sub.example.net. + VDvPAecgBeCvTDTaE7zA4TQR5jgOBTmygaWd + GyxEI9uOCXAocdMjrfNq+c/SIymog6CYXCcT + hbdOetaD3duYJw== ) + 7200 RRSIG NSEC3 10 4 7200 20101023110536 ( + 20101021110536 7987 sub.example.net. + BuJnVwod8SlcTwNnb8RPmhPDsycpRpmD69BZ + 778M9p3BvHkYyr8xbWP8+OmhO880V3dRdpqx + Hq0tyvarF8SVN8J7jMCZ1W9V2NxiLp50S/rN + sDkl9l4LzSClgELSeNTFdyA/22asyYZ5XO6N + t/f5BtsYe9W80n87cnAOmbAUIgg= ) diff --git a/contrib/zkt-1.1.2/examples/flat/zkt-ls b/contrib/zkt-1.1.2/examples/flat/zkt-ls new file mode 120000 index 0000000000..c513980564 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/zkt-ls @@ -0,0 +1 @@ +../zkt-ls.sh \ No newline at end of file diff --git a/contrib/zkt-1.1.2/examples/flat/zkt-signer b/contrib/zkt-1.1.2/examples/flat/zkt-signer new file mode 120000 index 0000000000..b5f367de78 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/zkt-signer @@ -0,0 +1 @@ +../zkt-signer.sh \ No newline at end of file diff --git a/contrib/zkt-1.1.2/examples/flat/zkt.log b/contrib/zkt-1.1.2/examples/flat/zkt.log new file mode 100644 index 0000000000..c9d749c876 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/zkt.log @@ -0,0 +1,423 @@ +2010-02-07 13:53:47.881: notice: ------------------------------------------------------------ +2010-02-07 13:53:47.881: notice: running ../../zkt-signer -v -v +2010-02-07 13:53:47.883: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-02-07 13:53:48.304: debug: +2010-02-07 13:53:48.304: debug: parsing zone "example.net." in dir "./example.net" +2010-02-07 13:53:48.305: debug: +2010-02-07 13:53:48.305: notice: end of run: 0 errors occured +2010-02-07 13:54:03.463: notice: ------------------------------------------------------------ +2010-02-07 13:54:03.464: notice: running ../../zkt-signer -r -v -v +2010-02-07 13:54:03.465: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-02-07 13:54:03.466: debug: +2010-02-07 13:54:03.466: debug: parsing zone "example.net." in dir "./example.net" +2010-02-07 13:54:03.466: debug: +2010-02-07 13:54:03.466: notice: end of run: 0 errors occured +2010-02-07 13:54:07.953: notice: ------------------------------------------------------------ +2010-02-07 13:54:07.953: notice: running ../../zkt-signer -f -r -v -v +2010-02-07 13:54:07.955: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-02-07 13:54:08.019: debug: +2010-02-07 13:54:08.019: debug: parsing zone "example.net." in dir "./example.net" +2010-02-07 13:54:08.139: debug: +2010-02-07 13:54:08.139: notice: end of run: 0 errors occured +2010-02-07 14:06:27.666: notice: ------------------------------------------------------------ +2010-02-07 14:06:27.666: notice: running ../../zkt-signer -r -v -v +2010-02-07 14:06:27.668: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-02-07 14:06:27.670: debug: +2010-02-07 14:06:27.670: debug: parsing zone "example.net." in dir "./example.net" +2010-02-07 14:06:27.671: debug: +2010-02-07 14:06:27.671: notice: end of run: 0 errors occured +2010-02-07 14:06:33.711: notice: ------------------------------------------------------------ +2010-02-07 14:06:33.711: notice: running ../../zkt-signer -f -r -v -v +2010-02-07 14:06:33.713: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-02-07 14:06:33.753: debug: +2010-02-07 14:06:33.753: debug: parsing zone "example.net." in dir "./example.net" +2010-02-07 14:06:33.797: debug: +2010-02-07 14:06:33.797: notice: end of run: 0 errors occured +2010-02-07 14:07:49.243: notice: ------------------------------------------------------------ +2010-02-07 14:07:49.243: notice: running ../../zkt-signer -d -r -v -v +2010-02-07 14:07:49.245: debug: parsing zone "dyn.example.net." in dir "./dyn.example.net" +2010-02-07 14:07:49.832: debug: +2010-02-07 14:07:49.832: notice: end of run: 1 error occured +2010-02-07 14:09:41.710: notice: ------------------------------------------------------------ +2010-02-07 14:09:41.710: notice: running ../../zkt-signer -d -r -v -v +2010-02-07 14:09:41.712: debug: parsing zone "dyn.example.net." in dir "./dyn.example.net" +2010-02-07 14:09:41.799: debug: +2010-02-07 14:09:41.799: notice: end of run: 1 error occured +2010-02-07 14:10:24.426: notice: ------------------------------------------------------------ +2010-02-07 14:10:24.427: notice: running ../../zkt-signer -d -v -v +2010-02-07 14:10:24.429: debug: parsing zone "dyn.example.net." in dir "./dyn.example.net" +2010-02-07 14:10:24.429: debug: +2010-02-07 14:10:24.429: notice: end of run: 0 errors occured +2010-02-07 14:11:00.715: notice: ------------------------------------------------------------ +2010-02-07 14:11:00.715: notice: running ../../zkt-signer -f -d -v -v +2010-02-07 14:11:00.717: debug: parsing zone "dyn.example.net." in dir "./dyn.example.net" +2010-02-07 14:11:00.803: debug: +2010-02-07 14:11:00.803: notice: end of run: 1 error occured +2010-02-07 15:11:02.629: notice: ------------------------------------------------------------ +2010-02-07 15:11:02.629: notice: running ../../zkt-signer -f -d -v -v +2010-02-07 15:11:02.630: debug: parsing zone "dyn.example.net." in dir "./dyn.example.net" +2010-02-07 15:11:03.799: debug: +2010-02-07 15:11:03.799: notice: end of run: 1 error occured +2010-02-07 15:15:02.094: notice: ------------------------------------------------------------ +2010-02-07 15:15:02.094: notice: running ../../zkt-signer -f -d -v -v +2010-02-07 15:15:02.095: debug: parsing zone "dyn.example.net." in dir "./dyn.example.net" +2010-02-07 15:15:02.270: debug: +2010-02-07 15:15:02.270: notice: end of run: 0 errors occured +2010-02-07 15:32:48.955: notice: ------------------------------------------------------------ +2010-02-07 15:32:48.955: notice: running ../../zkt-signer -f -d -v -v +2010-02-07 15:32:48.957: debug: parsing zone "dyn.example.net." in dir "./dyn.example.net" +2010-02-07 15:32:49.007: debug: +2010-02-07 15:32:49.007: notice: end of run: 0 errors occured +2010-02-07 15:38:31.400: notice: ------------------------------------------------------------ +2010-02-07 15:38:31.400: notice: running ../../zkt-signer -f -d -v -v +2010-02-07 15:38:31.402: debug: parsing zone "dyn.example.net." in dir "./dyn.example.net" +2010-02-07 15:38:31.456: debug: +2010-02-07 15:38:31.456: notice: end of run: 0 errors occured +2010-02-21 12:50:43.100: notice: ------------------------------------------------------------ +2010-02-21 12:50:43.100: notice: running ../../zkt-signer +2010-02-21 12:50:43.176: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-02-21 12:50:43.586: debug: +2010-02-21 12:50:43.586: debug: parsing zone "example.net." in dir "./example.net" +2010-02-21 12:50:43.733: debug: +2010-02-21 12:50:43.733: notice: end of run: 0 errors occured +2010-02-21 12:50:51.156: notice: ------------------------------------------------------------ +2010-02-21 12:50:51.156: notice: running ../../zkt-signer -v -v +2010-02-21 12:50:51.158: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-02-21 12:50:51.205: debug: +2010-02-21 12:50:51.205: debug: parsing zone "example.net." in dir "./example.net" +2010-02-21 12:50:51.205: debug: +2010-02-21 12:50:51.205: notice: end of run: 0 errors occured +2010-02-21 12:51:23.495: notice: ------------------------------------------------------------ +2010-02-21 12:51:23.495: notice: running ../../zkt-signer -v -v +2010-02-21 12:51:23.497: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-02-21 12:51:23.497: debug: +2010-02-21 12:51:23.497: debug: parsing zone "example.net." in dir "./example.net" +2010-02-21 12:51:23.497: debug: +2010-02-21 12:51:23.497: notice: end of run: 0 errors occured +2010-02-21 19:16:18.383: notice: ------------------------------------------------------------ +2010-02-21 19:16:18.383: notice: running ../../zkt-signer -v -v +2010-02-21 19:16:18.384: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-02-21 19:16:18.593: debug: +2010-02-21 19:16:18.594: debug: parsing zone "example.net." in dir "./example.net" +2010-02-21 19:16:18.594: debug: +2010-02-21 19:16:18.594: notice: end of run: 0 errors occured +2010-02-21 19:16:23.964: notice: ------------------------------------------------------------ +2010-02-21 19:16:23.964: notice: running ../../zkt-signer -d -v -v +2010-02-21 19:16:24.018: debug: parsing zone "dyn.example.net." in dir "./dyn.example.net" +2010-02-21 19:16:24.440: debug: +2010-02-21 19:16:24.440: notice: end of run: 0 errors occured +2010-02-21 19:32:05.895: notice: ------------------------------------------------------------ +2010-02-21 19:32:05.895: notice: running ../../zkt-signer -d -v -v +2010-02-21 19:32:05.896: debug: parsing zone "dyn.example.net." in dir "./dyn.example.net" +2010-02-21 19:32:05.897: debug: +2010-02-21 19:32:05.897: notice: end of run: 0 errors occured +2010-02-21 19:32:11.376: notice: ------------------------------------------------------------ +2010-02-21 19:32:11.376: notice: running ../../zkt-signer -v -v +2010-02-21 19:32:11.378: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-02-21 19:32:11.378: debug: +2010-02-21 19:32:11.378: debug: parsing zone "example.net." in dir "./example.net" +2010-02-21 19:32:11.378: debug: +2010-02-21 19:32:11.378: notice: end of run: 0 errors occured +2010-02-21 19:32:15.928: notice: ------------------------------------------------------------ +2010-02-21 19:32:15.928: notice: running ../../zkt-signer -f -v -v +2010-02-21 19:32:15.930: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-02-21 19:32:15.982: debug: +2010-02-21 19:32:15.982: debug: parsing zone "example.net." in dir "./example.net" +2010-02-21 19:32:16.019: debug: +2010-02-21 19:32:16.019: notice: end of run: 0 errors occured +2010-02-21 19:32:32.201: notice: ------------------------------------------------------------ +2010-02-21 19:32:32.201: notice: running ../../zkt-signer -f -v -v +2010-02-21 19:32:32.202: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-02-21 19:32:32.232: debug: +2010-02-21 19:32:32.232: debug: parsing zone "example.net." in dir "./example.net" +2010-02-21 19:32:32.273: debug: +2010-02-21 19:32:32.273: notice: end of run: 0 errors occured +2010-02-21 19:32:37.105: notice: ------------------------------------------------------------ +2010-02-21 19:32:37.105: notice: running ../../zkt-signer -d -f -v -v +2010-02-21 19:32:37.107: debug: parsing zone "dyn.example.net." in dir "./dyn.example.net" +2010-02-21 19:32:37.156: debug: +2010-02-21 19:32:37.156: notice: end of run: 0 errors occured +2010-02-21 19:43:15.017: notice: ------------------------------------------------------------ +2010-02-21 19:43:15.017: notice: running ../../zkt-signer -d -v -v +2010-02-21 19:43:15.018: debug: parsing zone "dyn.example.net." in dir "./dyn.example.net" +2010-02-21 19:43:15.387: debug: +2010-02-21 19:43:15.387: notice: end of run: 1 error occured +2010-02-21 19:45:36.413: notice: ------------------------------------------------------------ +2010-02-21 19:45:36.413: notice: running ../../zkt-signer -d -v -v +2010-02-21 19:45:36.415: debug: parsing zone "dyn.example.net." in dir "./dyn.example.net" +2010-02-21 19:45:36.416: debug: +2010-02-21 19:45:36.416: notice: end of run: 0 errors occured +2010-02-21 19:45:41.446: notice: ------------------------------------------------------------ +2010-02-21 19:45:41.446: notice: running ../../zkt-signer -f -d -v -v +2010-02-21 19:45:41.448: debug: parsing zone "dyn.example.net." in dir "./dyn.example.net" +2010-02-21 19:45:41.482: debug: +2010-02-21 19:45:41.482: notice: end of run: 1 error occured +2010-02-21 19:47:06.897: notice: ------------------------------------------------------------ +2010-02-21 19:47:06.897: notice: running ../../zkt-signer -f -d -v -v +2010-02-21 19:47:06.899: debug: parsing zone "dyn.example.net." in dir "./dyn.example.net" +2010-02-21 19:47:06.935: debug: +2010-02-21 19:47:06.935: notice: end of run: 1 error occured +2010-02-21 19:58:40.971: notice: ------------------------------------------------------------ +2010-02-21 19:58:40.971: notice: running ../../zkt-signer -f -d -v -v +2010-02-21 19:58:40.972: debug: parsing zone "dyn.example.net." in dir "./dyn.example.net" +2010-02-21 19:58:41.008: debug: +2010-02-21 19:58:41.008: notice: end of run: 1 error occured +2010-02-21 20:00:48.831: notice: ------------------------------------------------------------ +2010-02-21 20:00:48.831: notice: running ../../zkt-signer -f -d -v -v +2010-02-21 20:00:48.832: debug: parsing zone "dyn.example.net." in dir "./dyn.example.net" +2010-02-21 20:00:48.884: debug: +2010-02-21 20:00:48.884: notice: end of run: 0 errors occured +2010-02-21 20:01:11.175: notice: ------------------------------------------------------------ +2010-02-21 20:01:11.175: notice: running ../../zkt-signer -f -d -v -v +2010-02-21 20:01:11.175: debug: parsing zone "dyn.example.net." in dir "./dyn.example.net" +2010-02-21 20:01:11.208: debug: +2010-02-21 20:01:11.208: notice: end of run: 0 errors occured +2010-02-21 20:01:17.174: notice: ------------------------------------------------------------ +2010-02-21 20:01:17.174: notice: running ../../zkt-signer -d -v -v +2010-02-21 20:01:17.175: debug: parsing zone "dyn.example.net." in dir "./dyn.example.net" +2010-02-21 20:01:17.176: debug: +2010-02-21 20:01:17.176: notice: end of run: 0 errors occured +2010-02-25 00:12:26.362: notice: ------------------------------------------------------------ +2010-02-25 00:12:26.362: notice: running ../../zkt-signer -v -v +2010-02-25 00:12:26.442: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-02-25 00:12:27.060: debug: +2010-02-25 00:12:27.060: debug: parsing zone "example.net." in dir "./example.net" +2010-02-25 00:12:27.177: debug: +2010-02-25 00:12:27.177: notice: end of run: 0 errors occured +2010-02-25 23:42:20.621: notice: ------------------------------------------------------------ +2010-02-25 23:42:20.621: notice: running ../../zkt-signer -v -v +2010-02-25 23:42:20.653: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-02-25 23:42:21.012: debug: +2010-02-25 23:42:21.013: debug: parsing zone "example.net." in dir "./example.net" +2010-02-25 23:42:21.021: debug: +2010-02-25 23:42:21.021: notice: end of run: 0 errors occured +2010-02-25 23:42:29.324: notice: ------------------------------------------------------------ +2010-02-25 23:42:29.324: notice: running ../../zkt-signer -d -v -v +2010-02-25 23:42:29.326: debug: parsing zone "dyn.example.net." in dir "./dyn.example.net" +2010-02-25 23:42:29.497: debug: +2010-02-25 23:42:29.497: notice: end of run: 0 errors occured +2010-03-02 10:59:11.813: notice: ------------------------------------------------------------ +2010-03-02 10:59:11.813: notice: running ../../zkt-signer -v -v +2010-03-02 10:59:11.845: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-03-02 10:59:12.416: debug: +2010-03-02 10:59:12.416: debug: parsing zone "example.net." in dir "./example.net" +2010-03-02 10:59:12.531: debug: +2010-03-02 10:59:12.531: notice: end of run: 0 errors occured +2010-03-02 10:59:46.768: notice: ------------------------------------------------------------ +2010-03-02 10:59:46.768: notice: running ../../zkt-signer -d -v -v +2010-03-02 10:59:46.769: debug: parsing zone "dyn.example.net." in dir "./dyn.example.net" +2010-03-02 10:59:46.995: debug: +2010-03-02 10:59:46.995: notice: end of run: 0 errors occured +2010-03-03 23:22:00.105: notice: ------------------------------------------------------------ +2010-03-03 23:22:00.105: notice: running ../../zkt-signer -v -v +2010-03-03 23:22:00.127: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-03-03 23:22:00.415: debug: +2010-03-03 23:22:00.415: debug: parsing zone "example.net." in dir "./example.net" +2010-03-03 23:22:00.416: debug: +2010-03-03 23:22:00.416: notice: end of run: 0 errors occured +2010-03-08 23:11:49.633: notice: ------------------------------------------------------------ +2010-03-08 23:11:49.633: notice: running ../../zkt-signer -v -v -N named.conf +2010-03-08 23:11:49.663: debug: parsing zone "sub.example.net." in dir "././sub.example.net" +2010-03-08 23:11:50.170: debug: +2010-03-08 23:11:50.170: debug: parsing zone "example.net." in dir "././example.net" +2010-03-08 23:11:50.295: debug: +2010-03-08 23:11:50.295: notice: end of run: 0 errors occured +2010-03-08 23:12:56.211: notice: ------------------------------------------------------------ +2010-03-08 23:12:56.211: notice: running ../../zkt-signer -v -v -N named.conf +2010-03-08 23:12:56.212: debug: parsing zone "example.net." in dir "././example.net" +2010-03-08 23:12:56.279: debug: +2010-03-08 23:12:56.279: notice: end of run: 0 errors occured +2010-03-08 23:13:36.982: notice: ------------------------------------------------------------ +2010-03-08 23:13:36.983: notice: running ../../zkt-signer -v -v -N named.conf +2010-03-08 23:13:36.984: debug: parsing zone "example.net." in dir "././example.net" +2010-03-08 23:13:36.985: debug: +2010-03-08 23:13:36.985: notice: end of run: 0 errors occured +2010-03-08 23:18:52.241: notice: ------------------------------------------------------------ +2010-03-08 23:18:52.241: notice: running ../../zkt-signer -v -v -N named.conf +2010-03-08 23:18:52.243: debug: parsing zone "sub.example.net." in dir "././sub.example.net" +2010-03-08 23:18:52.287: debug: +2010-03-08 23:18:52.287: debug: parsing zone "example.net." in dir "././example.net" +2010-03-08 23:18:52.287: debug: +2010-03-08 23:18:52.287: notice: end of run: 0 errors occured +2010-03-11 23:46:35.453: notice: ------------------------------------------------------------ +2010-03-11 23:46:35.453: notice: running ../../zkt-signer -v -v +2010-03-11 23:46:35.497: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-03-11 23:46:35.831: debug: +2010-03-11 23:46:35.831: debug: parsing zone "example.net." in dir "./example.net" +2010-03-11 23:46:35.929: debug: +2010-03-11 23:46:35.930: notice: end of run: 0 errors occured +2010-03-11 23:52:33.130: notice: ------------------------------------------------------------ +2010-03-11 23:52:33.130: notice: running ../../zkt-signer -v -v +2010-03-11 23:52:33.132: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-03-11 23:52:33.132: debug: +2010-03-11 23:52:33.132: debug: parsing zone "example.net." in dir "./example.net" +2010-03-11 23:52:33.408: debug: +2010-03-11 23:52:33.408: notice: end of run: 1 error occured +2010-03-11 23:53:27.802: notice: ------------------------------------------------------------ +2010-03-11 23:53:27.802: notice: running ../../zkt-signer -v -v +2010-03-11 23:53:27.804: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-03-11 23:53:27.856: debug: +2010-03-11 23:53:27.856: debug: parsing zone "example.net." in dir "./example.net" +2010-03-11 23:53:27.920: debug: +2010-03-11 23:53:27.920: notice: end of run: 0 errors occured +2010-07-05 08:15:23.500: notice: ------------------------------------------------------------ +2010-07-05 08:15:23.500: notice: running ../../zkt-signer +2010-07-05 08:15:23.502: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-07-05 08:15:24.179: debug: +2010-07-05 08:15:24.179: debug: parsing zone "example.net." in dir "./example.net" +2010-07-05 08:15:24.316: debug: +2010-07-05 08:15:24.316: notice: end of run: 0 errors occured +2010-07-05 08:15:28.171: notice: ------------------------------------------------------------ +2010-07-05 08:15:28.171: notice: running ../../zkt-signer -v -v +2010-07-05 08:15:28.173: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-07-05 08:15:28.173: debug: +2010-07-05 08:15:28.174: debug: parsing zone "example.net." in dir "./example.net" +2010-07-05 08:15:28.174: debug: +2010-07-05 08:15:28.174: notice: end of run: 0 errors occured +2010-07-05 08:15:58.498: notice: ------------------------------------------------------------ +2010-07-05 08:15:58.498: notice: running ../../zkt-signer -v -v +2010-07-05 08:15:58.501: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-07-05 08:15:58.502: debug: +2010-07-05 08:15:58.502: debug: parsing zone "example.net." in dir "./example.net" +2010-07-05 08:15:58.503: debug: +2010-07-05 08:15:58.504: notice: end of run: 0 errors occured +2010-07-05 08:16:04.892: notice: ------------------------------------------------------------ +2010-07-05 08:16:04.892: notice: running ../../zkt-signer -f -v -v +2010-07-05 08:16:04.894: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-07-05 08:16:04.937: debug: +2010-07-05 08:16:04.937: debug: parsing zone "example.net." in dir "./example.net" +2010-07-05 08:16:04.993: debug: +2010-07-05 08:16:04.993: notice: end of run: 0 errors occured +2010-07-05 08:16:33.557: notice: ------------------------------------------------------------ +2010-07-05 08:16:33.557: notice: running ../../zkt-signer -f -v -v +2010-07-05 08:16:33.559: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-07-05 08:16:33.604: debug: +2010-07-05 08:16:33.604: debug: parsing zone "example.net." in dir "./example.net" +2010-07-05 08:16:33.648: debug: +2010-07-05 08:16:33.648: notice: end of run: 0 errors occured +2010-07-30 01:30:54.873: notice: ------------------------------------------------------------ +2010-07-30 01:30:54.873: notice: running ../../zkt-signer -v -v +2010-07-30 01:30:54.879: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-07-30 01:30:55.411: debug: +2010-07-30 01:30:55.411: debug: parsing zone "example.net." in dir "./example.net" +2010-07-30 01:30:55.563: debug: +2010-07-30 01:30:55.563: notice: end of run: 0 errors occured +2010-08-26 22:52:09.066: notice: ------------------------------------------------------------ +2010-08-26 22:52:09.066: notice: running ../../zkt-signer -v -v +2010-08-26 22:52:09.092: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-08-26 22:52:09.538: debug: +2010-08-26 22:52:09.539: debug: parsing zone "example.net." in dir "./example.net" +2010-08-26 22:52:09.704: debug: +2010-08-26 22:52:09.704: notice: end of run: 0 errors occured +2010-08-26 22:56:02.935: notice: ------------------------------------------------------------ +2010-08-26 22:56:02.935: notice: running ../../zkt-signer -v -v +2010-08-26 22:56:02.937: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-08-26 22:56:02.938: debug: +2010-08-26 22:56:02.938: debug: parsing zone "example.net." in dir "./example.net" +2010-08-26 22:56:02.938: debug: +2010-08-26 22:56:02.938: notice: end of run: 0 errors occured +2010-08-26 23:06:00.453: notice: ------------------------------------------------------------ +2010-08-26 23:06:00.453: notice: running ../../zkt-signer -v -v +2010-08-26 23:06:00.456: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-08-26 23:06:00.593: debug: +2010-08-26 23:06:00.593: debug: parsing zone "example.net." in dir "./example.net" +2010-08-26 23:06:00.672: debug: +2010-08-26 23:06:00.672: notice: end of run: 0 errors occured +2010-08-26 23:11:33.804: notice: ------------------------------------------------------------ +2010-08-26 23:11:33.805: notice: running ../../zkt-signer -v -v +2010-08-26 23:11:33.807: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-08-26 23:11:33.808: debug: +2010-08-26 23:11:33.808: debug: parsing zone "example.net." in dir "./example.net" +2010-08-26 23:11:33.809: debug: +2010-08-26 23:11:33.809: notice: end of run: 0 errors occured +2010-08-26 23:12:51.008: notice: ------------------------------------------------------------ +2010-08-26 23:12:51.008: notice: running ../../zkt-signer -v -v +2010-08-26 23:12:51.010: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-08-26 23:12:51.011: debug: +2010-08-26 23:12:51.012: debug: parsing zone "example.net." in dir "./example.net" +2010-08-26 23:12:51.012: debug: +2010-08-26 23:12:51.012: notice: end of run: 0 errors occured +2010-08-26 23:23:47.879: notice: ------------------------------------------------------------ +2010-08-26 23:23:47.880: notice: running ../../zkt-signer -v -v +2010-08-26 23:23:47.886: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-08-26 23:23:47.886: debug: +2010-08-26 23:23:47.886: debug: parsing zone "example.net." in dir "./example.net" +2010-08-26 23:23:47.886: debug: +2010-08-26 23:23:47.886: notice: end of run: 0 errors occured +2010-08-26 23:50:15.720: notice: ------------------------------------------------------------ +2010-08-26 23:50:15.720: notice: running ../../zkt-signer -v -v +2010-08-26 23:50:15.722: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-08-26 23:50:15.724: debug: +2010-08-26 23:50:15.724: debug: parsing zone "example.net." in dir "./example.net" +2010-08-26 23:50:15.725: debug: +2010-08-26 23:50:15.725: notice: end of run: 0 errors occured +2010-08-26 23:50:55.121: notice: ------------------------------------------------------------ +2010-08-26 23:50:55.121: notice: running ../../zkt-signer -v -v +2010-08-26 23:50:55.123: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-08-26 23:50:55.124: debug: +2010-08-26 23:50:55.124: debug: parsing zone "example.net." in dir "./example.net" +2010-08-26 23:50:55.124: debug: +2010-08-26 23:50:55.124: notice: end of run: 0 errors occured +2010-08-26 23:51:46.603: notice: ------------------------------------------------------------ +2010-08-26 23:51:46.604: notice: running ../../zkt-signer -v -v +2010-08-26 23:51:46.606: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-08-26 23:51:46.719: debug: +2010-08-26 23:51:46.719: debug: parsing zone "example.net." in dir "./example.net" +2010-08-26 23:51:46.719: debug: +2010-08-26 23:51:46.719: notice: end of run: 0 errors occured +2010-08-26 23:54:22.818: notice: ------------------------------------------------------------ +2010-08-26 23:54:22.819: notice: running ../../zkt-signer -v -v +2010-08-26 23:54:22.821: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-08-26 23:54:22.823: debug: +2010-08-26 23:54:22.823: debug: parsing zone "example.net." in dir "./example.net" +2010-08-26 23:54:22.825: debug: +2010-08-26 23:54:22.825: notice: end of run: 0 errors occured +2010-08-26 23:55:00.013: notice: ------------------------------------------------------------ +2010-08-26 23:55:00.013: notice: running ../../zkt-signer -v -v +2010-08-26 23:55:00.017: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-08-26 23:55:00.018: debug: +2010-08-26 23:55:00.018: debug: parsing zone "example.net." in dir "./example.net" +2010-08-26 23:55:00.169: debug: +2010-08-26 23:55:00.169: notice: end of run: 0 errors occured +2010-08-26 23:56:17.462: notice: ------------------------------------------------------------ +2010-08-26 23:56:17.462: notice: running ../../zkt-signer -v -v +2010-08-26 23:56:17.464: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-08-26 23:56:17.465: debug: +2010-08-26 23:56:17.465: debug: parsing zone "example.net." in dir "./example.net" +2010-08-26 23:56:17.531: debug: +2010-08-26 23:56:17.531: notice: end of run: 0 errors occured +2010-08-26 23:57:00.176: notice: ------------------------------------------------------------ +2010-08-26 23:57:00.176: notice: running ../../zkt-signer -v -v +2010-08-26 23:57:00.178: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-08-26 23:57:00.178: debug: +2010-08-26 23:57:00.178: debug: parsing zone "example.net." in dir "./example.net" +2010-08-26 23:57:00.179: debug: +2010-08-26 23:57:00.179: notice: end of run: 0 errors occured +2010-10-21 14:01:35.484: notice: ------------------------------------------------------------ +2010-10-21 14:01:35.484: notice: running zkt-signer -c dnssec.conf -D . +2010-10-21 14:01:35.486: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-10-21 14:01:35.546: debug: +2010-10-21 14:01:35.546: debug: parsing zone "example.net." in dir "./example.net" +2010-10-21 14:01:35.794: debug: +2010-10-21 14:01:35.794: notice: end of run: 2 errors occured +2010-10-21 14:02:09.144: notice: ------------------------------------------------------------ +2010-10-21 14:02:09.144: notice: running zkt-signer -v -v -c dnssec.conf -D . +2010-10-21 14:02:09.146: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-10-21 14:02:09.209: debug: +2010-10-21 14:02:09.209: debug: parsing zone "example.net." in dir "./example.net" +2010-10-21 14:02:09.209: debug: +2010-10-21 14:02:09.209: notice: end of run: 2 errors occured +2010-10-21 14:05:35.986: notice: ------------------------------------------------------------ +2010-10-21 14:05:35.986: notice: running ../../zkt-signer -v -v +2010-10-21 14:05:35.988: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-10-21 14:05:36.170: debug: +2010-10-21 14:05:36.170: debug: parsing zone "example.net." in dir "./example.net" +2010-10-21 14:05:36.170: debug: +2010-10-21 14:05:36.170: notice: end of run: 0 errors occured +2010-10-21 14:30:43.890: notice: ------------------------------------------------------------ +2010-10-21 14:30:43.890: notice: running ../../zkt-signer -v -v +2010-10-21 14:30:43.892: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-10-21 14:30:43.892: debug: +2010-10-21 14:30:43.892: debug: parsing zone "example.net." in dir "./example.net" +2010-10-21 14:30:43.893: debug: +2010-10-21 14:30:43.893: notice: end of run: 0 errors occured diff --git a/contrib/zkt-1.1.2/examples/flat/zone.conf b/contrib/zkt-1.1.2/examples/flat/zone.conf new file mode 100644 index 0000000000..54487af2f0 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/zone.conf @@ -0,0 +1,10 @@ + +zone "example.NET." in { + type master; + file "example.net/zone.db.signed"; +}; + +zone "sub.example.NET." in { + type master; + file "sub.example.net/zone.db.signed"; +}; diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+25598.key b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+25598.key new file mode 100644 index 0000000000..45ff7704ae --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+25598.key @@ -0,0 +1,3 @@ +;% generationtime=20110125091120 +;% lifetime=84d +example.de. IN DNSKEY 256 3 5 BQEAAAAB13b8+4oBaYaLYdDvH6fwVwDfohlzGdSu5A9nO/wJ1taCB+4T wn3TSAtlttLmzYad5EbBUIn+4CLBKmc4sKn/cw== diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+25598.published b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+25598.published new file mode 100644 index 0000000000..21ac24add1 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+25598.published @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: 13b8+4oBaYaLYdDvH6fwVwDfohlzGdSu5A9nO/wJ1taCB+4Twn3TSAtlttLmzYad5EbBUIn+4CLBKmc4sKn/cw== +PublicExponent: AQAAAAE= +PrivateExponent: Hr+/WEVR20WhmLb/zS+1qqrw9YDpgmw2hTb9Qs5wa5el38OEzQV5OvBdfQC/aDj7SW1PPSw0iYvcoVS3ZPZh +Prime1: 84w3+p6VYYdrwuju6BrMdISLRla1pPo+synV7D7IR4M= +Prime2: 4nsxmxk0VLrAzzVDfxvEcF3uEOPIKDgayiB1YCvJ9VE= +Exponent1: XzmWw18psVyeqhhEZygfbffj2N61WpM0OulCViv4upM= +Exponent2: Qvo4lPrZBicpnQoC+TTYN2MhzXfIm4IPATGftVC6oFE= +Coefficient: 6J4QOm1lunyBgAiluqGKhs9FJs9y1ZQ62Lzgauf6XVA= diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+37983.key b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+37983.key new file mode 100644 index 0000000000..55364ea623 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+37983.key @@ -0,0 +1,3 @@ +;% generationtime=20081116180040 +;% lifetime=365d +example.de. IN DNSKEY 257 3 5 BQEAAAABDOkPawC/tCqSITj6lvzcIPwcMEX+Nvz17GBu85jmigMuvZQU YZBVUmJNNBbCNStlz+Y+1pGg9HbWFvn0tpH/bm4mZPlJmk+WxQhHz7eT m5xhSaSEEzq0uf087tAbaq1yaTpTtA2R7JXIPxt6CuD9Ou5bbYOzrFnB q1VBAYrwB6t/us10+Ab7T6Jvie/W+v4jto1Xx912Z8HHTbU48Mlp1+mU jQ== diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+37983.published b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+37983.published new file mode 100644 index 0000000000..b120c0c6a6 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+37983.published @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: DOkPawC/tCqSITj6lvzcIPwcMEX+Nvz17GBu85jmigMuvZQUYZBVUmJNNBbCNStlz+Y+1pGg9HbWFvn0tpH/bm4mZPlJmk+WxQhHz7eTm5xhSaSEEzq0uf087tAbaq1yaTpTtA2R7JXIPxt6CuD9Ou5bbYOzrFnBq1VBAYrwB6t/us10+Ab7T6Jvie/W+v4jto1Xx912Z8HHTbU48Mlp1+mUjQ== +PublicExponent: AQAAAAE= +PrivateExponent: AcxmOS9ewHH4UTWVHOSEyONodDImWb5DFyMOUzn3FCkdBEnsOAYTO8/noT3PP0uoMK0s7/BlIReEqsyCVcgQVrTbJszoKlwhHT+XO60i3wPJIWF9u8ouFDnGLkbSRpw6L72uRZy9SdSWUWHdlRayK6T3uJGrcsCLIlzaSue1vXjdUobHMVxQ+mPCFNjSgRWOvTxGcsoXPKx5MjrmAUEnLyQuoQ== +Prime1: A50KZhIYCkyx48okZHgirDXs0cVYf2OOvLcNKF4AvBBTwoV9+oFfTd+wKy9f+G/FqVBV1s4rv/M7UCpAFJPCqaDkt+EEv5DNnX69RgvwBrHyxQ== +Prime2: A5KoV2IkWEM9Djm8pZay/fQpM8coQxVutNDb9G4ADMwpwK5ddGifS38jPlHenUKDxSFtfOZBQbyf7ra/lSttpOqSnr/e6s6HHRn5TYfdR9IXKQ== +Exponent1: eWP9FtwMjnnrsAhQlO7Fbko74gKGRVaygSe4Pd+TGM22dHDZCCoc//IBL+s2Dhezy1l8xiOPVbcxzxHMbqrQhPENi7HihDwiR1WfuSaoIfod +Exponent2: AweXUxlW7qBg+v2qV5cCZl+gvTBW/1vP7llsoOqbHR69xLklXEV96TlEbKU8hoSnq8ts8qqh4/HFj1d+KRTeHWpseUm0GXdK/k7ZvYfr7KVHUQ== +Coefficient: AwVZtbgFX0bAOj9J2p48qYAn3EaIuCvzDYoIE3E/m3NZS8UXQ5MK12AFhulRYpWOgZCIWK9fH0MTvtDFk3I5vyFTMhovDBrSWNn/+TJ47CwrBQ== diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+47280.key b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+47280.key new file mode 100644 index 0000000000..cf983b6961 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+47280.key @@ -0,0 +1,3 @@ +;% generationtime=20080914221502 +;% lifetime=365d +example.de. IN DNSKEY 257 3 5 BQEAAAABDV7kFHqVcWLoSAShdlXU5LKUdyU4LlsJGYMr8oIpjEzvwonR mX5pRiEjVhTwx+vx6eWluv6txXVu+F0g2ykmqUQdMfPYWmD9AJOqvc2t CKVSRePqZ+HeIZR+heBnFKr5kWQmB5XOlMdWNRA3y78s/LufVB8hD7r2 60jrVJ0W6wSMGDjN4zQce8rHCe+LNB1GfaIASkMWjdgxNNAsK9bqDM8E uw== diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+47280.private b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+47280.private new file mode 100644 index 0000000000..fed718b586 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+47280.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: DV7kFHqVcWLoSAShdlXU5LKUdyU4LlsJGYMr8oIpjEzvwonRmX5pRiEjVhTwx+vx6eWluv6txXVu+F0g2ykmqUQdMfPYWmD9AJOqvc2tCKVSRePqZ+HeIZR+heBnFKr5kWQmB5XOlMdWNRA3y78s/LufVB8hD7r260jrVJ0W6wSMGDjN4zQce8rHCe+LNB1GfaIASkMWjdgxNNAsK9bqDM8Euw== +PublicExponent: AQAAAAE= +PrivateExponent: CxINUgbVqMf0BnMNYq3aL8ucN4fael2ljQYgDCpcTMfqVuRo+Vo6sMEr3C6Bw8MTHWo2jMxdulyS4tsiMQVVjWUArFL/sfFYLwopjOExcneji6noi8n9dzgslNpo3QAdnKwDGUwj+k7CBzCbLSZ5xpt/eaHcN4l1buQ0tcqShthdh7sNHFX1nAqjsLa7xxCiBsliA6LD/QTAAzcbED0Xw7SJWQ== +Prime1: A+RY6jx9urFg5GeyRqrAiqqClEzyWgEM4HsJn/oQ38PE6NrPzcG9U95um79u1WwWtXe5xTifInhN40CpxQYH45NFjZEuEvROvkXk5JHV9b5UHw== +Prime2: A2949khdV+cKgI2EHmRIu7PJUFkBgrMXacwVpGdaN41NpJYFRYW8qoPmKRrw/Fji7GZj0rrro51XT7JNDbC44dX/bGdNa/eWvslPJGfCR4Gb5Q== +Exponent1: rVHNFnlV2HXIOzi9+2Hit8m7bNXrVXA/DJ3lGCzDL2PzpvQcrL6mMXzaYznP9XaSgyR9M8u+Tdwqq11lHsnWhNLyWKTyAlO5WP3syQD3+0Jp +Exponent2: ArQCCQS8lPgDvu7LI3q5tanr2nmM2uMzPNud9EPSqAql8iEIgOZDLDsMDZd9QHm2Dicjc2UifTcJgQlc3OACSVYkkxjvHKO7t03KNoZkhceTTQ== +Coefficient: GUOOUFWtz0iCPZx1ljdxpP3T4hW7Jux1zcfV6PwX+Nx+8KcawXFfNxjsC1+Sla9Txv02Kgqg9Mh3mCNGynimcbkmmOcfyozKOttAD1sheFK0 diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+60407.key b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+60407.key new file mode 100644 index 0000000000..f2528244fa --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+60407.key @@ -0,0 +1,3 @@ +;% generationtime=20101127093934 +;% lifetime=63d +example.de. IN DNSKEY 256 3 5 BQEAAAABw62oxcUQ8mF4T6zH+tAkM0FU3nXJ4sgnBSUa884gZL2AlG+t 7FpwrRm/Hish/hxVRzmM8q2srgLHBYAk12VkMQ== diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+60407.private b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+60407.private new file mode 100644 index 0000000000..4ac668f210 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+60407.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: w62oxcUQ8mF4T6zH+tAkM0FU3nXJ4sgnBSUa884gZL2AlG+t7FpwrRm/Hish/hxVRzmM8q2srgLHBYAk12VkMQ== +PublicExponent: AQAAAAE= +PrivateExponent: IwUfBuvY5VY30HNbiboZAUkgEkSiFAj86peg2ue+PhllmtSP+Vxl7bguyEq0JJgk8AcQB0fxD9b8VdkgksSwgQ== +Prime1: 54rg6aJKRFWczUKRDwD0/aRC+VKc6gJAtw3RrAnW/Nc= +Prime2: 2Fj7RLozuJFUHRkDTFIQWrPEInCGmrIPU+tLPH6vPjc= +Exponent1: gwVUTriIA6KGdAqT+sX/5cpwaIC0v5Nnl70WXoOkiOs= +Exponent2: RI+e2Q3LGyTFTRf64HiGzl67T84jor3EM+1LTugfpSs= +Coefficient: CNfuRUw+kKfO99T09DeD1y4N7QwyGG03NfazSa4GvPU= diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/dnskey.db b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/dnskey.db new file mode 100644 index 0000000000..b0d62f552a --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/dnskey.db @@ -0,0 +1,39 @@ +; +; !!! Don't edit this file by hand. +; !!! It will be generated by zkt-signer. +; +; Last generation time Jan 25 2011 19:39:31 +; + +; *** List of Key Signing Keys *** +; example.de. tag=47280 algo=RSASHA1 generated Jul 05 2010 09:43:02 +example.de. 14400 IN DNSKEY 257 3 5 ( + BQEAAAABDV7kFHqVcWLoSAShdlXU5LKUdyU4LlsJGYMr8oIpjEzvwonR + mX5pRiEjVhTwx+vx6eWluv6txXVu+F0g2ykmqUQdMfPYWmD9AJOqvc2t + CKVSRePqZ+HeIZR+heBnFKr5kWQmB5XOlMdWNRA3y78s/LufVB8hD7r2 + 60jrVJ0W6wSMGDjN4zQce8rHCe+LNB1GfaIASkMWjdgxNNAsK9bqDM8E + uw== + ) ; key id = 47280 + +; example.de. tag=37983 algo=RSASHA1 generated Jul 05 2010 09:43:02 +example.de. 14400 IN DNSKEY 257 3 5 ( + BQEAAAABDOkPawC/tCqSITj6lvzcIPwcMEX+Nvz17GBu85jmigMuvZQU + YZBVUmJNNBbCNStlz+Y+1pGg9HbWFvn0tpH/bm4mZPlJmk+WxQhHz7eT + m5xhSaSEEzq0uf087tAbaq1yaTpTtA2R7JXIPxt6CuD9Ou5bbYOzrFnB + q1VBAYrwB6t/us10+Ab7T6Jvie/W+v4jto1Xx912Z8HHTbU48Mlp1+mU + jQ== + ) ; key id = 37983 + +; *** List of Zone Signing Keys *** +; example.de. tag=60407 algo=RSASHA1 generated Nov 27 2010 19:46:33 +example.de. 14400 IN DNSKEY 256 3 5 ( + BQEAAAABw62oxcUQ8mF4T6zH+tAkM0FU3nXJ4sgnBSUa884gZL2AlG+t + 7FpwrRm/Hish/hxVRzmM8q2srgLHBYAk12VkMQ== + ) ; key id = 60407 + +; example.de. tag=25598 algo=RSASHA1 generated Jan 25 2011 10:11:20 +example.de. 14400 IN DNSKEY 256 3 5 ( + BQEAAAAB13b8+4oBaYaLYdDvH6fwVwDfohlzGdSu5A9nO/wJ1taCB+4T + wn3TSAtlttLmzYad5EbBUIn+4CLBKmc4sKn/cw== + ) ; key id = 25598 + diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/dsset-example.de. b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/dsset-example.de. new file mode 100644 index 0000000000..86ba183b06 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/dsset-example.de. @@ -0,0 +1,4 @@ +example.de. IN DS 37983 5 1 635B486D53D19B16BC4A87366BC2D5626978F4B9 +example.de. IN DS 37983 5 2 5B8412FE443D8F4F77AC4C89FF12289DA88998D864EC68E3E5A4EE2C B192F9DC +example.de. IN DS 47280 5 1 149C886C8175B220A964D4293EB4FCFAC1650974 +example.de. IN DS 47280 5 2 466E738B6913F7081DE5E17FC3567771618AB1D6CB0A333270A4AC24 7DB14DD0 diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/keyset-example.de. b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/keyset-example.de. new file mode 100644 index 0000000000..27a14419fa --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/keyset-example.de. @@ -0,0 +1,19 @@ +$ORIGIN . +example.de 7200 IN DNSKEY 257 3 5 ( + BQEAAAABDOkPawC/tCqSITj6lvzcIPwcMEX+ + Nvz17GBu85jmigMuvZQUYZBVUmJNNBbCNStl + z+Y+1pGg9HbWFvn0tpH/bm4mZPlJmk+WxQhH + z7eTm5xhSaSEEzq0uf087tAbaq1yaTpTtA2R + 7JXIPxt6CuD9Ou5bbYOzrFnBq1VBAYrwB6t/ + us10+Ab7T6Jvie/W+v4jto1Xx912Z8HHTbU4 + 8Mlp1+mUjQ== + ) ; key id = 37983 + 7200 IN DNSKEY 257 3 5 ( + BQEAAAABDV7kFHqVcWLoSAShdlXU5LKUdyU4 + LlsJGYMr8oIpjEzvwonRmX5pRiEjVhTwx+vx + 6eWluv6txXVu+F0g2ykmqUQdMfPYWmD9AJOq + vc2tCKVSRePqZ+HeIZR+heBnFKr5kWQmB5XO + lMdWNRA3y78s/LufVB8hD7r260jrVJ0W6wSM + GDjN4zQce8rHCe+LNB1GfaIASkMWjdgxNNAs + K9bqDM8Euw== + ) ; key id = 47280 diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/keyset-sub.example.de. b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/keyset-sub.example.de. new file mode 100644 index 0000000000..6c7f963191 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/keyset-sub.example.de. @@ -0,0 +1,7 @@ +; KSK rollover phase1 (new key generated but this is alread the old one) +sub.example.de. 14400 IN DNSKEY 257 3 5 ( + BQEAAAABzRcWJYuBn9eY8u4x+04jkYmSmfRaGuNc4soput6Fo2/HViu1 + 1Jo2uMnp4Z4MeGzti4IGsL2Lp5vC66qXeX0Qqk+aIJBQUyHCF1nPmPad + 2hDVFpD4Lp/uArmHaaLxQ4px6LEe0PMG1W/a/gJWNxuiTmkSN5c9vXsQ + m3SuRnb0ef0= + ) ; key id = 38331 diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+27647.key b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+27647.key new file mode 100644 index 0000000000..30860426d1 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+27647.key @@ -0,0 +1,3 @@ +;% generationtime=20101127093933 +;% lifetime=3d +sub.example.de. IN DNSKEY 256 3 5 BQEAAAAB5tuyJuCMHTySqvnPpVSbFcnFK6jI/BG3Va5Yu0ou7jPArylc mziNb9AIJ2PBaVcXbeH6h9YWd9MLCLKPZqRLKQ== diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+27647.private b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+27647.private new file mode 100644 index 0000000000..3618ea59cc --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+27647.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: 5tuyJuCMHTySqvnPpVSbFcnFK6jI/BG3Va5Yu0ou7jPArylcmziNb9AIJ2PBaVcXbeH6h9YWd9MLCLKPZqRLKQ== +PublicExponent: AQAAAAE= +PrivateExponent: JzR1JHrF/sD4IW5yUk+u1Kk3EuBcKPbD8wqOMseG34SyEm1jPU+o2QlTA2DPw49ApfKrkq+ikDZ7+mRwRGOHAQ== +Prime1: 9OdVjN/tX8KeuG8oURXKri8YD04kz07isqeYTYyksfE= +Prime2: 8VFyYFkvnx5UuYdOTuoIIJcQqK0HeC+JwB1wAyRm9Lk= +Exponent1: ATIpC4/KM7AKHLlt3vvxyyov3pPBnCwF9NC4L4gpNEE= +Exponent2: 8UV1SqMZEk9tI8NTvRa2Z6xRB0b7D2MNnedSZqOXi/E= +Coefficient: mUOK9cs0xozwdcUZPkP+FDoxJvfN6eeidsFqya3JLOo= diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+32679.key b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+32679.key new file mode 100644 index 0000000000..c9a4679c41 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+32679.key @@ -0,0 +1,3 @@ +;% generationtime=20110125183931 +;% lifetime=7d +sub.example.de. IN DNSKEY 257 3 5 BQEAAAABocb52XnOJzaKKv90SFZxTddP7OuzI/qaeOqptm7BH3QKGTBj ZmgfJ6J2uNXamzVEUGiAV5yLvPbxSAUK/R7HWP22ENqRxouZrQVUYfMC pVS69kTGagTnMmywpg5LtCic9+18YRX2NhkxNvUpBjlTn7BbjXW36yy5 sA1Uq+Rg2cU= diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+32679.private b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+32679.private new file mode 100644 index 0000000000..526253928d --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+32679.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: ocb52XnOJzaKKv90SFZxTddP7OuzI/qaeOqptm7BH3QKGTBjZmgfJ6J2uNXamzVEUGiAV5yLvPbxSAUK/R7HWP22ENqRxouZrQVUYfMCpVS69kTGagTnMmywpg5LtCic9+18YRX2NhkxNvUpBjlTn7BbjXW36yy5sA1Uq+Rg2cU= +PublicExponent: AQAAAAE= +PrivateExponent: JpNUVc04LC+jHSd/SN4bbbUXotjoQMNxsR0OmiGAQqOdWL6NWZ2XRr1dYS0NWy6lLxPCtA5MhnS5TgY633Vfd2KM8ywkNy3Dwtd/ynHRqv6poAhSoSZtYds/RrPATwMMzKmuwXoH9YAG4IHhG9y4mUA9cVB84xT/5ZVxoaatYgE= +Prime1: 1hrTq3BjlThxhlNym2qSx5Kop2rtn6J3LSM7wlQ8vd2vR9lNuj8TrM8yig3S1tRh4RSKLWtOgb3eBo26nrp+EQ== +Prime2: wW7mdWIEe1UkZVFnH2J2If5D5v1mn0o8umik+tE3aQJun9WOVjbZ/PjwlaMM+nFAID08Plj25ec0z8hu8cV8dQ== +Exponent1: iVUvqW8WSh0JJt2Cs6Eokp6fhJveVPMTmTtWWkKtYFnQx/peBxb55x+ULMQvHG3Iz06Y445k61629mCvyB9qwQ== +Exponent2: Ewn17+1cExPMS+ZITVszVdouSCvnteVj7V/AL8C0iSK0x7XlBx3F8D9vNfYWL+7WOjF5t+v0dmBM+J0TKLUZzQ== +Coefficient: AhCRWPVu5lQcfR94r8G5sQik3ZmZf1uJbO2mf+24yHQA0qjzYiEo42jCwXSDA3JtBwAbTwukmmTn4gOWHex7JQ== diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+38331.key b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+38331.key new file mode 100644 index 0000000000..e4eace4255 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+38331.key @@ -0,0 +1,3 @@ +;% generationtime=20100826211144 +;% lifetime=7d +sub.example.de. IN DNSKEY 257 3 5 BQEAAAABzRcWJYuBn9eY8u4x+04jkYmSmfRaGuNc4soput6Fo2/HViu1 1Jo2uMnp4Z4MeGzti4IGsL2Lp5vC66qXeX0Qqk+aIJBQUyHCF1nPmPad 2hDVFpD4Lp/uArmHaaLxQ4px6LEe0PMG1W/a/gJWNxuiTmkSN5c9vXsQ m3SuRnb0ef0= diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+38331.private b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+38331.private new file mode 100644 index 0000000000..d0d323dcfd --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+38331.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: zRcWJYuBn9eY8u4x+04jkYmSmfRaGuNc4soput6Fo2/HViu11Jo2uMnp4Z4MeGzti4IGsL2Lp5vC66qXeX0Qqk+aIJBQUyHCF1nPmPad2hDVFpD4Lp/uArmHaaLxQ4px6LEe0PMG1W/a/gJWNxuiTmkSN5c9vXsQm3SuRnb0ef0= +PublicExponent: AQAAAAE= +PrivateExponent: YcpriBuIcizNJGNwVPxNTYDgzz4nQsZ2z7F5fr5BmfC9Ukx7Mdl8wzS/8dikD3FhTqEbDdANf5L/LuPiE0XvvFzMEweRtoSQnYDlnvpYQPGcFcTXlbY1Jn6h3WvVyfLWMWK0/2lsLtHzRhToyI1WyO6wFqrun9e+HvHb71SwP6k= +Prime1: 9aHh1J2wdRibYZI01fQqegxMuZn5+NlvxWxO2Bzwbm4e68cMQjVeyn7N0j46hE7kv+z07422AgXq1kLllqIpNw== +Prime2: 1b8i4culx54km/hid+U9qLFcorXX9e2QF2LFxd5/+YYBBILp7RGk9sD/PWTCPcYZbviPzkRhq+3ignTfwdzAaw== +Exponent1: 2fQGWETsC1OVxzQamORV4JQzBB8haAYNHaCcvgidlQgQFQA2pR4PNaLj77DUHBOrjb2pKjsCS7xumwVu1F8T2w== +Exponent2: EX6aW8lr4Fizn0QwEumQAYnRv7Z32Tfmnr/s6gHPVxPK7spfiPhK0Lb3Q04OfFkJdHNaG9YMpqmNI8ZW/PyJsw== +Coefficient: YvQ1SQqRz/y9ApJSUmswljwbA6NGxS5Mh9ZA8Ui1jNPYClQ6Ncn2A4FatnLBfyLaalCLzR3rf22LoNvwc9g8rg== diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+51846.key b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+51846.key new file mode 100644 index 0000000000..40d7719cbc --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+51846.key @@ -0,0 +1,3 @@ +;% generationtime=20101127101703 +;% lifetime=7d +sub.example.de. IN DNSKEY 257 3 5 BQEAAAAB2CMCmaITzL7L6UmI0Y+u16LiyINgkYc3dxYunDYWK0FEXGa5 L7ss8jepJnBM6KD/rekwqb5wgso/5VnSprhUUnQqec6ESuJ/9/ThI6i7 zD6AnwdtXagTOaTRqWhUEcjgMIG4oJK/Pb5mZAlXvzPqmRkyeStRw0cU AEWQvdtuDcc= diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+51846.private b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+51846.private new file mode 100644 index 0000000000..cc7651480b --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+51846.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: 2CMCmaITzL7L6UmI0Y+u16LiyINgkYc3dxYunDYWK0FEXGa5L7ss8jepJnBM6KD/rekwqb5wgso/5VnSprhUUnQqec6ESuJ/9/ThI6i7zD6AnwdtXagTOaTRqWhUEcjgMIG4oJK/Pb5mZAlXvzPqmRkyeStRw0cUAEWQvdtuDcc= +PublicExponent: AQAAAAE= +PrivateExponent: BTyLOYpzVpf3iu0C8TsgWOjkBxZYFrHY/A1FOznBnvmYoGo/R3VEoeiZ8rNeizi5z123O37vROe8lz78HGacZbAdOJN2641uSsIN291KQk5phA9udaR6LT+mc0pIb9jg++M0F3Hf5i5PYEu/er/JGSHFT6/h9NpnbyqcXYjV6yE= +Prime1: 8+mFlmHUdJ730AoP0NGVCaQXmU0YRTKsbR/6nQLOerKE9XBfedI9yqBR3c/jxko6dt8f6d/vhizdeTfmQU/xJQ== +Prime2: 4tka/vWR5lFqC3IGnKH0Dudiwurzz/dDoPwc1WWdpKWdKBss3D+aFFr61NFTgJCT2vw7/5EJY0RGX7JVMKQdew== +Exponent1: ZKJzEF60uVnkVEg+IyIS7mBmUVL91FmieU1ZOXSeV683uCdVKSTSdPr/+l18R7IgjOnCOs9ityOfGb0eVrqHKQ== +Exponent2: af/TPglQaRZJKRwT8Jh6PbuBtK1RpMmudpVF/M+t7VSCpkhIEa+MPQP3f/9POSHT/Th8oe7PE/JLhqEllQTgsQ== +Coefficient: PlboG/Rm7dd/QQirRpQ/fZZdFPjNI0J1VjfRst+Qb/yuB2m81CU6GNwDyJujX7L5JQpfQGlqIRvk9jw2cpRBJQ== diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+55550.key b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+55550.key new file mode 100644 index 0000000000..a2eafcbc8b --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+55550.key @@ -0,0 +1,3 @@ +;% generationtime=20110125091120 +;% lifetime=3d +sub.example.de. IN DNSKEY 256 3 5 BQEAAAAB1+QMKtDQA7dd2FA5IMVv5Y/VQa1ueCB4ZgDqvDUkdmQ2STLE DwQuCoL26XId1SjEPQS47v3GBqTkSb0M/mSIsw== diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+55550.published b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+55550.published new file mode 100644 index 0000000000..d465b72ad9 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+55550.published @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: 1+QMKtDQA7dd2FA5IMVv5Y/VQa1ueCB4ZgDqvDUkdmQ2STLEDwQuCoL26XId1SjEPQS47v3GBqTkSb0M/mSIsw== +PublicExponent: AQAAAAE= +PrivateExponent: Kye03nJBn261AzC2UQAIVVOz0IUDAmIO/LqThB87QJc9xFPk+KQZDvn7+XaLReYSUZrgDadZozVyGCBwmTbKEQ== +Prime1: 8c3ijRfD1wTzd2CKDyO9Zzsq0r/DvH/30BL7QzB1/7s= +Prime2: 5JC0mXeSA3vDweMKht4bH44IXBPLuq9EGTVWDLolH2k= +Exponent1: jCN5Qm3qprCbs+lLPNJ1fIWWD6Zzg6tObVCputLFRqE= +Exponent2: ooEJXApdOWOj2g9rLuZ0jCEkARFtLd/fnvlEZfWOJFk= +Coefficient: GZIo2y2pmmjsXCZaHPzd6CGGkXRq1kOw2OCZ1NUcPWY= diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/dlvset-sub.example.de. b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/dlvset-sub.example.de. new file mode 100644 index 0000000000..c640dc1314 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/dlvset-sub.example.de. @@ -0,0 +1,6 @@ +sub.example.de.dlv.trusted-keys.net. IN DLV 32679 5 1 B2B115076F5BC2F2864D8ED1D63279193E5E7999 +sub.example.de.dlv.trusted-keys.net. IN DLV 32679 5 2 71B3896274A524028F131983D780C12CB38EA40E435815E9CC301749 26BFD367 +sub.example.de.dlv.trusted-keys.net. IN DLV 38331 5 1 8F7E90EE2686DAE4D31CEE40142AD6A25670B0A0 +sub.example.de.dlv.trusted-keys.net. IN DLV 38331 5 2 7B791220D03926DC6D3531CD155EF1E2AB202CE5955DF61079BEDD48 67400707 +sub.example.de.dlv.trusted-keys.net. IN DLV 51846 5 1 F0B3607F13FFE0C5AEF2ED24978FC8D42B391361 +sub.example.de.dlv.trusted-keys.net. IN DLV 51846 5 2 B067543FEAC9F203E9508672D802DEFD9F8AFF6CDBCC298B25C2CCED EDC813D8 diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/dnskey.db b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/dnskey.db new file mode 100644 index 0000000000..152e303229 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/dnskey.db @@ -0,0 +1,45 @@ +; +; !!! Don't edit this file by hand. +; !!! It will be generated by zkt-signer. +; +; Last generation time Jan 25 2011 19:39:31 +; + +; *** List of Key Signing Keys *** +; sub.example.de. tag=38331 algo=RSASHA1 generated Aug 26 2010 23:11:44 +sub.example.de. 14400 IN DNSKEY 257 3 5 ( + BQEAAAABzRcWJYuBn9eY8u4x+04jkYmSmfRaGuNc4soput6Fo2/HViu1 + 1Jo2uMnp4Z4MeGzti4IGsL2Lp5vC66qXeX0Qqk+aIJBQUyHCF1nPmPad + 2hDVFpD4Lp/uArmHaaLxQ4px6LEe0PMG1W/a/gJWNxuiTmkSN5c9vXsQ + m3SuRnb0ef0= + ) ; key id = 38331 + +; sub.example.de. tag=51846 algo=RSASHA1 generated Nov 27 2010 11:17:03 +sub.example.de. 14400 IN DNSKEY 257 3 5 ( + BQEAAAAB2CMCmaITzL7L6UmI0Y+u16LiyINgkYc3dxYunDYWK0FEXGa5 + L7ss8jepJnBM6KD/rekwqb5wgso/5VnSprhUUnQqec6ESuJ/9/ThI6i7 + zD6AnwdtXagTOaTRqWhUEcjgMIG4oJK/Pb5mZAlXvzPqmRkyeStRw0cU + AEWQvdtuDcc= + ) ; key id = 51846 + +; sub.example.de. tag=32679 algo=RSASHA1 generated Jan 25 2011 19:39:31 +sub.example.de. 14400 IN DNSKEY 257 3 5 ( + BQEAAAABocb52XnOJzaKKv90SFZxTddP7OuzI/qaeOqptm7BH3QKGTBj + ZmgfJ6J2uNXamzVEUGiAV5yLvPbxSAUK/R7HWP22ENqRxouZrQVUYfMC + pVS69kTGagTnMmywpg5LtCic9+18YRX2NhkxNvUpBjlTn7BbjXW36yy5 + sA1Uq+Rg2cU= + ) ; key id = 32679 + +; *** List of Zone Signing Keys *** +; sub.example.de. tag=27647 algo=RSASHA1 generated Jan 25 2011 10:11:20 +sub.example.de. 14400 IN DNSKEY 256 3 5 ( + BQEAAAAB5tuyJuCMHTySqvnPpVSbFcnFK6jI/BG3Va5Yu0ou7jPArylc + mziNb9AIJ2PBaVcXbeH6h9YWd9MLCLKPZqRLKQ== + ) ; key id = 27647 + +; sub.example.de. tag=55550 algo=RSASHA1 generated Jan 25 2011 10:11:20 +sub.example.de. 14400 IN DNSKEY 256 3 5 ( + BQEAAAAB1+QMKtDQA7dd2FA5IMVv5Y/VQa1ueCB4ZgDqvDUkdmQ2STLE + DwQuCoL26XId1SjEPQS47v3GBqTkSb0M/mSIsw== + ) ; key id = 55550 + diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/dnssec.conf b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/dnssec.conf new file mode 100644 index 0000000000..ef2b668ef3 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/dnssec.conf @@ -0,0 +1,16 @@ +## +## dnssec-zkt v0.4 (c) Jan 2005 hoz hznet de ## +## + +resigninterval 12h +sigvalidity 1d +max_ttl 90s + +ksk_lifetime 7d +key_algo RSASHA1 +ksk_bits 1024 + +zsk_lifetime 3d +zsk_bits 512 + +dlv_domain "dlv.trusted-keys.net" diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/dsset-sub.example.de. b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/dsset-sub.example.de. new file mode 100644 index 0000000000..b3e2e25dd6 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/dsset-sub.example.de. @@ -0,0 +1,6 @@ +sub.example.de. IN DS 32679 5 1 B2B115076F5BC2F2864D8ED1D63279193E5E7999 +sub.example.de. IN DS 32679 5 2 71B3896274A524028F131983D780C12CB38EA40E435815E9CC301749 26BFD367 +sub.example.de. IN DS 38331 5 1 8F7E90EE2686DAE4D31CEE40142AD6A25670B0A0 +sub.example.de. IN DS 38331 5 2 7B791220D03926DC6D3531CD155EF1E2AB202CE5955DF61079BEDD48 67400707 +sub.example.de. IN DS 51846 5 1 F0B3607F13FFE0C5AEF2ED24978FC8D42B391361 +sub.example.de. IN DS 51846 5 2 B067543FEAC9F203E9508672D802DEFD9F8AFF6CDBCC298B25C2CCED EDC813D8 diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/keyset-sub.example.de. b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/keyset-sub.example.de. new file mode 100644 index 0000000000..6b3a4d6211 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/keyset-sub.example.de. @@ -0,0 +1,22 @@ +$ORIGIN . +sub.example.de 7200 IN DNSKEY 257 3 5 ( + BQEAAAABocb52XnOJzaKKv90SFZxTddP7Ouz + I/qaeOqptm7BH3QKGTBjZmgfJ6J2uNXamzVE + UGiAV5yLvPbxSAUK/R7HWP22ENqRxouZrQVU + YfMCpVS69kTGagTnMmywpg5LtCic9+18YRX2 + NhkxNvUpBjlTn7BbjXW36yy5sA1Uq+Rg2cU= + ) ; key id = 32679 + 7200 IN DNSKEY 257 3 5 ( + BQEAAAABzRcWJYuBn9eY8u4x+04jkYmSmfRa + GuNc4soput6Fo2/HViu11Jo2uMnp4Z4MeGzt + i4IGsL2Lp5vC66qXeX0Qqk+aIJBQUyHCF1nP + mPad2hDVFpD4Lp/uArmHaaLxQ4px6LEe0PMG + 1W/a/gJWNxuiTmkSN5c9vXsQm3SuRnb0ef0= + ) ; key id = 38331 + 7200 IN DNSKEY 257 3 5 ( + BQEAAAAB2CMCmaITzL7L6UmI0Y+u16LiyINg + kYc3dxYunDYWK0FEXGa5L7ss8jepJnBM6KD/ + rekwqb5wgso/5VnSprhUUnQqec6ESuJ/9/Th + I6i7zD6AnwdtXagTOaTRqWhUEcjgMIG4oJK/ + Pb5mZAlXvzPqmRkyeStRw0cUAEWQvdtuDcc= + ) ; key id = 51846 diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+08544.key b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+08544.key similarity index 100% rename from contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+08544.key rename to contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+08544.key diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+08544.private b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+08544.private similarity index 100% rename from contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+08544.private rename to contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+08544.private diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+27861.key b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+27861.key similarity index 100% rename from contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+27861.key rename to contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+27861.key diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+27861.private b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+27861.private similarity index 100% rename from contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+27861.private rename to contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+27861.private diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+42639.key b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+42639.key similarity index 100% rename from contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+42639.key rename to contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+42639.key diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+42639.private b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+42639.private similarity index 100% rename from contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+42639.private rename to contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+42639.private diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/parent-sub.example.de. b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/parent-sub.example.de. new file mode 100644 index 0000000000..6c7f963191 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/parent-sub.example.de. @@ -0,0 +1,7 @@ +; KSK rollover phase1 (new key generated but this is alread the old one) +sub.example.de. 14400 IN DNSKEY 257 3 5 ( + BQEAAAABzRcWJYuBn9eY8u4x+04jkYmSmfRaGuNc4soput6Fo2/HViu1 + 1Jo2uMnp4Z4MeGzti4IGsL2Lp5vC66qXeX0Qqk+aIJBQUyHCF1nPmPad + 2hDVFpD4Lp/uArmHaaLxQ4px6LEe0PMG1W/a/gJWNxuiTmkSN5c9vXsQ + m3SuRnb0ef0= + ) ; key id = 38331 diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/zone.db b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/zone.db new file mode 100644 index 0000000000..d4611a5d6e --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/zone.db @@ -0,0 +1,25 @@ +;----------------------------------------------------------------- +; +; @(#) sub.example.de/zone.db +; +;----------------------------------------------------------------- + +$TTL 7200 + +@ IN SOA ns1.example.de. hostmaster.example.de. ( + 2011012503; Serial (up to 10 digits) + 86400 ; Refresh (RIPE recommendation if NOTIFY is used) + 1800 ; Retry + 2W ; Expire + 7200 ) ; Minimum + + + IN NS ns1.example.de. + +$INCLUDE dnskey.db + +localhost IN A 127.0.0.1 + +a IN A 1.2.3.4 +b IN A 1.2.3.5 +c IN A 1.2.3.6 diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/zone.db.signed b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/zone.db.signed new file mode 100644 index 0000000000..84ae34b2d6 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/zone.db.signed @@ -0,0 +1,131 @@ +; File written on Tue Jan 25 19:39:31 2011 +; dnssec_signzone version 9.7.2-P2 +sub.example.de. 7200 IN SOA ns1.example.de. hostmaster.example.de. ( + 2011012503 ; serial + 86400 ; refresh (1 day) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 7200 RRSIG SOA 5 3 7200 20110126173931 ( + 20110125173931 27647 sub.example.de. + wbTvANOCw3T6BjH3ibeVrgAG2WJPmX09LZmX + P7xtuj9F1Kaj+EpXvQv37SaA8ldr0Ge25q3+ + KB0+dtpmxel7NQ== ) + 7200 NS ns1.example.de. + 7200 RRSIG NS 5 3 7200 20110126173931 ( + 20110125173931 27647 sub.example.de. + hvliLSJ7kw/6nZfrDHJ3nnvW3RjiYZMbYASL + IdKLGsytfU6zaypMXGiwxDo/k+BafY7V4xAM + RGxgMNRthCqOaQ== ) + 7200 NSEC a.sub.example.de. NS SOA RRSIG NSEC DNSKEY + 7200 RRSIG NSEC 5 3 7200 20110126173931 ( + 20110125173931 27647 sub.example.de. + fCX2CjTIm3XyOXhPZni/e21bTKmdZlW9keBX + pb9hEYY5/D3UJWzkVNpVeQ0e1n3QQvwklLda + ezrP/SfZDzIwbg== ) + 14400 DNSKEY 256 3 5 ( + BQEAAAAB1+QMKtDQA7dd2FA5IMVv5Y/VQa1u + eCB4ZgDqvDUkdmQ2STLEDwQuCoL26XId1SjE + PQS47v3GBqTkSb0M/mSIsw== + ) ; key id = 55550 + 14400 DNSKEY 256 3 5 ( + BQEAAAAB5tuyJuCMHTySqvnPpVSbFcnFK6jI + /BG3Va5Yu0ou7jPArylcmziNb9AIJ2PBaVcX + beH6h9YWd9MLCLKPZqRLKQ== + ) ; key id = 27647 + 14400 DNSKEY 257 3 5 ( + BQEAAAABocb52XnOJzaKKv90SFZxTddP7Ouz + I/qaeOqptm7BH3QKGTBjZmgfJ6J2uNXamzVE + UGiAV5yLvPbxSAUK/R7HWP22ENqRxouZrQVU + YfMCpVS69kTGagTnMmywpg5LtCic9+18YRX2 + NhkxNvUpBjlTn7BbjXW36yy5sA1Uq+Rg2cU= + ) ; key id = 32679 + 14400 DNSKEY 257 3 5 ( + BQEAAAABzRcWJYuBn9eY8u4x+04jkYmSmfRa + GuNc4soput6Fo2/HViu11Jo2uMnp4Z4MeGzt + i4IGsL2Lp5vC66qXeX0Qqk+aIJBQUyHCF1nP + mPad2hDVFpD4Lp/uArmHaaLxQ4px6LEe0PMG + 1W/a/gJWNxuiTmkSN5c9vXsQm3SuRnb0ef0= + ) ; key id = 38331 + 14400 DNSKEY 257 3 5 ( + BQEAAAAB2CMCmaITzL7L6UmI0Y+u16LiyINg + kYc3dxYunDYWK0FEXGa5L7ss8jepJnBM6KD/ + rekwqb5wgso/5VnSprhUUnQqec6ESuJ/9/Th + I6i7zD6AnwdtXagTOaTRqWhUEcjgMIG4oJK/ + Pb5mZAlXvzPqmRkyeStRw0cUAEWQvdtuDcc= + ) ; key id = 51846 + 14400 RRSIG DNSKEY 5 3 14400 20110126173931 ( + 20110125173931 27647 sub.example.de. + sg/apLP8ejq7KT+djaUwJqizKG4tq1jTLMLt + NHLn/68rX5w4dY8DTeYxexb4r8Z23kVb0bg+ + lJmmBy5j2r8SMg== ) + 14400 RRSIG DNSKEY 5 3 14400 20110126173931 ( + 20110125173931 32679 sub.example.de. + bzzolxuy/5cXaTOvYDGz+xiRffMSQUSCRicG + jN2InbD0oghm9IlZYaerY3Cx4ta0xitl63Fa + 9n8DAb409BU+uR3SKw+EMQwdEhn1ixslf7Er + N9nyPz+3hCteJ89htoyGBRehQbw3LkFsHPKS + 1q62yU3+dLOLqiJUGgXinFwZ81o= ) + 14400 RRSIG DNSKEY 5 3 14400 20110126173931 ( + 20110125173931 38331 sub.example.de. + nflCKXmANdTDh1g72GpT5JzeaE9u+kZ6Kkds + q4VbnnZjmv8flpsqH9XHV6QU7W7pFhLQ9i9X + qYVPL5HzoZn0q4m08h2z9VCrfCVzfOZVr6S2 + TnL/RTbSRXMHwU63bMM7FNbPz2JlajNAIpfW + 7uHjqoQEWRcJ8ee7JkW5tiu5/5A= ) + 14400 RRSIG DNSKEY 5 3 14400 20110126173931 ( + 20110125173931 51846 sub.example.de. + WaCBxN/IXv3g2NtoBm2epHkZqBTMONadExfN + 0rWSV0mazdli950enMmBwwIEZK+0FVwLpv4Z + zgL5BHuPim7ObqnR6wM1gOpi65lU8IX5Ilbv + OIrUZ5g0O1rYHUjaQKtKBTcgOo7ZtutIj4gc + Xn+2dark9is8EoDHripF5TkDJgU= ) +a.sub.example.de. 7200 IN A 1.2.3.4 + 7200 RRSIG A 5 4 7200 20110126173931 ( + 20110125173931 27647 sub.example.de. + zXzioVSpADspftLWazy+jcGRxHytDuZtUBkD + dsjcU3fy6a8atHbcwUjd43rwzazxphVcL/sM + CeWz5ZcXkYCWeQ== ) + 7200 NSEC b.sub.example.de. A RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20110126173931 ( + 20110125173931 27647 sub.example.de. + k6LWx56HsWiDm7DLUShd97q7dprzDXaocGVL + UPB35LGLUzZIGx/80K+ppeqAD2KoiJ/d+jBi + ZwtomkSGusfVIA== ) +b.sub.example.de. 7200 IN A 1.2.3.5 + 7200 RRSIG A 5 4 7200 20110126173931 ( + 20110125173931 27647 sub.example.de. + b90i/duKEbOBKWDJ39xTlMbGJ3DqdTUCdH1y + sTs96Ea2PZFNoCenAssREGxLG/SdArErfdOC + Q1zCi5z2cYYeyg== ) + 7200 NSEC c.sub.example.de. A RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20110126173931 ( + 20110125173931 27647 sub.example.de. + EGurYn3qRMV+uwzTGq9asXnpKvLhX3qZhQh/ + Tb3AiQ+Oyl+PzfDjP1BI8jqejNTwvlRWBL4H + RRBZMN/Pnn22bw== ) +c.sub.example.de. 7200 IN A 1.2.3.6 + 7200 RRSIG A 5 4 7200 20110126173931 ( + 20110125173931 27647 sub.example.de. + DCFyTIcXCMd3wIdwLjDNXOINmMcQ1tYBzgry + JnZZecok5A6TPXCQ5PrErgwWl6h9URa8M6Kd + Yg6jLpDMcmdNug== ) + 7200 NSEC localhost.sub.example.de. A RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20110126173931 ( + 20110125173931 27647 sub.example.de. + cUvw2e+2VlJVaFGF5zciADg3W/DMz2zeLTlp + bEav7jr7xFJdg9twcr+WtKh9xyAraH/0eqT8 + cs3z8i81I/Dgzg== ) +localhost.sub.example.de. 7200 IN A 127.0.0.1 + 7200 RRSIG A 5 4 7200 20110126173931 ( + 20110125173931 27647 sub.example.de. + eKi4L2xErnSUAPH3jGWtLShBTab/ZMC86wdf + F8jRpWkNzMqpxhmEOgeCnCA1cm3Ua/vrSSpA + HmPpxba/FXtOkg== ) + 7200 NSEC sub.example.de. A RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20110126173931 ( + 20110125173931 27647 sub.example.de. + texCzbZHYWVAyNKaR2otusOB3nzL3NMPYApC + Lg7vi4wuk08gC4CvTbEHz+4I7ZeWrMIHwNTp + vsE/tnmaVsHM6Q== ) diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/zone.db b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/zone.db new file mode 100644 index 0000000000..3a140b2c41 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/zone.db @@ -0,0 +1,38 @@ +;----------------------------------------------------------------- +; +; @(#) example.de/zone.db +; +;----------------------------------------------------------------- + +$TTL 7200 + +; Ensure that the serial number below is left +; justified in a field of at least 10 chars!! +; 0123456789; +; It's also possible to use the date format e.g. 2005040101 +@ IN SOA ns1.example.de. hostmaster.example.de. ( + 315 ; Serial + 43200 ; Refresh + 1800 ; Retry + 2W ; Expire + 7200 ) ; Minimum + + + IN NS ns1.example.de. + IN NS ns2.example.de. + +ns1 IN A 1.0.0.5 + IN AAAA 2001:db8::53 +ns2 IN A 1.2.0.6 + +localhost IN A 127.0.0.1 + +; Delegation to secure zone; The DS resource record will +; be added by dnssec-signzone automatically if the +; keyset-sub.example.de file is present (run dnssec-signzone +; with option -g or use the dnssec-signer tool) ;-) +sub IN NS ns1.example.de. + +; this file will contain all the zone keys +$INCLUDE dnskey.db + diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/zone.db.signed b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/zone.db.signed new file mode 100644 index 0000000000..33f2c363e3 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/zone.db.signed @@ -0,0 +1,129 @@ +; File written on Tue Jan 25 19:39:31 2011 +; dnssec_signzone version 9.7.2-P2 +example.de. 7200 IN SOA ns1.example.de. hostmaster.example.de. ( + 315 ; serial + 43200 ; refresh (12 hours) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 7200 RRSIG SOA 5 2 7200 20110215173931 ( + 20110125173931 60407 example.de. + D25r9o5y0UlIClgAHwOq9P1/prHCO3/KI/91 + ZHUOA1HPvRt/EW4vQdHNsZPzTgbEZlkrzK1B + f9Z8FRjiPwwuTg== ) + 7200 NS ns1.example.de. + 7200 NS ns2.example.de. + 7200 RRSIG NS 5 2 7200 20110215173931 ( + 20110125173931 60407 example.de. + UDFg0Wr335Zhx2JZNw7ctla8EpFv+8eVjh8Y + YDv47XmCXuazL4EZV3efeU4wnuxmphL02j8X + NLpnUVnRP2QufQ== ) + 7200 NSEC localhost.example.de. NS SOA RRSIG NSEC DNSKEY + 7200 RRSIG NSEC 5 2 7200 20110215173931 ( + 20110125173931 60407 example.de. + K2wUxsJtWVpASeYbWyG58uK4DK8w+TRTSRiJ + aYtgUDjUGeUeNbHaT1FhfXl4xpNts/irmB6K + YDeVNvnB7piRPw== ) + 14400 DNSKEY 256 3 5 ( + BQEAAAABw62oxcUQ8mF4T6zH+tAkM0FU3nXJ + 4sgnBSUa884gZL2AlG+t7FpwrRm/Hish/hxV + RzmM8q2srgLHBYAk12VkMQ== + ) ; key id = 60407 + 14400 DNSKEY 256 3 5 ( + BQEAAAAB13b8+4oBaYaLYdDvH6fwVwDfohlz + GdSu5A9nO/wJ1taCB+4Twn3TSAtlttLmzYad + 5EbBUIn+4CLBKmc4sKn/cw== + ) ; key id = 25598 + 14400 DNSKEY 257 3 5 ( + BQEAAAABDOkPawC/tCqSITj6lvzcIPwcMEX+ + Nvz17GBu85jmigMuvZQUYZBVUmJNNBbCNStl + z+Y+1pGg9HbWFvn0tpH/bm4mZPlJmk+WxQhH + z7eTm5xhSaSEEzq0uf087tAbaq1yaTpTtA2R + 7JXIPxt6CuD9Ou5bbYOzrFnBq1VBAYrwB6t/ + us10+Ab7T6Jvie/W+v4jto1Xx912Z8HHTbU4 + 8Mlp1+mUjQ== + ) ; key id = 37983 + 14400 DNSKEY 257 3 5 ( + BQEAAAABDV7kFHqVcWLoSAShdlXU5LKUdyU4 + LlsJGYMr8oIpjEzvwonRmX5pRiEjVhTwx+vx + 6eWluv6txXVu+F0g2ykmqUQdMfPYWmD9AJOq + vc2tCKVSRePqZ+HeIZR+heBnFKr5kWQmB5XO + lMdWNRA3y78s/LufVB8hD7r260jrVJ0W6wSM + GDjN4zQce8rHCe+LNB1GfaIASkMWjdgxNNAs + K9bqDM8Euw== + ) ; key id = 47280 + 14400 RRSIG DNSKEY 5 2 14400 20110215173931 ( + 20110125173931 47280 example.de. + AiQOEpltQhIL1w1bnStthur44g28NqsYjUfV + BU5yNlEs84I+U3N2qpTC8dske08pwOikBCFG + Yao6Dglj4zi5dbFbp+ssErNWTOX1khHe8FvI + keq7lkbMDoOeiecJ5paN2/yV5gX3Vn0RZXJb + CQFVdrNLQ8gKdMga9YKw70n43MxdgkDJRIVo + gUxKkMaMo/g2KORJf4iOZPRvLfkwFb/QgTsx + Eg== ) + 14400 RRSIG DNSKEY 5 2 14400 20110215173931 ( + 20110125173931 60407 example.de. + iomqvy1Na7p8UHNl9U8hgHqg+BBe7lwPNMv7 + Tur+g2ss3LYZkvkwZgdhP/MNQgF0BTrFIK/n + vjk+0gQ9RFqKbA== ) +localhost.example.de. 7200 IN A 127.0.0.1 + 7200 RRSIG A 5 3 7200 20110215173931 ( + 20110125173931 60407 example.de. + EzoKkOXLzlKf9rTaxofUW5uAmsaIZe2Jrf/R + FgPsnDvXDkGIeA54f+uw0+alWKb4gMgynJJ+ + jjuF3d4TsoLC4A== ) + 7200 NSEC ns1.example.de. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20110215173931 ( + 20110125173931 60407 example.de. + BPjsJrlWAQNSqVOJ5hRb1iL8ABPdGID+qdYF + AWHYpZOsMg3TXsmOfsrZ8tzJ44Ag0FmHdWYr + cSaie8XqF3dndw== ) +ns1.example.de. 7200 IN A 1.0.0.5 + 7200 RRSIG A 5 3 7200 20110215173931 ( + 20110125173931 60407 example.de. + FZu2Oy/7txl4G47fh2gn/f0k4+9YqbdMaCoj + DK/5LCUjQIzK+YHMKnurZVmMSbvFCCCcKgUd + rBO1Kbc3ZFRUDg== ) + 7200 AAAA 2001:db8::53 + 7200 RRSIG AAAA 5 3 7200 20110215173931 ( + 20110125173931 60407 example.de. + ckrkMyljZdlHRMzYceGk/Upzbmijw2bPrhda + 6y9l+yS/zOCYQ3qGfzLFDLUPeMDLEL5f7gxa + adKw2t8cu/BLnw== ) + 7200 NSEC ns2.example.de. A AAAA RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20110215173931 ( + 20110125173931 60407 example.de. + fZadcPS/Zhf+DKNupxsEZOSWm8mC1aimYHSi + 00zMJL5oZdUCXgsJYha69s8gtOn12K95doRw + 2AP6FArRosKy3Q== ) +ns2.example.de. 7200 IN A 1.2.0.6 + 7200 RRSIG A 5 3 7200 20110215173931 ( + 20110125173931 60407 example.de. + QXIJk7GcV6+LlGEtrClHCS2ddj/9fqtqKD9h + BfADqhMYLlVKjQe8grBdgOdbvvmAiSibdbJI + 4lFjh6EkXglPIg== ) + 7200 NSEC sub.example.de. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20110215173931 ( + 20110125173931 60407 example.de. + HbXCvcFWhQZwhPsyHxht7auAMyYrqOhhI3/Q + S+1jwao3ejHJRMdTWrTgyBAXMJpS1SeMnD9i + Dx7A5OvtVUoj7g== ) +sub.example.de. 7200 IN NS ns1.example.de. + 7200 DS 38331 5 1 ( + 8F7E90EE2686DAE4D31CEE40142AD6A25670 + B0A0 ) + 7200 DS 38331 5 2 ( + 7B791220D03926DC6D3531CD155EF1E2AB20 + 2CE5955DF61079BEDD4867400707 ) + 7200 RRSIG DS 5 3 7200 20110215173931 ( + 20110125173931 60407 example.de. + GJcNtYbOxbVYA73qgH9bpPvrVIBbUqD0y/dX + ZAA1ZpXc3Kz7a4Dzr4fn20KiGF0/huYoo5vt + kU+GHU3wuUTtTQ== ) + 7200 NSEC example.de. NS DS RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20110215173931 ( + 20110125173931 60407 example.de. + LQT1mxY77PpPtpdrjZ5HAzxsQDar+6bsodd9 + TWNvagqjzvfLTC5Lc5Jy63YmdVkZNmH0RCBP + ciRqPQYlvMx8rg== ) diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/zone.soa b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/zone.soa new file mode 100644 index 0000000000..9b200c1bd7 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/zone.soa @@ -0,0 +1,10 @@ +; Be sure that the serial number below is left +; justified in a field of at least 10 chars!! +; 0123456789; +; It's also possible to use the date form e.g. 2005040101 +@ IN SOA ns1.example.de. hostmaster.example.de. ( + 267 ; Serial + 43200 ; Refresh + 1800 ; Retry + 2W ; Expire + 7200 ) ; Minimum diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/keyset-example.de. b/contrib/zkt-1.1.2/examples/hierarchical/de/keyset-example.de. new file mode 100644 index 0000000000..27a14419fa --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/keyset-example.de. @@ -0,0 +1,19 @@ +$ORIGIN . +example.de 7200 IN DNSKEY 257 3 5 ( + BQEAAAABDOkPawC/tCqSITj6lvzcIPwcMEX+ + Nvz17GBu85jmigMuvZQUYZBVUmJNNBbCNStl + z+Y+1pGg9HbWFvn0tpH/bm4mZPlJmk+WxQhH + z7eTm5xhSaSEEzq0uf087tAbaq1yaTpTtA2R + 7JXIPxt6CuD9Ou5bbYOzrFnBq1VBAYrwB6t/ + us10+Ab7T6Jvie/W+v4jto1Xx912Z8HHTbU4 + 8Mlp1+mUjQ== + ) ; key id = 37983 + 7200 IN DNSKEY 257 3 5 ( + BQEAAAABDV7kFHqVcWLoSAShdlXU5LKUdyU4 + LlsJGYMr8oIpjEzvwonRmX5pRiEjVhTwx+vx + 6eWluv6txXVu+F0g2ykmqUQdMfPYWmD9AJOq + vc2tCKVSRePqZ+HeIZR+heBnFKr5kWQmB5XO + lMdWNRA3y78s/LufVB8hD7r260jrVJ0W6wSM + GDjN4zQce8rHCe+LNB1GfaIASkMWjdgxNNAs + K9bqDM8Euw== + ) ; key id = 47280 diff --git a/contrib/zkt-1.1.2/examples/hierarchical/dnssec.conf b/contrib/zkt-1.1.2/examples/hierarchical/dnssec.conf new file mode 100644 index 0000000000..76dc458bbc --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/dnssec.conf @@ -0,0 +1,44 @@ +# +# @(#) dnssec.conf T1.0rc1 (c) Feb 2005 - Mar 2010 Holger Zuleger hznet.de +# + +# dnssec-zkt options +Zonedir: "." +Recursive: True +PrintTime: False +PrintAge: True +LeftJustify: False + +# zone specific values +ResignInterval: 1w # (604800 seconds) +Sigvalidity: 10d # (864000 seconds) +Max_TTL: 6h # (21600 seconds) +Propagation: 5m # (300 seconds) +KEY_TTL: 1h # (3600 seconds) +Serialformat: incremental + +# signing key parameters +Key_Algo: RSASHA1 # (Algorithm ID 5) +KSK_lifetime: 30d +KSK_bits: 1300 +KSK_randfile: "/dev/urandom" +ZSK_lifetime: 10d +ZSK_bits: 512 +ZSK_randfile: "/dev/urandom" +SaltBits: 24 + +# dnssec-signer options +LogFile: "log" +LogLevel: INFO +LogDomainDir: "log" +SyslogFacility: USER +SyslogLevel: NOTICE +VerboseLog: 0 +Keyfile: "dnskey.db" +Zonefile: "zone.db" +KeySetDir: ".." +DLV_Domain: "" +Sig_Pseudorand: True +Sig_GenerateDS: True +Sig_DnsKeyKSK: True +Sig_Parameter: "" diff --git a/contrib/zkt/examples/hierarchical/log/zktlog-example.de. b/contrib/zkt-1.1.2/examples/hierarchical/log/zktlog-example.de. similarity index 67% rename from contrib/zkt/examples/hierarchical/log/zktlog-example.de. rename to contrib/zkt-1.1.2/examples/hierarchical/log/zktlog-example.de. index ffae0f0dde..bf0252f3c3 100644 --- a/contrib/zkt/examples/hierarchical/log/zktlog-example.de. +++ b/contrib/zkt-1.1.2/examples/hierarchical/log/zktlog-example.de. @@ -14,3 +14,11 @@ 2010-04-01 01:05:48.848: notice: "example.de.": lifetime of zone signing key 39599 exceeded since 43m41s: ZSK rollover deferred: waiting for published key 2010-04-01 01:05:48.928: info: "example.de.": new key 9743 generated for publishing 2010-04-01 01:05:48.929: notice: "example.de.": re-signing triggered: Modfied zone key set +2010-08-26 22:54:24.762: notice: "example.de.": lifetime of zone signing key 39599 exceeded: ZSK rollover done +2010-08-26 22:54:24.837: info: "example.de.": new key 18539 generated for publishing +2010-08-26 22:54:24.837: notice: "example.de.": re-signing triggered: Modfied zone key set +2010-08-26 23:11:44.548: notice: "example.de.": re-signing triggered: Modified KSK in delegated domain +2010-10-21 13:41:23.152: info: "example.de.": old ZSK 39599 removed +2010-10-21 13:41:23.152: notice: "example.de.": lifetime of zone signing key 9743 exceeded: ZSK rollover done +2010-10-21 13:41:23.152: notice: "example.de.": re-signing triggered: Modfied zone key set +2011-01-25 10:13:58.477: notice: "example.de.": re-signing triggered: Modified KSK in delegated domain diff --git a/contrib/zkt/examples/hierarchical/log/zktlog-sub.example.de. b/contrib/zkt-1.1.2/examples/hierarchical/log/zktlog-sub.example.de. similarity index 70% rename from contrib/zkt/examples/hierarchical/log/zktlog-sub.example.de. rename to contrib/zkt-1.1.2/examples/hierarchical/log/zktlog-sub.example.de. index d0d0e12e28..681565118a 100644 --- a/contrib/zkt/examples/hierarchical/log/zktlog-sub.example.de. +++ b/contrib/zkt-1.1.2/examples/hierarchical/log/zktlog-sub.example.de. @@ -31,3 +31,17 @@ 2010-04-01 01:05:48.169: notice: "sub.example.de.": lifetime of zone signing key 63530 exceeded: ZSK rollover done 2010-04-01 01:05:48.650: info: "sub.example.de.": new key 40559 generated for publishing 2010-04-01 01:05:48.650: notice: "sub.example.de.": re-signing triggered: Modfied zone key set +2010-08-26 22:54:24.495: info: "sub.example.de.": kskrollover phase3: Remove old key 8544 +2010-08-26 22:54:24.495: info: "sub.example.de.": old ZSK 63530 removed +2010-08-26 22:54:24.513: notice: "sub.example.de.": lifetime of zone signing key 7295 exceeded: ZSK rollover done +2010-08-26 22:54:24.617: info: "sub.example.de.": new key 25007 generated for publishing +2010-08-26 22:54:24.617: notice: "sub.example.de.": re-signing triggered: Modfied zone key set +2010-08-26 23:11:44.485: info: "sub.example.de.": kskrollover phase1: New key 38331 generated +2010-08-26 23:11:44.485: info: "sub.example.de.": old ZSK 7295 removed +2010-08-26 23:11:44.513: notice: "sub.example.de.": re-signing triggered: Modfied zone key set +2010-10-21 13:41:22.956: info: "sub.example.de.": kskrollover phase2: send new key 27861 to the parent zone +2010-10-21 13:41:22.956: notice: "sub.example.de.": lifetime of zone signing key 40559 exceeded: ZSK rollover done +2010-10-21 13:41:22.956: notice: "sub.example.de.": re-signing triggered: Modfied zone key set +2010-10-21 14:30:47.663: info: "sub.example.de.": old ZSK 40559 removed +2010-10-21 14:30:47.663: notice: "sub.example.de.": re-signing triggered: Modfied zone key set +2011-01-25 10:15:57.334: notice: "sub.example.de.": re-signing triggered: Zone file edited diff --git a/contrib/zkt-1.1.2/examples/hierarchical/named.conf b/contrib/zkt-1.1.2/examples/hierarchical/named.conf new file mode 100644 index 0000000000..8bd3f9db7c --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/named.conf @@ -0,0 +1,102 @@ +/***************************************************************** +** +** #(@) named.conf (c) 6. May 2004 (hoz) +** +*****************************************************************/ + +/***************************************************************** +** logging options +*****************************************************************/ +logging { + channel "named-log" { + file "/var/log/named" versions 3 size 2m; + print-time yes; + print-category yes; + print-severity yes; + severity info; + }; + channel "resolver-log" { + file "/var/log/named"; + print-time yes; + print-category yes; + print-severity yes; + severity debug 1; + }; + channel "dnssec-log" { +# file "/var/log/named-dnssec" ; + file "/var/log/named" ; + print-time yes; + print-category yes; + print-severity yes; + severity debug 3; + }; + category "dnssec" { "dnssec-log"; }; + category "default" { "named-log"; }; + category "resolver" { "resolver-log"; }; + category "client" { "resolver-log"; }; + category "queries" { "resolver-log"; }; +}; + +/***************************************************************** +** name server options +*****************************************************************/ +options { + directory "."; + + dump-file "/var/log/named_dump.db"; + statistics-file "/var/log/named.stats"; + + listen-on-v6 { any; }; + + query-source address * port 53; + transfer-source * port 53; + notify-source * port 53; + + recursion yes; + dnssec-enable yes; + edns-udp-size 4096; + +# dnssec-lookaside "." trust-anchor "trusted-keys.de."; + + querylog yes; + +}; + +/***************************************************************** +** include shared secrets... +*****************************************************************/ +/** for control sessions ... **/ +# include "rndc.key"; +controls { + inet 127.0.0.1 + allow { localhost; } + keys { "rndc-key"; }; + inet ::1 + allow { localhost; } + keys { "rndc-key"; }; +}; + +/***************************************************************** +** ... and trusted_keys +*****************************************************************/ +# include "trusted-keys.conf" ; + +/***************************************************************** +** root server hints and required 127 stuff +*****************************************************************/ +zone "." in { + type hint; + file "root.hint"; +}; + +zone "localhost" in { + type master; + file "localhost.zone"; +}; + +zone "0.0.127.in-addr.arpa" in { + type master; + file "127.0.0.zone"; +}; + +include "zone.conf"; diff --git a/contrib/zkt-1.1.2/examples/hierarchical/zkt-ls b/contrib/zkt-1.1.2/examples/hierarchical/zkt-ls new file mode 120000 index 0000000000..c513980564 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/zkt-ls @@ -0,0 +1 @@ +../zkt-ls.sh \ No newline at end of file diff --git a/contrib/zkt-1.1.2/examples/hierarchical/zkt-signer b/contrib/zkt-1.1.2/examples/hierarchical/zkt-signer new file mode 120000 index 0000000000..b5f367de78 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/zkt-signer @@ -0,0 +1 @@ +../zkt-signer.sh \ No newline at end of file diff --git a/contrib/zkt-1.1.2/examples/hierarchical/zone.conf b/contrib/zkt-1.1.2/examples/hierarchical/zone.conf new file mode 100644 index 0000000000..afd5a739fb --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/zone.conf @@ -0,0 +1,10 @@ + +zone "example.de." in { + type master; + file "de/example.de/zone.db.signed"; +}; + +zone "sub.example.de." in { + type master; + file "de/example.de/sub.example.de/zone.db.signed"; +}; diff --git a/contrib/zkt-1.1.2/examples/views/dnssec-extern.conf b/contrib/zkt-1.1.2/examples/views/dnssec-extern.conf new file mode 100644 index 0000000000..728dcc9431 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/dnssec-extern.conf @@ -0,0 +1,39 @@ +# +# @(#) dnssec.conf vT0.96 (c) Feb 2005 - May 2008 Holger Zuleger hznet.de +# + +# dnssec-zkt options +Zonedir: "extern" +Recursive: True +PrintTime: False +PrintAge: True +LeftJustify: False + +# zone specific values +ResignInterval: 1w # (604800 seconds) +Sigvalidity: 10d # (864000 seconds) +Max_TTL: 8h # (28800 seconds) +Propagation: 5m # (300 seconds) +KEY_TTL: 1h # (3600 seconds) +Serialformat: unixtime + +# signing key parameters +KSK_lifetime: 1y # (31536000 seconds) +KSK_algo: RSASHA1 # (Algorithm ID 5) +KSK_bits: 1300 +KSK_randfile: "/dev/urandom" +ZSK_lifetime: 30d # (2592000 seconds) +ZSK_algo: RSASHA1 # (Algorithm ID 5) +ZSK_bits: 512 +ZSK_randfile: "/dev/urandom" + +# dnssec-signer options +LogFile: "zkt-ext.log" +LogLevel: "debug" +SyslogFacility: "none" +SyslogLevel: "notice" +VerboseLog: 2 +Keyfile: "dnskey.db" +Zonefile: "zone.db" +DLV_Domain: "" +Sig_Pseudorand: True diff --git a/contrib/zkt-1.1.2/examples/views/dnssec-intern.conf b/contrib/zkt-1.1.2/examples/views/dnssec-intern.conf new file mode 100644 index 0000000000..d49fc94664 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/dnssec-intern.conf @@ -0,0 +1,39 @@ +# +# @(#) dnssec.conf vT0.96 (c) Feb 2005 - May 2008 Holger Zuleger hznet.de +# + +# dnssec-zkt options +Zonedir: "intern" +Recursive: True +PrintTime: False +PrintAge: True +LeftJustify: False + +# zone specific values +ResignInterval: 5h # (18000 seconds) +Sigvalidity: 1d # (86400 seconds) +Max_TTL: 30m # (1800 seconds) +Propagation: 1m # (60 seconds) +KEY_TTL: 30m # (1800 seconds) +Serialformat: unixtime + +# signing key parameters +KSK_lifetime: 1y # (31536000 seconds) +KSK_algo: RSASHA1 # (Algorithm ID 5) +KSK_bits: 1300 +KSK_randfile: "/dev/urandom" +ZSK_lifetime: 30d # (2592000 seconds) +ZSK_algo: RSASHA1 # (Algorithm ID 5) +ZSK_bits: 512 +ZSK_randfile: "/dev/urandom" + +# dnssec-signer options +LogFile: "zkt-int.log" +LogLevel: "debug" +SyslogFacility: "none" +SyslogLevel: "notice" +VerboseLog: 2 +Keyfile: "dnskey.db" +Zonefile: "zone.db" +DLV_Domain: "" +Sig_Pseudorand: True diff --git a/contrib/zkt-1.1.2/examples/views/dnssec-signer-extern b/contrib/zkt-1.1.2/examples/views/dnssec-signer-extern new file mode 100644 index 0000000000..910e82aa8d --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/dnssec-signer-extern @@ -0,0 +1,7 @@ +#!/bin/sh +# +# Shell script to start the dnssec-signer +# command out of the view directory +# + +ZKT_CONFFILE=`pwd`/dnssec.conf ../../dnssec-signer -V extern "$@" diff --git a/contrib/zkt-1.1.2/examples/views/dnssec-signer-intern b/contrib/zkt-1.1.2/examples/views/dnssec-signer-intern new file mode 100644 index 0000000000..915ed153c4 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/dnssec-signer-intern @@ -0,0 +1,7 @@ +#!/bin/sh +# +# Shell script to start the dnssec-signer +# command out of the view directory +# + +ZKT_CONFFILE=`pwd`/dnssec.conf ../../dnssec-signer -V intern "$@" diff --git a/contrib/zkt-1.1.2/examples/views/dnssec-zkt-extern b/contrib/zkt-1.1.2/examples/views/dnssec-zkt-extern new file mode 100644 index 0000000000..129b4e1004 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/dnssec-zkt-extern @@ -0,0 +1,7 @@ +#!/bin/sh +# +# Shell script to start the dnssec-zkt command +# out of the view directory +# + +ZKT_CONFFILE=`pwd`/dnssec.conf ../../dnssec-zkt --view extern "$@" diff --git a/contrib/zkt-1.1.2/examples/views/dnssec-zkt-intern b/contrib/zkt-1.1.2/examples/views/dnssec-zkt-intern new file mode 100644 index 0000000000..1836840f8d --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/dnssec-zkt-intern @@ -0,0 +1,7 @@ +#!/bin/sh +# +# Shell script to start the dnssec-zkt command +# out of the view directory +# + +ZKT_CONFFILE=`pwd`/dnssec.conf ../../dnssec-zkt --view intern "$@" diff --git a/contrib/zkt-1.1.2/examples/views/extern/example.net/Kexample.net.+005+08885.key b/contrib/zkt-1.1.2/examples/views/extern/example.net/Kexample.net.+005+08885.key new file mode 100644 index 0000000000..d4b9e8f0cc --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/extern/example.net/Kexample.net.+005+08885.key @@ -0,0 +1,3 @@ +;% generationtime=20110125091121 +;% lifetime=84d +example.net. IN DNSKEY 256 3 5 BQEAAAABqSWPYNt6RitV7CJxyFXjIPeP6zSXtBki5cAiVVA3SdX0cBs6 gWttgt+wxEPMApn/ncgjqcUHTJEVHyd/TrL/Aw== diff --git a/contrib/zkt-1.1.2/examples/views/extern/example.net/Kexample.net.+005+08885.published b/contrib/zkt-1.1.2/examples/views/extern/example.net/Kexample.net.+005+08885.published new file mode 100644 index 0000000000..fc85be4c37 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/extern/example.net/Kexample.net.+005+08885.published @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: qSWPYNt6RitV7CJxyFXjIPeP6zSXtBki5cAiVVA3SdX0cBs6gWttgt+wxEPMApn/ncgjqcUHTJEVHyd/TrL/Aw== +PublicExponent: AQAAAAE= +PrivateExponent: ZcFZXvGGkc0uEOtIHBJaTdBpl/aTKs4xGhG/eOMinMPHbUPlL5R1KL/27O+KQnfs1xjwz48w5Xos8CoTG+1n0Q== +Prime1: 1ho0OW0hJVUICO4jthhzFp2ETYke7vssfhq2oKrsjgk= +Prime2: yj87c5Ewsksm+SsHsBQVC6Gd6P19Yu+ZY7dPeBvW56s= +Exponent1: LwSIjbnndDmgi0pCo0CW95qvG1VEUniUQQmYmda/L7k= +Exponent2: jsIwd0hy3NXOjUbXkeT25G/3QNQcXcIwHzupbZLpuh0= +Coefficient: VRdfIjOr87SWcUBSP9wQGjD1GcCsV3OQ0u03QQwofmo= diff --git a/contrib/zkt-1.1.2/examples/views/extern/example.net/Kexample.net.+005+23553.key b/contrib/zkt-1.1.2/examples/views/extern/example.net/Kexample.net.+005+23553.key new file mode 100644 index 0000000000..ec11dcb5e4 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/extern/example.net/Kexample.net.+005+23553.key @@ -0,0 +1 @@ +example.net. IN DNSKEY 257 3 5 BQEAAAABDEEycfY6uqWNTpQO8ygi9xms6NOFYGhCjijN109fVGJ4KDnI ZtLhoFrOKru9rZn+pyqurlyZG4vESg0BMty6xljVDlr/TegDYFTN19mQ uwvlasJhZPv9pjROPqQGnqLaw3O4OKCY9HgTTPdXK1hQ4Mg2rNU4SM2T u5ki91f5AQqiXF8KYMics0mwVvpj5C2YTDvE9SafLrce68JM6DaiC6E1 sQ== diff --git a/contrib/zkt-1.1.2/examples/views/extern/example.net/Kexample.net.+005+23553.private b/contrib/zkt-1.1.2/examples/views/extern/example.net/Kexample.net.+005+23553.private new file mode 100644 index 0000000000..ea294474c0 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/extern/example.net/Kexample.net.+005+23553.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: DEEycfY6uqWNTpQO8ygi9xms6NOFYGhCjijN109fVGJ4KDnIZtLhoFrOKru9rZn+pyqurlyZG4vESg0BMty6xljVDlr/TegDYFTN19mQuwvlasJhZPv9pjROPqQGnqLaw3O4OKCY9HgTTPdXK1hQ4Mg2rNU4SM2Tu5ki91f5AQqiXF8KYMics0mwVvpj5C2YTDvE9SafLrce68JM6DaiC6E1sQ== +PublicExponent: AQAAAAE= +PrivateExponent: A3ZXTF8afjlxddgO/sDxotc0XLBMa3sNrXhCpdFzeDV1HszZbz1lP8rrZjA1wQgSo56DjiGRKTsHjAAm4xN1lGYKBZuVF4U3uiWie2PhJStt7kckNduKOfV9Nofow5Jh8I2lXKqcOJ8Qd+EJYIsajdBoGQ72PGGfDaHphbN/mW13n59PlilMF4RRRybcMA6jTAOfvIcv5Mes3+ADh0TktHdHQQ== +Prime1: A+SKyrgtNzGVpAXPQysMQ9O/10B/+nhy6//1F5Epxihyuln+d2euh+TjVneojx4D2JUflDUSD5BQAdflDb+KiBXdQjBEmqfWwY+INwSQzv4M5Q== +Prime2: AyXovkiIs7ywIRS6FfRolMMUeh3yeYNtCVAvLB6EC2MiNCzfkDOFB7rpmUkZR8HYUWuz1hQfR781RDO81Sp3RIpSyL7SwOqkpMZyaSgK/GKE3Q== +Exponent1: D1vC405mkcUVfno92EuBXomRiOG7VeSyjwofgCpa0JKR6J2BThdCGrcVbq68ucIddn+cbkD8JsZB3k4aeDYFxm6d1En1Z2C1cVHrzCFi2zFV +Exponent2: N+iliM1Qp3spcsR06kXImb/N4FosHrZkXtcbRIMWhV8NBcyqLDIfGlNluaiztv4rf6Kn2UyVeiGC822nqZHcW5PiXJnBEWs9AC4Di1QzZh0h +Coefficient: AtZ4sYqGgyB5kfdcQBBlIkPbsRRNKrUVAsZkjabdZTQa+ox6tYnlVjh7BgPMHJlj/Z4VTRJ5rfAUPnB4ZwO/r1eAJLd+vxjJb9M7DaGMc+RqQA== diff --git a/contrib/zkt-1.1.2/examples/views/extern/example.net/Kexample.net.+005+38930.key b/contrib/zkt-1.1.2/examples/views/extern/example.net/Kexample.net.+005+38930.key new file mode 100644 index 0000000000..9602160d91 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/extern/example.net/Kexample.net.+005+38930.key @@ -0,0 +1,3 @@ +;% generationtime=20101127101704 +;% lifetime=63d +example.net. IN DNSKEY 256 3 5 BQEAAAABw6SqqsNvYqmiYNMlroODy8rMZdbo2Pe8ldEblO9qtxI5oR4i UeUW/q3rZgCTuZI+ymMiLmaFSF1DXsAyG0M03Q== diff --git a/contrib/zkt-1.1.2/examples/views/extern/example.net/Kexample.net.+005+38930.private b/contrib/zkt-1.1.2/examples/views/extern/example.net/Kexample.net.+005+38930.private new file mode 100644 index 0000000000..715ef67994 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/extern/example.net/Kexample.net.+005+38930.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: w6SqqsNvYqmiYNMlroODy8rMZdbo2Pe8ldEblO9qtxI5oR4iUeUW/q3rZgCTuZI+ymMiLmaFSF1DXsAyG0M03Q== +PublicExponent: AQAAAAE= +PrivateExponent: lYq/wM8BLiaU+Ij/0JP6Csv8Pp/2WdNfsuCbLMU3IBJGimSxx7bvCLSZkDL5mV1E0HJqLrhb2l7GRr3PZKuWMQ== +Prime1: 5KAIpenYhEVE2U3Wzb2Lwp67HgGM/kV46RrvKFOYe08= +Prime2: 2xGmcIPYhuD7BKThg0/ldRhfapASbOw3RvSxY6GxkhM= +Exponent1: X9Z0wkwNnnme2hvoyDMigAYoLZvhx0Tz2ivdw41izlc= +Exponent2: VXrrgqEDOafxQ+jF6vhubWUdAsxz44nyXPHlwduJCtc= +Coefficient: 0pIJlBNZWGPdhykMXN3rPnbZoXUeSecEkpGPLBdw5oE= diff --git a/contrib/zkt-1.1.2/examples/views/extern/example.net/dnskey.db b/contrib/zkt-1.1.2/examples/views/extern/example.net/dnskey.db new file mode 100644 index 0000000000..d2da4fdeec --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/extern/example.net/dnskey.db @@ -0,0 +1,30 @@ +; +; !!! Don't edit this file by hand. +; !!! It will be generated by zkt-signer. +; +; Last generation time Jan 25 2011 20:02:30 +; + +; *** List of Key Signing Keys *** +; example.net. tag=23553 algo=RSASHA1 generated Jul 05 2010 09:43:02 +example.net. 14400 IN DNSKEY 257 3 5 ( + BQEAAAABDEEycfY6uqWNTpQO8ygi9xms6NOFYGhCjijN109fVGJ4KDnI + ZtLhoFrOKru9rZn+pyqurlyZG4vESg0BMty6xljVDlr/TegDYFTN19mQ + uwvlasJhZPv9pjROPqQGnqLaw3O4OKCY9HgTTPdXK1hQ4Mg2rNU4SM2T + u5ki91f5AQqiXF8KYMics0mwVvpj5C2YTDvE9SafLrce68JM6DaiC6E1 + sQ== + ) ; key id = 23553 + +; *** List of Zone Signing Keys *** +; example.net. tag=8885 algo=RSASHA1 generated Jan 25 2011 10:11:21 +example.net. 14400 IN DNSKEY 256 3 5 ( + BQEAAAABqSWPYNt6RitV7CJxyFXjIPeP6zSXtBki5cAiVVA3SdX0cBs6 + gWttgt+wxEPMApn/ncgjqcUHTJEVHyd/TrL/Aw== + ) ; key id = 8885 + +; example.net. tag=38930 algo=RSASHA1 generated Jan 25 2011 10:11:21 +example.net. 14400 IN DNSKEY 256 3 5 ( + BQEAAAABw6SqqsNvYqmiYNMlroODy8rMZdbo2Pe8ldEblO9qtxI5oR4i + UeUW/q3rZgCTuZI+ymMiLmaFSF1DXsAyG0M03Q== + ) ; key id = 38930 + diff --git a/contrib/zkt-1.1.2/examples/views/extern/example.net/dsset-example.net. b/contrib/zkt-1.1.2/examples/views/extern/example.net/dsset-example.net. new file mode 100644 index 0000000000..cbcd3d0220 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/extern/example.net/dsset-example.net. @@ -0,0 +1,2 @@ +example.net. IN DS 23553 5 1 A1A6D06CB84D619730F605AEF2A6DD4148DD9D5B +example.net. IN DS 23553 5 2 B0DCAB8A32C230495CEC1FD61CEC03849450909CA6636FD9BC53D1B3 3B4F3A2D diff --git a/contrib/zkt-1.1.2/examples/views/extern/example.net/keyset-example.net. b/contrib/zkt-1.1.2/examples/views/extern/example.net/keyset-example.net. new file mode 100644 index 0000000000..b84524567e --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/extern/example.net/keyset-example.net. @@ -0,0 +1,10 @@ +$ORIGIN . +example.net 7200 IN DNSKEY 257 3 5 ( + BQEAAAABDEEycfY6uqWNTpQO8ygi9xms6NOF + YGhCjijN109fVGJ4KDnIZtLhoFrOKru9rZn+ + pyqurlyZG4vESg0BMty6xljVDlr/TegDYFTN + 19mQuwvlasJhZPv9pjROPqQGnqLaw3O4OKCY + 9HgTTPdXK1hQ4Mg2rNU4SM2Tu5ki91f5AQqi + XF8KYMics0mwVvpj5C2YTDvE9SafLrce68JM + 6DaiC6E1sQ== + ) ; key id = 23553 diff --git a/contrib/zkt-1.1.2/examples/views/extern/example.net/zone.db b/contrib/zkt-1.1.2/examples/views/extern/example.net/zone.db new file mode 100644 index 0000000000..4c72928f0b --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/extern/example.net/zone.db @@ -0,0 +1,33 @@ +;----------------------------------------------------------------- +; +; @(#) extern/example.net/zone.db +; +;----------------------------------------------------------------- + +$TTL 7200 + +@ IN SOA ns1.example.net. hostmaster.example.net. ( + 0 ; Serial + 43200 ; Refresh + 1800 ; Retry + 2W ; Expire + 7200 ) ; Minimum + + IN NS ns1.example.net. + IN NS ns2.example.net. + +ns1 IN A 1.0.0.5 + IN AAAA 2001:db8::53 +ns2 IN A 1.2.0.6 + +localhost IN A 127.0.0.1 + +; Delegation to secure zone; The DS resource record will +; be added by dnssec-signzone automatically if the +; keyset-sub.example.net file is present (run dnssec-signzone +; with option -g or use the dnssec-signer tool) ;-) +sub IN NS ns1.example.net. + +; this file will have all the zone keys +$INCLUDE dnskey.db + diff --git a/contrib/zkt-1.1.2/examples/views/extern/example.net/zone.db.signed b/contrib/zkt-1.1.2/examples/views/extern/example.net/zone.db.signed new file mode 100644 index 0000000000..e1c7b4525c --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/extern/example.net/zone.db.signed @@ -0,0 +1,109 @@ +; File written on Tue Jan 25 20:02:30 2011 +; dnssec_signzone version 9.7.2-P2 +example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. ( + 1295982150 ; serial + 43200 ; refresh (12 hours) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 7200 RRSIG SOA 5 2 7200 20110215180230 ( + 20110125180230 38930 example.net. + CIEzsLXkJjCehSXcubmncFE46Mdo6duV35FA + 83ynRO2fDHNGEMGcgc1JR0uNRPUs1AySfvMe + 64sN9M5jw7bs+g== ) + 7200 NS ns1.example.net. + 7200 NS ns2.example.net. + 7200 RRSIG NS 5 2 7200 20110215180230 ( + 20110125180230 38930 example.net. + WaUhQqPwY1IGpdo3gG5D7hJrnNsk0GnIXPKa + zw1WGnFj0vcwDxsiEsk9L1NSb/c1j+uPepon + GcCFU8lkAkPJwg== ) + 7200 NSEC localhost.example.net. NS SOA RRSIG NSEC DNSKEY + 7200 RRSIG NSEC 5 2 7200 20110215180230 ( + 20110125180230 38930 example.net. + wkdRRnjfyPQSFb5jju3cEPfVM5T6SlMteEe9 + Vx09wy9b9aZIO6aT2Q83RUr/GIhkC7JeVPWi + c3SftwVD4IKF2Q== ) + 14400 DNSKEY 256 3 5 ( + BQEAAAABqSWPYNt6RitV7CJxyFXjIPeP6zSX + tBki5cAiVVA3SdX0cBs6gWttgt+wxEPMApn/ + ncgjqcUHTJEVHyd/TrL/Aw== + ) ; key id = 8885 + 14400 DNSKEY 256 3 5 ( + BQEAAAABw6SqqsNvYqmiYNMlroODy8rMZdbo + 2Pe8ldEblO9qtxI5oR4iUeUW/q3rZgCTuZI+ + ymMiLmaFSF1DXsAyG0M03Q== + ) ; key id = 38930 + 14400 DNSKEY 257 3 5 ( + BQEAAAABDEEycfY6uqWNTpQO8ygi9xms6NOF + YGhCjijN109fVGJ4KDnIZtLhoFrOKru9rZn+ + pyqurlyZG4vESg0BMty6xljVDlr/TegDYFTN + 19mQuwvlasJhZPv9pjROPqQGnqLaw3O4OKCY + 9HgTTPdXK1hQ4Mg2rNU4SM2Tu5ki91f5AQqi + XF8KYMics0mwVvpj5C2YTDvE9SafLrce68JM + 6DaiC6E1sQ== + ) ; key id = 23553 + 14400 RRSIG DNSKEY 5 2 14400 20110215180230 ( + 20110125180230 23553 example.net. + A44WHsFr4O7Rzuflm19mFBAu7e6asUF5hkzB + KjVkCkxH2NkIcTnDdzpxM/LzXMXyZGzxYQrI + AjStvUqfoDpaay+Jl87/IXd77Owbc762EF6U + Ew1NqHGG0UdO+os5STwPNT7UUi5i8HVVPglx + gpHti4RS6icrcsYMTeuf4yrffMr9xWlI/S2l + vu9b6maVqqAMds1dj9ZEDUWKLrylTngtc33R + BQ== ) + 14400 RRSIG DNSKEY 5 2 14400 20110215180230 ( + 20110125180230 38930 example.net. + P/9UIYie44cvptFvxgny+zKNDilIMUsswBkg + aEJVqCzUnbpA7x5xvzGhlilb38MRv9fvYEtr + AsBz1D2Uo3ZULQ== ) +localhost.example.net. 7200 IN A 127.0.0.1 + 7200 RRSIG A 5 3 7200 20110215180230 ( + 20110125180230 38930 example.net. + iM76gTURcaiYI2yrAIgVcJS1//ZfhCbcVU6o + +aeTvwHCyT4kes8uLluV5sS24MuR1fi+E9I3 + AIeGM/7HdIIi/g== ) + 7200 NSEC ns1.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20110215180230 ( + 20110125180230 38930 example.net. + nEzM1RA6blYjp6PkXp5QPfJd1kWdcVwByMrM + LWWoLI70W9ilxuD3xHOFwmjWwjED/r+NH+53 + DCjTN5DE/RtNkA== ) +ns1.example.net. 7200 IN A 1.0.0.5 + 7200 RRSIG A 5 3 7200 20110215180230 ( + 20110125180230 38930 example.net. + UmtBBwApnfVqXzj76BIVJtuajos1Qr8LfqaT + x0FMOrpjhg9p1JN25jUEIkexUmBqkvt9VEam + my5k3FrYQZpAcw== ) + 7200 AAAA 2001:db8::53 + 7200 RRSIG AAAA 5 3 7200 20110215180230 ( + 20110125180230 38930 example.net. + dWIIV6h276aolyfUWyoup6svZygotNuZpUlE + LhXOr3MU2QgnEo8a1akuhMYf245B76VXd657 + TBjQBuexeFt1ww== ) + 7200 NSEC ns2.example.net. A AAAA RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20110215180230 ( + 20110125180230 38930 example.net. + AjKEeI3cjcxi7DxYwr4cvAeycPNETAm+R74G + /k3Cr8WaPkenxX5n9Meb0rOJRur1RGe0LApr + PuFixxEFVo2EUg== ) +ns2.example.net. 7200 IN A 1.2.0.6 + 7200 RRSIG A 5 3 7200 20110215180230 ( + 20110125180230 38930 example.net. + NqBJpDCmIi/XcjCIl8YGbw0mpVnp8+kT81l3 + wciY/V07AI1ucghehgMJIaG1ZSkPnPlllc5o + trsxvawJv/irEw== ) + 7200 NSEC sub.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20110215180230 ( + 20110125180230 38930 example.net. + NssXK84EXEa1XUWKD+7aeSJFtg3JNnq3J/Ox + ItxpbWdaCgqEqJ87oHNWYGic6POmWPc5P8LI + yLgte5CwMN8ufg== ) +sub.example.net. 7200 IN NS ns1.example.net. + 7200 NSEC example.net. NS RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20110215180230 ( + 20110125180230 38930 example.net. + BslSne1rxv0Rkahw4vdoqh3vlVkiVOQsrsa1 + 1ofMNaBxphwoTj8nkICePawKby4cTFX0kuRL + MiloJ6y9vkvC3Q== ) diff --git a/contrib/zkt-1.1.2/examples/views/extern/keyset-example.net. b/contrib/zkt-1.1.2/examples/views/extern/keyset-example.net. new file mode 100644 index 0000000000..b84524567e --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/extern/keyset-example.net. @@ -0,0 +1,10 @@ +$ORIGIN . +example.net 7200 IN DNSKEY 257 3 5 ( + BQEAAAABDEEycfY6uqWNTpQO8ygi9xms6NOF + YGhCjijN109fVGJ4KDnIZtLhoFrOKru9rZn+ + pyqurlyZG4vESg0BMty6xljVDlr/TegDYFTN + 19mQuwvlasJhZPv9pjROPqQGnqLaw3O4OKCY + 9HgTTPdXK1hQ4Mg2rNU4SM2Tu5ki91f5AQqi + XF8KYMics0mwVvpj5C2YTDvE9SafLrce68JM + 6DaiC6E1sQ== + ) ; key id = 23553 diff --git a/contrib/zkt-1.1.2/examples/views/extern/zkt-ext.log b/contrib/zkt-1.1.2/examples/views/extern/zkt-ext.log new file mode 100644 index 0000000000..d070ca23f3 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/extern/zkt-ext.log @@ -0,0 +1,51 @@ +2008-06-12 17:59:04.194: notice: running as ../../dnssec-signer -V extern -v -v +2008-06-12 17:59:04.195: debug: parsing zone "example.net." in dir "extern/example.net." +2008-06-12 17:59:04.196: debug: Check RFC5011 status +2008-06-12 17:59:04.196: debug: ->ksk5011status returns 0 +2008-06-12 17:59:04.196: debug: Check ksk status +2008-06-12 17:59:04.196: debug: Re-signing not necessary! +2008-06-12 17:59:04.196: notice: end of run: 0 errors occured +2008-06-12 17:59:17.435: notice: running as ../../dnssec-signer -V extern -v -v +2008-06-12 17:59:17.436: debug: parsing zone "example.net." in dir "extern/example.net." +2008-06-12 17:59:17.436: debug: Check RFC5011 status +2008-06-12 17:59:17.436: debug: ->ksk5011status returns 0 +2008-06-12 17:59:17.436: debug: Check ksk status +2008-06-12 17:59:17.436: debug: Re-signing not necessary! +2008-06-12 17:59:17.436: notice: end of run: 0 errors occured +2008-06-12 18:00:07.818: notice: running as ../../dnssec-signer -V extern -v -v +2008-06-12 18:00:07.819: debug: parsing zone "example.net." in dir "extern/example.net." +2008-06-12 18:00:07.819: debug: Check RFC5011 status +2008-06-12 18:00:07.819: debug: ->ksk5011status returns 0 +2008-06-12 18:00:07.819: debug: Check ksk status +2008-06-12 18:00:07.819: debug: Re-signing not necessary! +2008-06-12 18:00:07.819: notice: end of run: 0 errors occured +2008-06-12 18:00:39.019: notice: running as ../../dnssec-signer -V extern -v -v +2008-06-12 18:00:39.020: debug: parsing zone "example.net." in dir "extern/example.net." +2008-06-12 18:00:39.020: debug: Check RFC5011 status +2008-06-12 18:00:39.020: debug: ->ksk5011status returns 0 +2008-06-12 18:00:39.020: debug: Check ksk status +2008-06-12 18:00:39.020: debug: Re-signing not necessary! +2008-06-12 18:00:39.020: notice: end of run: 0 errors occured +2008-10-03 01:00:45.544: notice: ------------------------------------------------------------ +2008-10-03 01:00:45.544: notice: running ../../dnssec-signer -V extern -v -v +2008-10-03 01:00:45.545: debug: parsing zone "example.net" in dir "extern/example.net" +2008-10-03 01:00:45.545: debug: Check RFC5011 status +2008-10-03 01:00:45.545: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-10-03 01:00:45.545: debug: Check KSK status +2008-10-03 01:00:45.545: debug: Check ZSK status +2008-10-03 01:00:45.545: debug: Lifetime(2592000 +/-150 sec) of active key 35744 exceeded (5018328 sec) +2008-10-03 01:00:45.546: debug: ->depreciate it +2008-10-03 01:00:45.546: debug: ->activate published key 10367 +2008-10-03 01:00:45.546: notice: "example.net": lifetime of zone signing key 35744 exceeded: ZSK rollover done +2008-10-03 01:00:45.546: debug: New key for publishing needed +2008-10-03 01:00:45.614: debug: ->creating new key 14714 +2008-10-03 01:00:45.614: info: "example.net": new key 14714 generated for publishing +2008-10-03 01:00:45.614: debug: Re-signing necessary: New zone key +2008-10-03 01:00:45.614: notice: "example.net": re-signing triggered: New zone key +2008-10-03 01:00:45.614: debug: Writing key file "extern/example.net/dnskey.db" +2008-10-03 01:00:45.614: debug: Signing zone "example.net" +2008-10-03 01:00:45.614: debug: Run cmd "cd extern/example.net; /usr/local/sbin/dnssec-signzone -g -p -o example.net -e +864000 -N unixtime zone.db K*.private" +2008-10-03 01:00:46.114: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-10-03 01:00:46.114: debug: Signing completed after 1s. +2008-10-03 01:00:46.114: debug: +2008-10-03 01:00:46.114: notice: end of run: 0 errors occured diff --git a/contrib/zkt-1.1.2/examples/views/intern/example.net/Kexample.net.+005+00126.key b/contrib/zkt-1.1.2/examples/views/intern/example.net/Kexample.net.+005+00126.key new file mode 100644 index 0000000000..316e4cfeaf --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/intern/example.net/Kexample.net.+005+00126.key @@ -0,0 +1 @@ +example.net. IN DNSKEY 257 3 5 BQEAAAABC+JLXRgWPqqGe0cta8CR95tz7PkkgRDlXyxESD+XkpVDkJ3W ey/1Lh7083Ve1WmIuUAo3N4d7HjLgrFVZxiumGGRz/aV3s01OFFS5JqI wF9BTNrNPGLPzzbBaQMHErO88HIbbg4sot7e6bSrtpAEf23MhZ3qZJC9 +nN+DknmsgTE6EpK6ZyUrZc64/0K68EWhtk1gf95NQEzTD4QgrOD6IYq Lw== diff --git a/contrib/zkt-1.1.2/examples/views/intern/example.net/Kexample.net.+005+00126.private b/contrib/zkt-1.1.2/examples/views/intern/example.net/Kexample.net.+005+00126.private new file mode 100644 index 0000000000..96e1ff6e08 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/intern/example.net/Kexample.net.+005+00126.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: C+JLXRgWPqqGe0cta8CR95tz7PkkgRDlXyxESD+XkpVDkJ3Wey/1Lh7083Ve1WmIuUAo3N4d7HjLgrFVZxiumGGRz/aV3s01OFFS5JqIwF9BTNrNPGLPzzbBaQMHErO88HIbbg4sot7e6bSrtpAEf23MhZ3qZJC9+nN+DknmsgTE6EpK6ZyUrZc64/0K68EWhtk1gf95NQEzTD4QgrOD6IYqLw== +PublicExponent: AQAAAAE= +PrivateExponent: CF6/bss8OtQFdcjO6kJh9EamPFXAsaXFCdcYpHF55CU4H3jBuu7teLFEanvgm6M+wROYF0Yohiyb2aeSBdGLRIfTC9l3xfHD+XixuZVoNk6DqR1/8Wlxwu/a/hW9dq7pUXqDfTbzdZKR6SVRPa4MAdQ0p8aSF4S926NRqZC6E/anqhqNPSlBpxTs3TrRk+wY6u8wMXxPGNjJYoID8Y0Qau/H6Q== +Prime1: A50B7etEtQCDudL8+KBxU1/2sVT3ORMfoZPsOe+ZLFrwcOO9Iyrr6saymuD4QvcIHECdLUM5rsT1JBo87wgvVysibco7oVLxlIfsTcbM70l2Kw== +Prime2: A0n3+qM3ng3WAFzlpYRNUZpH/CW1pMq3nOHjx2olWwDxDZ4tAsUPKuW9n3kVZAR+4FkeUKn2ePR7xRtO3AzvA6QmZuZN6EHuLPlSKRufzeZ+DQ== +Exponent1: Hk5KY5PiXs6pf8T8rSvVs6PJqDX491R01ZDdAIDYjmhIUHKWQ2STAlPEpSAGXi+oqOo4dD1eJWgw36hT0JakjXU4aIvPoSdmVPMs8aod0NUh +Exponent2: AXKBZ5sYApCCj/0fGBTkmU6Zc89/ddQNrFm2lVLrwSTILHQWm/aXDvI+5icpF5kdrukVcNHUeCz1R/RTgeV4N9/qvr5YzbPWieqDNvpG1RcNRQ== +Coefficient: BZxK+fKwUNWoJ5huBqLsi8UMWgrCMqAfXvge4+Y4n4IL0VCU1UUEXZQEEeiATh0g52CuetOMej6FZ4QKbNryWg036ZKl81ataMGtDX/i/yZG diff --git a/contrib/zkt-1.1.2/examples/views/intern/example.net/Kexample.net.+005+52235.key b/contrib/zkt-1.1.2/examples/views/intern/example.net/Kexample.net.+005+52235.key new file mode 100644 index 0000000000..2745a9eacb --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/intern/example.net/Kexample.net.+005+52235.key @@ -0,0 +1,3 @@ +;% generationtime=20110125091121 +;% lifetime=84d +example.net. IN DNSKEY 256 3 5 BQEAAAAB0WcmwbQoLbDFommP0H2zyiHXC1ekz3VMR+zl69pZZb5nLL/j 66zL43Op/UVNhNlmwqH10QVie/oJf/ag07n8Jw== diff --git a/contrib/zkt-1.1.2/examples/views/intern/example.net/Kexample.net.+005+52235.published b/contrib/zkt-1.1.2/examples/views/intern/example.net/Kexample.net.+005+52235.published new file mode 100644 index 0000000000..7df544e738 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/intern/example.net/Kexample.net.+005+52235.published @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: 0WcmwbQoLbDFommP0H2zyiHXC1ekz3VMR+zl69pZZb5nLL/j66zL43Op/UVNhNlmwqH10QVie/oJf/ag07n8Jw== +PublicExponent: AQAAAAE= +PrivateExponent: jKRY6rToay8xyeGq5FZclg8nBubVeiu90mF5yKtUcCW1AEdiwAzyCkhhC+1I3jOgzuY6h8rKYs09HrGKap3/8Q== +Prime1: 8mXlFt4dXw7fPEG/XutzjHcy0GZe9XJkTWm39fvVZ6s= +Prime2: 3SdGMdlT+QzR5kfCkRJ6IT78B4yGeVXrXWgPDlmt0XU= +Exponent1: oNNInlF/En5spkcgs3jG8Nu8HoNiqLnCc/XtHwKF6xc= +Exponent2: M4FLC8tRFOF9LuCNcRYHmh6cSnZpWzQjcZ1uLvmsxp0= +Coefficient: pXldDiEWVr7Z5BTFXunGzpXoX+cs+oW0qit/1uqGv84= diff --git a/contrib/zkt-1.1.2/examples/views/intern/example.net/Kexample.net.+005+57602.key b/contrib/zkt-1.1.2/examples/views/intern/example.net/Kexample.net.+005+57602.key new file mode 100644 index 0000000000..4950d13bb6 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/intern/example.net/Kexample.net.+005+57602.key @@ -0,0 +1,3 @@ +;% generationtime=20101127101704 +;% lifetime=63d +example.net. IN DNSKEY 256 3 5 BQEAAAABp57sZfLQTLH4pU1vFRNfxU7IKonyz/BcaNqh2jywFbz/EzPP jB0M4UOfR7iwChoqiFgatnKg02Qazs+MbD8uyw== diff --git a/contrib/zkt-1.1.2/examples/views/intern/example.net/Kexample.net.+005+57602.private b/contrib/zkt-1.1.2/examples/views/intern/example.net/Kexample.net.+005+57602.private new file mode 100644 index 0000000000..84b54db171 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/intern/example.net/Kexample.net.+005+57602.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: p57sZfLQTLH4pU1vFRNfxU7IKonyz/BcaNqh2jywFbz/EzPPjB0M4UOfR7iwChoqiFgatnKg02Qazs+MbD8uyw== +PublicExponent: AQAAAAE= +PrivateExponent: jGofatbQPs8FyTAJmAWZZF+XzHKd9jhSQaDzrjMBf23DwDuu/GnyF7AcASTdHhzDqPXWkPIulsPDqYsewdLVMQ== +Prime1: 1VB6Wv92Rl/nEGuc9/P+Own4QLbsebgXceG7Eih0Fhk= +Prime2: ySmvvq+Qmh1o7os/4x7BB5/qI0vi4yZqp+OycM3S4IM= +Exponent1: jb0CEguKt/4oCHM5s/aLfSf5KGSNWrKew0CjNFprx8k= +Exponent2: wcyaaYEfMDYy9Hrzka7/L29W97KH+qVm7wZrUfQWoC0= +Coefficient: 0B7KgaK213Z/2VYJ/7hnCZGFlmHoJtYcwV790fwNilY= diff --git a/contrib/zkt-1.1.2/examples/views/intern/example.net/dnskey.db b/contrib/zkt-1.1.2/examples/views/intern/example.net/dnskey.db new file mode 100644 index 0000000000..7076e11658 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/intern/example.net/dnskey.db @@ -0,0 +1,30 @@ +; +; !!! Don't edit this file by hand. +; !!! It will be generated by zkt-signer. +; +; Last generation time Jan 25 2011 20:02:30 +; + +; *** List of Key Signing Keys *** +; example.net. tag=126 algo=RSASHA1 generated Jul 05 2010 09:43:02 +example.net. 14400 IN DNSKEY 257 3 5 ( + BQEAAAABC+JLXRgWPqqGe0cta8CR95tz7PkkgRDlXyxESD+XkpVDkJ3W + ey/1Lh7083Ve1WmIuUAo3N4d7HjLgrFVZxiumGGRz/aV3s01OFFS5JqI + wF9BTNrNPGLPzzbBaQMHErO88HIbbg4sot7e6bSrtpAEf23MhZ3qZJC9 + +nN+DknmsgTE6EpK6ZyUrZc64/0K68EWhtk1gf95NQEzTD4QgrOD6IYq + Lw== + ) ; key id = 126 + +; *** List of Zone Signing Keys *** +; example.net. tag=57602 algo=RSASHA1 generated Jan 25 2011 10:11:21 +example.net. 14400 IN DNSKEY 256 3 5 ( + BQEAAAABp57sZfLQTLH4pU1vFRNfxU7IKonyz/BcaNqh2jywFbz/EzPP + jB0M4UOfR7iwChoqiFgatnKg02Qazs+MbD8uyw== + ) ; key id = 57602 + +; example.net. tag=52235 algo=RSASHA1 generated Jan 25 2011 10:11:21 +example.net. 14400 IN DNSKEY 256 3 5 ( + BQEAAAAB0WcmwbQoLbDFommP0H2zyiHXC1ekz3VMR+zl69pZZb5nLL/j + 66zL43Op/UVNhNlmwqH10QVie/oJf/ag07n8Jw== + ) ; key id = 52235 + diff --git a/contrib/zkt-1.1.2/examples/views/intern/example.net/dsset-example.net. b/contrib/zkt-1.1.2/examples/views/intern/example.net/dsset-example.net. new file mode 100644 index 0000000000..b61c1b6fd5 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/intern/example.net/dsset-example.net. @@ -0,0 +1,2 @@ +example.net. IN DS 126 5 1 D32161DCFCA120944CB9C0394CBED1389FDB72CA +example.net. IN DS 126 5 2 351C6807B25E47223D7A6AA222291E8D7D7DDDA61D64CE839F937F22 47481FC9 diff --git a/contrib/zkt-1.1.2/examples/views/intern/example.net/keyset-example.net. b/contrib/zkt-1.1.2/examples/views/intern/example.net/keyset-example.net. new file mode 100644 index 0000000000..0aa2c7d464 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/intern/example.net/keyset-example.net. @@ -0,0 +1,10 @@ +$ORIGIN . +example.net 7200 IN DNSKEY 257 3 5 ( + BQEAAAABC+JLXRgWPqqGe0cta8CR95tz7Pkk + gRDlXyxESD+XkpVDkJ3Wey/1Lh7083Ve1WmI + uUAo3N4d7HjLgrFVZxiumGGRz/aV3s01OFFS + 5JqIwF9BTNrNPGLPzzbBaQMHErO88HIbbg4s + ot7e6bSrtpAEf23MhZ3qZJC9+nN+DknmsgTE + 6EpK6ZyUrZc64/0K68EWhtk1gf95NQEzTD4Q + grOD6IYqLw== + ) ; key id = 126 diff --git a/contrib/zkt-1.1.2/examples/views/intern/example.net/zone.db b/contrib/zkt-1.1.2/examples/views/intern/example.net/zone.db new file mode 100644 index 0000000000..af4861b5da --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/intern/example.net/zone.db @@ -0,0 +1,33 @@ +;----------------------------------------------------------------- +; +; @(#) intern/example.net/zone.db +; +;----------------------------------------------------------------- + +$TTL 7200 + +@ IN SOA ns1.example.net. hostmaster.example.net. ( + 0 ; Serial + 43200 ; Refresh + 1800 ; Retry + 2W ; Expire + 7200 ) ; Minimum + + IN NS ns1.example.net. + IN NS ns2.example.net. + +ns1 IN A 192.168.1.53 + IN AAAA fd12:063c:cdbb::53 +ns2 IN A 10.1.2.3 + +localhost IN A 127.0.0.1 + +; Delegation to secure zone; The DS resource record will +; be added by dnssec-signzone automatically if the +; keyset-sub.example.net file is present (run dnssec-signzone +; with option -g or use the dnssec-signer tool) ;-) +sub IN NS ns1.example.net. + +; this file will have all the zone keys +$INCLUDE dnskey.db + diff --git a/contrib/zkt-1.1.2/examples/views/intern/example.net/zone.db.signed b/contrib/zkt-1.1.2/examples/views/intern/example.net/zone.db.signed new file mode 100644 index 0000000000..316f1b2989 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/intern/example.net/zone.db.signed @@ -0,0 +1,109 @@ +; File written on Tue Jan 25 20:02:30 2011 +; dnssec_signzone version 9.7.2-P2 +example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. ( + 1295982150 ; serial + 43200 ; refresh (12 hours) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 7200 RRSIG SOA 5 2 7200 20110215180230 ( + 20110125180230 57602 example.net. + G+lTux2CtT0K4DoG9SDhvOHYHecTP+zQAFhx + 21fAFnHrV26q5OEL3XG2MqtFIBRzBVyWOQky + HjA0OrT2h0QMbQ== ) + 7200 NS ns1.example.net. + 7200 NS ns2.example.net. + 7200 RRSIG NS 5 2 7200 20110215180230 ( + 20110125180230 57602 example.net. + jWqP9xbY7F8AtNaHjKaLBKURY9MHkMdwlsv/ + h6Ood+Dktz/Cc2WC6Ce4twTQSPp4fZtIsIfl + Y50zl5acgD3fcA== ) + 7200 NSEC localhost.example.net. NS SOA RRSIG NSEC DNSKEY + 7200 RRSIG NSEC 5 2 7200 20110215180230 ( + 20110125180230 57602 example.net. + lPfwTBz3QYn6NzJPnYzFuwqAskF9AjE65UFQ + aTqwZpQ+puYATzTMbe4Aa7x1fOzMoffZCADV + RwJhuqle8AED1w== ) + 14400 DNSKEY 256 3 5 ( + BQEAAAABp57sZfLQTLH4pU1vFRNfxU7IKony + z/BcaNqh2jywFbz/EzPPjB0M4UOfR7iwChoq + iFgatnKg02Qazs+MbD8uyw== + ) ; key id = 57602 + 14400 DNSKEY 256 3 5 ( + BQEAAAAB0WcmwbQoLbDFommP0H2zyiHXC1ek + z3VMR+zl69pZZb5nLL/j66zL43Op/UVNhNlm + wqH10QVie/oJf/ag07n8Jw== + ) ; key id = 52235 + 14400 DNSKEY 257 3 5 ( + BQEAAAABC+JLXRgWPqqGe0cta8CR95tz7Pkk + gRDlXyxESD+XkpVDkJ3Wey/1Lh7083Ve1WmI + uUAo3N4d7HjLgrFVZxiumGGRz/aV3s01OFFS + 5JqIwF9BTNrNPGLPzzbBaQMHErO88HIbbg4s + ot7e6bSrtpAEf23MhZ3qZJC9+nN+DknmsgTE + 6EpK6ZyUrZc64/0K68EWhtk1gf95NQEzTD4Q + grOD6IYqLw== + ) ; key id = 126 + 14400 RRSIG DNSKEY 5 2 14400 20110215180230 ( + 20110125180230 126 example.net. + BZPPo0GqOxCxCzx78nwK4Qbwj9kAYTyo7mYB + 5wx53cGRn7gD26tw/l12w4Vp5Q4/UCvZ1QCf + pk0xJM4qkd1wfMXQtxmYL/95aHIbrfW4uyE8 + UD7wMjD7ufDTGEc40unLunJ7FEXZ3iLTHdwL + J/moCVAPKq+jQznC0eIcqAoIrSSbTHK4QRZc + s9OLmfm0W3xPAPr14imqExL76r57sILcKFfC + jQ== ) + 14400 RRSIG DNSKEY 5 2 14400 20110215180230 ( + 20110125180230 57602 example.net. + c3xZnvGx3v6Ccjz+o9YbKCFPWDbD+i6Gw/IF + RlxpOD41xQxoDWnqZlmqPu/gc0afQ0IbuJen + BV6v2Q1tnSWtIQ== ) +localhost.example.net. 7200 IN A 127.0.0.1 + 7200 RRSIG A 5 3 7200 20110215180230 ( + 20110125180230 57602 example.net. + DqPVfZUI44qRqPnoTclRf9EKixcqpPv8/3vc + QK2Y6HAj3YBcmVFDD5T6L31mv5ay34psfUu7 + hDJvYtCJFor/lw== ) + 7200 NSEC ns1.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20110215180230 ( + 20110125180230 57602 example.net. + E9k/RxN76Z2eFfHPJTdDcGz/TrthOQDihNoZ + k4bh858HkuPgXgfgdHJ2QL6xwS0oncP4JgqY + gKcmYxPyCqct5g== ) +ns1.example.net. 7200 IN A 192.168.1.53 + 7200 RRSIG A 5 3 7200 20110215180230 ( + 20110125180230 57602 example.net. + ku/0VTBFiNgLoBG9lWRvoJOzuyFUyOColXz2 + ZTtmrZWLPpnFapDsEC2ZOkWhlzpysbuCnZeq + +Tn35JziKPaCnQ== ) + 7200 AAAA fd12:63c:cdbb::53 + 7200 RRSIG AAAA 5 3 7200 20110215180230 ( + 20110125180230 57602 example.net. + ZepJB6jcivMqxfdR+B1qO8ZPsQrH6UmoLKN7 + 3S4X3/UbFEYXbEb/RF6p9Fb7pHPjnSAQyob2 + 2jBPrkol58C8hA== ) + 7200 NSEC ns2.example.net. A AAAA RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20110215180230 ( + 20110125180230 57602 example.net. + Rq2gPDo+xpndSV1TfK7AzWemTd3qtsKDFN+/ + jjmUzilm/2R1E/X7eNpIaF9oOtzPggTms8MJ + dhb5HUcMpe1idQ== ) +ns2.example.net. 7200 IN A 10.1.2.3 + 7200 RRSIG A 5 3 7200 20110215180230 ( + 20110125180230 57602 example.net. + ArSVm6tZqguzW2eVycpq//OvjGjWAy2/nrpv + P2uvavxWKJVdqIIUg3Yyvb5W6h4qUa+u0br4 + Yz213ghrj8exKg== ) + 7200 NSEC sub.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20110215180230 ( + 20110125180230 57602 example.net. + TCmdUAxSnk5oliX8/r9Z8odEHCtUOm87EAqK + 3JNlzlknuhYYvm7HaoEurXqdU4hMnU8h3LbW + W+Lus6YDeEyAtw== ) +sub.example.net. 7200 IN NS ns1.example.net. + 7200 NSEC example.net. NS RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20110215180230 ( + 20110125180230 57602 example.net. + mlIuEvQU5KrqBbP/qoM+tAx+MilvdI5g4X/o + 2w42OZ563C9ki9Q4lxCMQ67BQRKmVLiPZDX9 + U40oapBFIpDYTw== ) diff --git a/contrib/zkt-1.1.2/examples/views/intern/keyset-example.net. b/contrib/zkt-1.1.2/examples/views/intern/keyset-example.net. new file mode 100644 index 0000000000..0aa2c7d464 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/intern/keyset-example.net. @@ -0,0 +1,10 @@ +$ORIGIN . +example.net 7200 IN DNSKEY 257 3 5 ( + BQEAAAABC+JLXRgWPqqGe0cta8CR95tz7Pkk + gRDlXyxESD+XkpVDkJ3Wey/1Lh7083Ve1WmI + uUAo3N4d7HjLgrFVZxiumGGRz/aV3s01OFFS + 5JqIwF9BTNrNPGLPzzbBaQMHErO88HIbbg4s + ot7e6bSrtpAEf23MhZ3qZJC9+nN+DknmsgTE + 6EpK6ZyUrZc64/0K68EWhtk1gf95NQEzTD4Q + grOD6IYqLw== + ) ; key id = 126 diff --git a/contrib/zkt-1.1.2/examples/views/intern/zkt-int.log b/contrib/zkt-1.1.2/examples/views/intern/zkt-int.log new file mode 100644 index 0000000000..d6d4593cd9 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/intern/zkt-int.log @@ -0,0 +1,192 @@ +2008-06-12 18:02:13.593: notice: running as ../../dnssec-signer -V intern -v -v +2008-06-12 18:02:13.594: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:02:13.594: debug: Check RFC5011 status +2008-06-12 18:02:13.595: debug: ->ksk5011status returns 0 +2008-06-12 18:02:13.595: debug: Check ksk status +2008-06-12 18:02:13.595: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727466 sec) +2008-06-12 18:02:13.595: debug: ->waiting for pre-publish key +2008-06-12 18:02:13.595: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h17m46s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:02:13.595: debug: Re-signing necessary: Modified keys +2008-06-12 18:02:13.595: notice: "example.net.": re-signing triggered: Modified keys +2008-06-12 18:02:13.595: debug: Writing key file "intern/example.net./dnskey.db" +2008-06-12 18:02:13.596: debug: Signing zone "example.net." +2008-06-12 18:02:13.596: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private" +2008-06-12 18:02:13.705: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 18:02:13.705: debug: Signing completed after 0s. +2008-06-12 18:02:13.705: debug: +2008-06-12 18:02:13.705: notice: end of run: 0 errors occured +2008-06-12 18:03:13.208: notice: running as ../../dnssec-signer -V intern -r -v -v +2008-06-12 18:03:13.209: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:03:13.209: debug: Check RFC5011 status +2008-06-12 18:03:13.209: debug: ->ksk5011status returns 0 +2008-06-12 18:03:13.209: debug: Check ksk status +2008-06-12 18:03:13.209: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727526 sec) +2008-06-12 18:03:13.209: debug: ->waiting for pre-publish key +2008-06-12 18:03:13.209: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h18m46s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:03:13.209: debug: Re-signing not necessary! +2008-06-12 18:03:13.209: notice: end of run: 0 errors occured +2008-06-12 18:03:19.287: notice: running as ../../dnssec-signer -V intern -r -v -v +2008-06-12 18:03:19.288: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:03:19.288: debug: Check RFC5011 status +2008-06-12 18:03:19.289: debug: ->ksk5011status returns 0 +2008-06-12 18:03:19.289: debug: Check ksk status +2008-06-12 18:03:19.289: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727532 sec) +2008-06-12 18:03:19.289: debug: ->waiting for pre-publish key +2008-06-12 18:03:19.289: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h18m52s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:03:19.289: debug: Re-signing not necessary! +2008-06-12 18:03:19.289: notice: end of run: 0 errors occured +2008-06-12 18:03:23.617: notice: running as ../../dnssec-signer -V intern -f -r -v -v +2008-06-12 18:03:23.618: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:03:23.618: debug: Check RFC5011 status +2008-06-12 18:03:23.618: debug: ->ksk5011status returns 0 +2008-06-12 18:03:23.618: debug: Check ksk status +2008-06-12 18:03:23.618: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727536 sec) +2008-06-12 18:03:23.618: debug: ->waiting for pre-publish key +2008-06-12 18:03:23.618: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h18m56s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:03:23.618: debug: Re-signing necessary: Option -f +2008-06-12 18:03:23.618: notice: "example.net.": re-signing triggered: Option -f +2008-06-12 18:03:23.618: debug: Writing key file "intern/example.net./dnskey.db" +2008-06-12 18:03:23.619: debug: Signing zone "example.net." +2008-06-12 18:03:23.619: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private" +2008-06-12 18:03:23.719: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 18:03:23.719: debug: Signing completed after 0s. +2008-06-12 18:03:23.720: notice: ""example.net." in view "intern"": reload triggered +2008-06-12 18:03:23.772: debug: +2008-06-12 18:03:23.772: notice: end of run: 0 errors occured +2008-06-12 18:05:39.532: notice: running as ../../dnssec-signer -V intern -f -r -v -v +2008-06-12 18:05:39.533: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:05:39.533: debug: Check RFC5011 status +2008-06-12 18:05:39.533: debug: ->ksk5011status returns 0 +2008-06-12 18:05:39.533: debug: Check ksk status +2008-06-12 18:05:39.533: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727672 sec) +2008-06-12 18:05:39.533: debug: ->waiting for pre-publish key +2008-06-12 18:05:39.533: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h21m12s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:05:39.533: debug: Re-signing necessary: Option -f +2008-06-12 18:05:39.533: notice: "example.net.": re-signing triggered: Option -f +2008-06-12 18:05:39.533: debug: Writing key file "intern/example.net./dnskey.db" +2008-06-12 18:05:39.534: debug: Signing zone "example.net." +2008-06-12 18:05:39.534: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private" +2008-06-12 18:05:39.629: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 18:05:39.630: debug: Signing completed after 0s. +2008-06-12 18:05:39.630: notice: ""example.net."": reload triggered +2008-06-12 18:05:39.640: debug: +2008-06-12 18:05:39.640: notice: end of run: 0 errors occured +2008-06-12 18:07:47.753: notice: running as ../../dnssec-signer -V intern -f -r -v -v +2008-06-12 18:07:47.754: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:07:47.754: debug: Check RFC5011 status +2008-06-12 18:07:47.754: debug: ->ksk5011status returns 0 +2008-06-12 18:07:47.754: debug: Check ksk status +2008-06-12 18:07:47.754: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727800 sec) +2008-06-12 18:07:47.754: debug: ->waiting for pre-publish key +2008-06-12 18:07:47.754: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h23m20s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:07:47.754: debug: Re-signing necessary: Option -f +2008-06-12 18:07:47.754: notice: "example.net.": re-signing triggered: Option -f +2008-06-12 18:07:47.754: debug: Writing key file "intern/example.net./dnskey.db" +2008-06-12 18:07:47.754: debug: Signing zone "example.net." +2008-06-12 18:07:47.754: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private" +2008-06-12 18:07:47.856: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 18:07:47.856: debug: Signing completed after 0s. +2008-06-12 18:07:47.856: notice: ""example.net."": reload triggered +2008-06-12 18:07:47.866: debug: +2008-06-12 18:07:47.867: notice: end of run: 0 errors occured +2008-06-12 18:10:57.978: notice: running as ../../dnssec-signer -V intern -f -r -v -v +2008-06-12 18:10:57.978: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:10:57.978: debug: Check RFC5011 status +2008-06-12 18:10:57.978: debug: ->ksk5011status returns 0 +2008-06-12 18:10:57.978: debug: Check ksk status +2008-06-12 18:10:57.978: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727990 sec) +2008-06-12 18:10:57.978: debug: ->waiting for pre-publish key +2008-06-12 18:10:57.978: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h26m30s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:10:57.978: debug: Re-signing necessary: Option -f +2008-06-12 18:10:57.978: notice: "example.net.": re-signing triggered: Option -f +2008-06-12 18:10:57.978: debug: Writing key file "intern/example.net./dnskey.db" +2008-06-12 18:10:57.979: debug: Signing zone "example.net." +2008-06-12 18:10:57.979: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private" +2008-06-12 18:10:58.081: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 18:10:58.081: debug: Signing completed after 1s. +2008-06-12 18:10:58.081: notice: ""example.net." in view "intern"": reload triggered +2008-06-12 18:10:58.093: debug: +2008-06-12 18:10:58.093: notice: end of run: 0 errors occured +2008-06-12 18:13:29.511: notice: running as ../../dnssec-signer -V intern -f -r -v -v +2008-06-12 18:13:29.512: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:13:29.512: debug: Check RFC5011 status +2008-06-12 18:13:29.512: debug: ->ksk5011status returns 0 +2008-06-12 18:13:29.512: debug: Check ksk status +2008-06-12 18:13:29.512: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17728142 sec) +2008-06-12 18:13:29.512: debug: ->waiting for pre-publish key +2008-06-12 18:13:29.512: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h29m2s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:13:29.512: debug: Re-signing necessary: Option -f +2008-06-12 18:13:29.512: notice: "example.net.": re-signing triggered: Option -f +2008-06-12 18:13:29.512: debug: Writing key file "intern/example.net./dnskey.db" +2008-06-12 18:13:29.513: debug: Signing zone "example.net." +2008-06-12 18:13:29.513: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private" +2008-06-12 18:13:29.612: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 18:13:29.612: debug: Signing completed after 0s. +2008-06-12 18:13:29.612: notice: ""example.net." in view "intern"": reload triggered +2008-06-12 18:13:29.612: debug: Reload zone "example.net." in view "intern" +2008-06-12 18:13:29.612: debug: Run cmd "/usr/local/sbin/rndc reload example.net. IN intern" +2008-06-12 18:13:29.623: debug: +2008-06-12 18:13:29.623: notice: end of run: 0 errors occured +2008-06-12 18:13:38.707: notice: running as ../../dnssec-signer -V intern -f -r -v +2008-06-12 18:13:38.708: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:13:38.709: debug: Check RFC5011 status +2008-06-12 18:13:38.709: debug: ->ksk5011status returns 0 +2008-06-12 18:13:38.709: debug: Check ksk status +2008-06-12 18:13:38.709: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17728151 sec) +2008-06-12 18:13:38.709: debug: ->waiting for pre-publish key +2008-06-12 18:13:38.709: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h29m11s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:13:38.709: debug: Re-signing necessary: Option -f +2008-06-12 18:13:38.709: notice: "example.net.": re-signing triggered: Option -f +2008-06-12 18:13:38.709: debug: Writing key file "intern/example.net./dnskey.db" +2008-06-12 18:13:38.710: debug: Signing zone "example.net." +2008-06-12 18:13:38.710: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private" +2008-06-12 18:13:39.163: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 18:13:39.163: debug: Signing completed after 1s. +2008-06-12 18:13:39.163: notice: ""example.net." in view "intern"": reload triggered +2008-06-12 18:13:39.163: debug: Reload zone "example.net." in view "intern" +2008-06-12 18:13:39.163: debug: Run cmd "/usr/local/sbin/rndc reload example.net. IN intern" +2008-06-12 18:13:39.174: debug: +2008-06-12 18:13:39.174: notice: end of run: 0 errors occured +2008-06-12 18:13:43.163: notice: running as ../../dnssec-signer -V intern -f -r -v -v +2008-06-12 18:13:43.164: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:13:43.164: debug: Check RFC5011 status +2008-06-12 18:13:43.164: debug: ->ksk5011status returns 0 +2008-06-12 18:13:43.164: debug: Check ksk status +2008-06-12 18:13:43.164: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17728156 sec) +2008-06-12 18:13:43.164: debug: ->waiting for pre-publish key +2008-06-12 18:13:43.164: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h29m16s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:13:43.164: debug: Re-signing necessary: Option -f +2008-06-12 18:13:43.164: notice: "example.net.": re-signing triggered: Option -f +2008-06-12 18:13:43.164: debug: Writing key file "intern/example.net./dnskey.db" +2008-06-12 18:13:43.164: debug: Signing zone "example.net." +2008-06-12 18:13:43.164: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private" +2008-06-12 18:13:43.262: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 18:13:43.262: debug: Signing completed after 0s. +2008-06-12 18:13:43.262: notice: ""example.net." in view "intern"": reload triggered +2008-06-12 18:13:43.262: debug: Reload zone "example.net." in view "intern" +2008-06-12 18:13:43.262: debug: Run cmd "/usr/local/sbin/rndc reload example.net. IN intern" +2008-06-12 18:13:43.273: debug: +2008-06-12 18:13:43.273: notice: end of run: 0 errors occured +2008-10-03 01:00:38.404: notice: ------------------------------------------------------------ +2008-10-03 01:00:38.404: notice: running ../../dnssec-signer -V intern +2008-10-03 01:00:38.405: debug: parsing zone "example.net" in dir "intern/example.net" +2008-10-03 01:00:38.405: debug: Check RFC5011 status +2008-10-03 01:00:38.405: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-10-03 01:00:38.405: debug: Check KSK status +2008-10-03 01:00:38.405: debug: Check ZSK status +2008-10-03 01:00:38.405: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (5018321 sec) +2008-10-03 01:00:38.405: debug: ->depreciate it +2008-10-03 01:00:38.405: debug: ->activate published key 23375 +2008-10-03 01:00:38.405: notice: "example.net": lifetime of zone signing key 5972 exceeded: ZSK rollover done +2008-10-03 01:00:38.405: debug: New key for publishing needed +2008-10-03 01:00:38.491: debug: ->creating new key 55745 +2008-10-03 01:00:38.492: info: "example.net": new key 55745 generated for publishing +2008-10-03 01:00:38.492: debug: Re-signing necessary: New zone key +2008-10-03 01:00:38.492: notice: "example.net": re-signing triggered: New zone key +2008-10-03 01:00:38.492: debug: Writing key file "intern/example.net/dnskey.db" +2008-10-03 01:00:38.492: debug: Signing zone "example.net" +2008-10-03 01:00:38.492: debug: Run cmd "cd intern/example.net; /usr/local/sbin/dnssec-signzone -g -p -o example.net -e +86400 -N unixtime zone.db K*.private" +2008-10-03 01:00:38.796: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-10-03 01:00:38.796: debug: Signing completed after 0s. +2008-10-03 01:00:38.796: debug: +2008-10-03 01:00:38.796: notice: end of run: 0 errors occured diff --git a/contrib/zkt-1.1.2/examples/views/named.conf b/contrib/zkt-1.1.2/examples/views/named.conf new file mode 100644 index 0000000000..c7034e2f5f --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/named.conf @@ -0,0 +1,97 @@ +/***************************************************************** +** +** #(@) named.conf (c) 6. May 2004 (hoz) +*****************************************************************/ + +/***************************************************************** +** logging options +*****************************************************************/ +logging { + channel "named-log" { + file "named.log"; + print-time yes; + print-category yes; + print-severity yes; + severity info; + }; + category "dnssec" { "named-log"; }; + category "edns-disabled" { "named-log"; }; + category "default" { "named-log"; }; +}; + +/***************************************************************** +** name server options +*****************************************************************/ +options { + directory "."; + + pid-file "named.pid"; + listen-on-v6 port 1053 { any; }; + listen-on port 1053 { any; }; + + empty-zones-enable no; + + port 1053; + query-source address * port 1053; + query-source-v6 address * port 1053; + transfer-source * port 53; + transfer-source-v6 * port 53; + use-alt-transfer-source no; + notify-source * port 53; + notify-source-v6 * port 53; + + recursion yes; + dnssec-enable yes; + dnssec-validation yes; /* required by BIND 9.4.0 */ + dnssec-accept-expired false; /* added since BIND 9.5.0 */ + edns-udp-size 1460; /* (M4) */ + max-udp-size 1460; /* (M5) */ + + # allow-query { localhost; }; /* default in 9.4.0 */ + # allow-query-cache { localhost; }; /* default in 9.4.0 */ + + dnssec-must-be-secure "." no; + + querylog yes; + + stats-server 127.0.0.1 port 8881; /* added since BIND 9.5.0 */ +}; + +/***************************************************************** +** view intern +*****************************************************************/ +view "intern" { + match-clients { 127.0.0.1; ::1; }; + recursion yes; + zone "." in { + type hint; + file "root.hint"; + }; + + zone "0.0.127.in-addr.arpa" in { + type master; + file "127.0.0.zone"; + }; + + zone "example.net" in { + type master; + file "intern/example.net/zone.db.signed"; + }; +}; + +/***************************************************************** +** view extern +*****************************************************************/ +view "extern" { + match-clients { any; }; + recursion no; + zone "." in { + type hint; + file "root.hint"; + }; + + zone "example.net" in { + type master; + file "extern/example.net/zone.db.signed"; + }; +}; diff --git a/contrib/zkt-1.1.2/examples/views/named.log b/contrib/zkt-1.1.2/examples/views/named.log new file mode 100644 index 0000000000..15d5f7b927 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/named.log @@ -0,0 +1,17 @@ +20-Nov-2007 17:12:58.092 general: critical: couldn't open pid file '/var/run/named.pid': Permission denied +20-Nov-2007 17:12:58.092 general: critical: exiting (due to early fatal error) +20-Nov-2007 17:20:24.941 general: critical: couldn't open pid file '/var/run/named.pid': Permission denied +20-Nov-2007 17:20:24.941 general: critical: exiting (due to early fatal error) +20-Nov-2007 17:28:22.686 general: critical: couldn't open pid file '/var/run/named.pid': Permission denied +20-Nov-2007 17:28:22.686 general: critical: exiting (due to early fatal error) +20-Nov-2007 17:40:12.389 general: error: zone 0.0.127.in-addr.arpa/IN/intern: loading from master file 127.0.0.zone failed: file not found +20-Nov-2007 17:40:12.391 general: info: zone example.net/IN/intern: loaded serial 1195574789 (signed) +20-Nov-2007 17:40:12.393 general: info: zone example.net/IN/extern: loaded serial 1195561217 (signed) +20-Nov-2007 17:40:12.393 general: notice: running +20-Nov-2007 17:40:12.393 notify: info: zone example.net/IN/intern: sending notifies (serial 1195574789) +20-Nov-2007 17:40:12.394 notify: info: zone example.net/IN/extern: sending notifies (serial 1195561217) +20-Nov-2007 19:07:04.016 general: info: shutting down +20-Nov-2007 19:07:04.017 network: info: no longer listening on ::#1053 +20-Nov-2007 19:07:04.017 network: info: no longer listening on 127.0.0.1#1053 +20-Nov-2007 19:07:04.017 network: info: no longer listening on 145.253.100.51#1053 +20-Nov-2007 19:07:04.020 general: notice: exiting diff --git a/contrib/zkt-1.1.2/examples/views/root.hint b/contrib/zkt-1.1.2/examples/views/root.hint new file mode 100644 index 0000000000..2b5c167a31 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/root.hint @@ -0,0 +1,45 @@ +; <<>> DiG 9.5.0a6 <<>> ns . @a.root-servers.net +;; global options: printcmd +;; Got answer: +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33355 +;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13 +;; WARNING: recursion requested but not available + +;; QUESTION SECTION: +;. IN NS + +;; ANSWER SECTION: +. 518400 IN NS H.ROOT-SERVERS.NET. +. 518400 IN NS I.ROOT-SERVERS.NET. +. 518400 IN NS J.ROOT-SERVERS.NET. +. 518400 IN NS K.ROOT-SERVERS.NET. +. 518400 IN NS L.ROOT-SERVERS.NET. +. 518400 IN NS M.ROOT-SERVERS.NET. +. 518400 IN NS A.ROOT-SERVERS.NET. +. 518400 IN NS B.ROOT-SERVERS.NET. +. 518400 IN NS C.ROOT-SERVERS.NET. +. 518400 IN NS D.ROOT-SERVERS.NET. +. 518400 IN NS E.ROOT-SERVERS.NET. +. 518400 IN NS F.ROOT-SERVERS.NET. +. 518400 IN NS G.ROOT-SERVERS.NET. + +;; ADDITIONAL SECTION: +A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4 +B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201 +C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12 +D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90 +E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10 +F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241 +G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4 +H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53 +I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17 +J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30 +K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129 +L.ROOT-SERVERS.NET. 3600000 IN A 199.7.83.42 +M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33 + +;; Query time: 114 msec +;; SERVER: 198.41.0.4#53(198.41.0.4) +;; WHEN: Mon Nov 5 07:28:00 2007 +;; MSG SIZE rcvd: 436 + diff --git a/contrib/zkt-1.1.2/examples/views/viewtest.sh b/contrib/zkt-1.1.2/examples/views/viewtest.sh new file mode 100644 index 0000000000..f0a17543ac --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/viewtest.sh @@ -0,0 +1,20 @@ + + +ZKT_CONFFILE=dnssec.conf +export ZKT_CONFFILE + +if true +then + echo "All internal keys:" + ./dnssec-zkt-intern + echo + + echo "All external keys:" + ./dnssec-zkt-extern + echo +fi + +echo "Sign both views" +./dnssec-signer-intern -v -v -f -r +echo +./dnssec-signer-extern -v -v diff --git a/contrib/zkt/examples/zkt-ls.sh b/contrib/zkt-1.1.2/examples/zkt-ls.sh similarity index 100% rename from contrib/zkt/examples/zkt-ls.sh rename to contrib/zkt-1.1.2/examples/zkt-ls.sh diff --git a/contrib/zkt/examples/zkt-signer.sh b/contrib/zkt-1.1.2/examples/zkt-signer.sh similarity index 100% rename from contrib/zkt/examples/zkt-signer.sh rename to contrib/zkt-1.1.2/examples/zkt-signer.sh diff --git a/contrib/zkt/log.c b/contrib/zkt-1.1.2/log.c similarity index 100% rename from contrib/zkt/log.c rename to contrib/zkt-1.1.2/log.c diff --git a/contrib/zkt/log.h b/contrib/zkt-1.1.2/log.h similarity index 100% rename from contrib/zkt/log.h rename to contrib/zkt-1.1.2/log.h diff --git a/contrib/zkt/man/dnssec-zkt.8 b/contrib/zkt-1.1.2/man/dnssec-zkt.8 similarity index 100% rename from contrib/zkt/man/dnssec-zkt.8 rename to contrib/zkt-1.1.2/man/dnssec-zkt.8 diff --git a/contrib/zkt/man/zkt-conf.8 b/contrib/zkt-1.1.2/man/zkt-conf.8 similarity index 100% rename from contrib/zkt/man/zkt-conf.8 rename to contrib/zkt-1.1.2/man/zkt-conf.8 diff --git a/contrib/zkt/man/zkt-conf.8.html b/contrib/zkt-1.1.2/man/zkt-conf.8.html similarity index 100% rename from contrib/zkt/man/zkt-conf.8.html rename to contrib/zkt-1.1.2/man/zkt-conf.8.html diff --git a/contrib/zkt/man/zkt-conf.8.org b/contrib/zkt-1.1.2/man/zkt-conf.8.org similarity index 100% rename from contrib/zkt/man/zkt-conf.8.org rename to contrib/zkt-1.1.2/man/zkt-conf.8.org diff --git a/contrib/zkt/man/zkt-conf.8.pdf b/contrib/zkt-1.1.2/man/zkt-conf.8.pdf similarity index 100% rename from contrib/zkt/man/zkt-conf.8.pdf rename to contrib/zkt-1.1.2/man/zkt-conf.8.pdf diff --git a/contrib/zkt/man/zkt-keyman.8 b/contrib/zkt-1.1.2/man/zkt-keyman.8 similarity index 98% rename from contrib/zkt/man/zkt-keyman.8 rename to contrib/zkt-1.1.2/man/zkt-keyman.8 index 9c0da65673..69093117d1 100644 --- a/contrib/zkt/man/zkt-keyman.8 +++ b/contrib/zkt-1.1.2/man/zkt-keyman.8 @@ -202,7 +202,7 @@ option is specified. .TP .BI \-R " keyid" ", \-\-revoke=" keyid Revoke the key signing key with the given keyid. -A revoked key has bit 8 in the flags filed set (see RFC5011). +A revoked key has bit 8 in the flags field set (see RFC5011). The keyid is the numeric keytag with an optionally added zone name separated by a colon. .TP .BI \-\-rename=" keyid @@ -251,7 +251,7 @@ Use --ksk-rollover for a little more detailed description. .fam T Create a new key signing key for the zone "example.net". Store the key in the same directory below "zonedir" where the other -"example.net" keys live. +"example.net" keys life. .TP .fam C .B "zkt-keyman \-D 123245 \-r . diff --git a/contrib/zkt/man/zkt-keyman.8.html b/contrib/zkt-1.1.2/man/zkt-keyman.8.html similarity index 98% rename from contrib/zkt/man/zkt-keyman.8.html rename to contrib/zkt-1.1.2/man/zkt-keyman.8.html index dc53c9bb9c..fc93304f5a 100644 --- a/contrib/zkt/man/zkt-keyman.8.html +++ b/contrib/zkt-1.1.2/man/zkt-keyman.8.html @@ -1,5 +1,5 @@ - + @@ -223,7 +223,7 @@ The keyfile will be created in the current directory if the keyid, −−revoke=keyid

Revoke the key signing key with -the given keyid. A revoked key has bit 8 in the flags filed +the given keyid. A revoked key has bit 8 in the flags field set (see RFC5011). The keyid is the numeric keytag with an optionally added zone name separated by a colon.

@@ -285,7 +285,7 @@ more detailed description.

Create a new key signing key for the zone "example.net". Store the key in the same directory below "zonedir" where the other -"example.net" keys live.

+"example.net" keys life.

zkt-keyman −D 123245 −r .

diff --git a/contrib/zkt/man/zkt-keyman.8.pdf b/contrib/zkt-1.1.2/man/zkt-keyman.8.pdf similarity index 58% rename from contrib/zkt/man/zkt-keyman.8.pdf rename to contrib/zkt-1.1.2/man/zkt-keyman.8.pdf index 298fc2b429..487803c3fa 100644 Binary files a/contrib/zkt/man/zkt-keyman.8.pdf and b/contrib/zkt-1.1.2/man/zkt-keyman.8.pdf differ diff --git a/contrib/zkt/man/zkt-ls.8 b/contrib/zkt-1.1.2/man/zkt-ls.8 similarity index 93% rename from contrib/zkt/man/zkt-ls.8 rename to contrib/zkt-1.1.2/man/zkt-ls.8 index c4261912e3..8ee00b12ae 100644 --- a/contrib/zkt/man/zkt-ls.8 +++ b/contrib/zkt-1.1.2/man/zkt-ls.8 @@ -45,6 +45,30 @@ zkt\-ls \(em list dnskeys .RI [{ keyfile | dir } .RI "" ... ] +.B zkt\-ls +.B \-M +.RB [ \-V|--view +.IR "view" ] +.RB [ \-c +.IR "file" ] +.RB [ \-l +.IR "list" ] +.RB [ \-dhrz ] +.RI [{ keyfile | dir } +.RI "" ... ] +.br +.B zkt\-ls +.B \-\-list-managedkeys +.RB [ \-V|--view +.IR "view" ] +.RB [ \-c +.IR "file" ] +.RB [ \-l +.IR "list" ] +.RB [ \-dhrz ] +.RI [{ keyfile | dir } +.RI "" ... ] + .B zkt\-ls .B \-K .RB [ \-V|--view @@ -84,8 +108,8 @@ In that mode the use of option may be helpful to find the location of the keyfile in the directory tree. .PP Other forms of the command, print out keys in a format suitable for -a trusted-key section -.RB ( \-T ) +a trusted- or managed-key section +.RB ( \-T or \-M ) or as a DNSKEY .RB ( \-K ) resource record. @@ -161,7 +185,7 @@ Print the key generation time (default is on). Also settable in the dnssec.conf file (Parameter: PrintTime). .TP .B \-h -No header or trusted-key section header and trailer in -T mode +No header or trusted-key resp. managed-key section header and trailer in \-T or \-M mode. .SH COMMAND OPTIONS .TP diff --git a/contrib/zkt/man/zkt-ls.8.html b/contrib/zkt-1.1.2/man/zkt-ls.8.html similarity index 93% rename from contrib/zkt/man/zkt-ls.8.html rename to contrib/zkt-1.1.2/man/zkt-ls.8.html index 0954bda593..e827839920 100644 --- a/contrib/zkt/man/zkt-ls.8.html +++ b/contrib/zkt-1.1.2/man/zkt-ls.8.html @@ -1,5 +1,5 @@ - + @@ -73,6 +73,18 @@ zkt−ls −−list-trustedkeys ...]

+

zkt−ls +−M [−V|--view view] +[−c file] [−l list] +[−dhrz] [{keyfile|dir} +...]
+zkt−ls −−list-managedkeys +[−V|--view view] [−c +file] [−l list] +[−dhrz] [{keyfile|dir} +...]

+ +

zkt−ls −K [−V|--view view] [−c file] [−l list] @@ -101,7 +113,8 @@ keyfile in the directory tree.

Other forms of the command, print out keys in a format suitable for a -trusted-key section (−T) or as a DNSKEY +trusted- or managed-key section +(−Tor−M) or as a DNSKEY (−K) resource record.

GENERAL OPTIONS @@ -228,8 +241,8 @@ PrintTime).

-

No header or trusted-key section header and trailer in --T mode

+

No header or trusted-key resp. managed-key section +header and trailer in −T or −M mode.

COMMAND OPTIONS diff --git a/contrib/zkt-1.1.2/man/zkt-ls.8.pdf b/contrib/zkt-1.1.2/man/zkt-ls.8.pdf new file mode 100644 index 0000000000..ad2a6e9008 Binary files /dev/null and b/contrib/zkt-1.1.2/man/zkt-ls.8.pdf differ diff --git a/contrib/zkt/man/zkt-signer.8 b/contrib/zkt-1.1.2/man/zkt-signer.8 similarity index 94% rename from contrib/zkt/man/zkt-signer.8 rename to contrib/zkt-1.1.2/man/zkt-signer.8 index 06de826df8..d182c2b59a 100644 --- a/contrib/zkt/man/zkt-signer.8 +++ b/contrib/zkt-1.1.2/man/zkt-signer.8 @@ -1,4 +1,4 @@ -.TH zkt-signer 8 "Feb 2, 2010" "ZKT 1.0" "" +.TH zkt-signer 8 "Nov 27, 2010" "ZKT 1.1" "" \" turn off hyphenation .\" if n .nh .nh @@ -8,12 +8,14 @@ zkt-signer \(em Secure DNS zone signing tool .SH SYNOPSYS .na .B zkt-signer -.RB [ \-L|--logfile +.RB [ \-L .IR "file" ] -.RB [ \-V|--view +.RB [ \-V .IR "view" ] .RB [ \-c .IR "file" ] +.RB [ \-O +.IR "optstr" ] .RB [ \-fhnr ] .RB [ \-v .RB [ \-v ]] @@ -23,12 +25,14 @@ zkt-signer \(em Secure DNS zone signing tool .RI "" ... ] .br .B zkt-signer -.RB [ \-L|--logfile +.RB [ \-L .IR "file" ] -.RB [ \-V|--view +.RB [ \-V .IR "view" ] .RB [ \-c .IR "file" ] +.RB [ \-O +.IR "optstr" ] .RB [ \-fhnr ] .RB [ \-v .RB [ \-v ]] @@ -38,12 +42,14 @@ zkt-signer \(em Secure DNS zone signing tool .RI "" ... ] .br .B zkt-signer -.RB [ \-L|--logfile +.RB [ \-L .IR "file" ] -.RB [ \-V|--view +.RB [ \-V .IR "view" ] .RB [ \-c .IR "file" ] +.RB [ \-O +.IR "optstr" ] .RB [ \-fhnr ] .RB [ \-v .RB [ \-v ]] @@ -78,6 +84,7 @@ If you have a configuration file with views, you have to use option Alternately you could link the executable file to a second name like .I zkt-signer-viewname and use that command to specify the name of the view. +.br All master zone statements will be scanned for filenames ending with ".signed". These zones will be checked if the necessary zone- and key signing keys @@ -108,30 +115,22 @@ Every secure zone found in a subdirectory below will be signed. However, it is also possible to reduce the signing to those zones given as arguments. -.ig -In directory mode the pre-requisite is, that the directory name is -exactly (including the trailing dot) the same as the zone name. -.. -.PP -In the last form of the command, the functionality is more or less the same -as the -.I dnssec-signzone (8) -command. -The parameter specifies the zone file name and the option -.B \-o -takes the name of the zone. -.PP -If neither +.br +If +.B \-D +is ommitted (and neither .B \-N nor -.B \-D -nor -.B \-o -is given, then the default directory specified in the +.BI \-o origin +is specified) the default directory specified in the .I dnssec.conf file by the parameter .I zonedir will be used as top level directory. +.ig +In directory mode the pre-requisite is, that the directory name is +exactly (including the trailing dot) the same as the zone name. +.. .SH OPTIONS .TP @@ -262,7 +261,7 @@ files. .TP .fam C .B "zkt-signer \-\-config-option='ResignInterval 1d; Sigvalidity 28h; \e -.B ZSK_lifetime 2d;' \-v \-v \-o example.net. zone.db +.B ZSKlifetime 2d;' \-v \-v \-o example.net. zone.db .fam T .br Sign the example.net zone but override some config file values with parameters @@ -278,7 +277,7 @@ Besides the zone file .RI ( zone.db ), there is a signed zone file .RI ( zone.db.signed), -a minimum of four files containing the keying material, +a minimum of four files containing the key material, a file called .I dnskey.db with the current used keys, @@ -314,7 +313,7 @@ The filename is the name of the zone file with the extension .IR .signed . Create an empty file with the name -.IB zonefile .signed +.IB zone.db .signed in the zone directory. .TP Include the keyfile in the zone. @@ -354,7 +353,8 @@ must be formated, so that the serial number is on a single line and left justified in a field of at least 10 spaces! .if t \{\ .fam C -.fi 0 +.\"fi 0 +.nf @ IN SOA ns1.example.net. hostmaster.example.net. ( 60 ; Serial 43200 ; Refresh @@ -366,7 +366,7 @@ left justified in a field of at least 10 spaces! .\} If you use BIND version 9.4 or later and use the unixtime format for the serial number (which is the default since ZKT-1.0) -than this is not necessary. +this is not necessary. See also the parameter Serialformat in .IR dnssec.conf . .TP @@ -389,7 +389,7 @@ Then try to load the file on the name server. .SH ENVIRONMENT VARIABLES .TP ZKT_CONFFILE -Specifies the name of the default global configuration files. +Specifies the name of the default global configuration file. .SH FILES .TP diff --git a/contrib/zkt/man/zkt-signer.8.html b/contrib/zkt-1.1.2/man/zkt-signer.8.html similarity index 83% rename from contrib/zkt/man/zkt-signer.8.html rename to contrib/zkt-1.1.2/man/zkt-signer.8.html index 72dbd8657e..95e82e8817 100644 --- a/contrib/zkt/man/zkt-signer.8.html +++ b/contrib/zkt-1.1.2/man/zkt-signer.8.html @@ -1,5 +1,5 @@ - + @@ -45,21 +45,21 @@

zkt-signer -[−L|--logfile file] -[−V|--view view] [−c -file] [−fhnr] [−v +[−L file] [−V view] +[−c file] [−O +optstr] [−fhnr] [−v [−v]] −N named.conf [zone ...]
-zkt-signer [−L|--logfile file] -[−V|--view view] [−c -file] [−fhnr] [−v -[−v]] [−D directory] -[zone ...]
-zkt-signer [−L|--logfile file] -[−V|--view view] [−c -file] [−fhnr] [−v -[−v]] −o origin -[zonefile]

+zkt-signer [−L file] +[−V view] [−c file] +[−O optstr] [−fhnr] +[−v [−v]] [−D +directory] [zone ...]
+zkt-signer [−L file] +[−V view] [−c file] +[−O optstr] [−fhnr] +[−v [−v]] −o +origin [zonefile]

DESCRIPTION @@ -84,15 +84,16 @@ with views, you have to use option -V viewname or --view viewname to specify the name of the view. Alternately you could link the executable file to a second name like zkt-signer-viewname and use that command to specify -the name of the view. All master zone statements will be -scanned for filenames ending with ".signed". These -zones will be checked if the necessary zone- and key signing -keys are existent and fresh enough to be used in the signing -process. If one or more out-dated keys are found, new keying -material will be generated via the dnssec-keygen(8) -command and the old keys will be marked as depreciated. So -the command do anything needed for a zone key rollover as -defined by [2].

+the name of the view.
+All master zone statements will be scanned for filenames +ending with ".signed". These zones will be checked +if the necessary zone- and key signing keys are existent and +fresh enough to be used in the signing process. If one or +more out-dated keys are found, new keying material will be +generated via the dnssec-keygen(8) command and the +old keys will be marked as depreciated. So the command do +anything needed for a zone key rollover as defined by +[2].

If the resigning interval is reached or any new key must be @@ -107,19 +108,12 @@ form of the command it is possible to specify a directory tree with the option −D dir. Every secure zone found in a subdirectory below dir will be signed. However, it is also possible to reduce the signing -to those zones given as arguments.

- -

In the last -form of the command, the functionality is more or less the -same as the dnssec-signzone (8) command. The -parameter specifies the zone file name and the option -−o takes the name of the zone.

- -

If neither -−N nor −D nor −o is -given, then the default directory specified in the -dnssec.conf file by the parameter zonedir will -be used as top level directory.

+to those zones given as arguments.
+If −D is ommitted (and neither −N +nor −oorigin is specified) the default +directory specified in the dnssec.conf file by the +parameter zonedir will be used as top level +directory.

OPTIONS @@ -252,7 +246,7 @@ directory containing the example.net files.

−−config-option=’ResignInterval 1d; Sigvalidity 28h; \

-

ZSK_lifetime 2d;’ +

ZSKlifetime 2d;’ −v −v −o example.net. zone.db
Sign the example.net zone but override some config file values with parameters given on the commandline.

@@ -269,7 +263,7 @@ separate directory for every secure zone.

are many additional files needed to secure a zone. Besides the zone file (zone.db), there is a signed zone file (zone.db.signed), a minimum of four files containing -the keying material, a file called dnskey.db with the +the key material, a file called dnskey.db with the current used keys, and the dsset- and keyset-files created by the dnssec-signzone(8) command. So in summary there is a minimum of nine files used @@ -298,7 +292,7 @@ zonefile to the named.conf file

The filename is the name of the zone file with the extension .signed. Create an empty -file with the name zonefile.signed in the zone +file with the name zone.db.signed in the zone directory.

Include the keyfile in the diff --git a/contrib/zkt-1.1.2/man/zkt-signer.8.pdf b/contrib/zkt-1.1.2/man/zkt-signer.8.pdf new file mode 100644 index 0000000000..42fa33424b Binary files /dev/null and b/contrib/zkt-1.1.2/man/zkt-signer.8.pdf differ diff --git a/contrib/zkt/misc.c b/contrib/zkt-1.1.2/misc.c similarity index 100% rename from contrib/zkt/misc.c rename to contrib/zkt-1.1.2/misc.c diff --git a/contrib/zkt/misc.h b/contrib/zkt-1.1.2/misc.h similarity index 100% rename from contrib/zkt/misc.h rename to contrib/zkt-1.1.2/misc.h diff --git a/contrib/zkt/ncparse.c b/contrib/zkt-1.1.2/ncparse.c similarity index 100% rename from contrib/zkt/ncparse.c rename to contrib/zkt-1.1.2/ncparse.c diff --git a/contrib/zkt/ncparse.h b/contrib/zkt-1.1.2/ncparse.h similarity index 100% rename from contrib/zkt/ncparse.h rename to contrib/zkt-1.1.2/ncparse.h diff --git a/contrib/zkt/nscomm.c b/contrib/zkt-1.1.2/nscomm.c similarity index 100% rename from contrib/zkt/nscomm.c rename to contrib/zkt-1.1.2/nscomm.c diff --git a/contrib/zkt/nscomm.h b/contrib/zkt-1.1.2/nscomm.h similarity index 100% rename from contrib/zkt/nscomm.h rename to contrib/zkt-1.1.2/nscomm.h diff --git a/contrib/zkt/rollover.c b/contrib/zkt-1.1.2/rollover.c similarity index 84% rename from contrib/zkt/rollover.c rename to contrib/zkt-1.1.2/rollover.c index 88d7e0f813..0899ec356d 100644 --- a/contrib/zkt/rollover.c +++ b/contrib/zkt-1.1.2/rollover.c @@ -62,40 +62,63 @@ ** local function definition *****************************************************************/ -static dki_t *genkey (dki_t **listp, const char *dir, const char *domain, int ksk, const zconf_t *conf, int status) +static dki_t *genkey (int addkey, dki_t **listp, const char *dir, const char *domain, int ksk, const zconf_t *conf, int status); + +/* generate the first (or primary) key (algorithm k_algo) */ +static dki_t *genfirstkey (dki_t **listp, const char *dir, const char *domain, int ksk, const zconf_t *conf, int status) +{ + return genkey (0, listp, dir, domain, ksk, conf, status); +} + +/* generate the additional (or second) key (algorithm k2_algo) */ +static dki_t *genaddkey (dki_t **listp, const char *dir, const char *domain, int ksk, const zconf_t *conf, int status) +{ + return genkey (1, listp, dir, domain, ksk, conf, status); +} + + +/* generate a DNSKEY key */ +static dki_t *genkey (int addkey, dki_t **listp, const char *dir, const char *domain, int ksk, const zconf_t *conf, int status) { dki_t *dkp; + int confalgo; + int algo; +#if 0 if ( listp == NULL || domain == NULL ) return NULL; +#else + assert ( listp != NULL ); + assert ( domain != NULL ); +#endif + + if ( addkey ) /* generating an additional key ? */ + confalgo = conf->k2_algo; + else + confalgo = conf->k_algo; + + algo = confalgo; +#if defined(BIND_VERSION) && BIND_VERSION >= 960 + if ( conf->nsec3 != NSEC3_OFF ) /* is nsec3 turned on ? */ + { + if ( confalgo == DK_ALGO_RSASHA1 ) + algo = DK_ALGO_NSEC3RSASHA1; + else if ( confalgo == DK_ALGO_DSA ) + algo = DK_ALGO_NSEC3DSA; + } +#endif if ( ksk ) - dkp = dki_new (dir, domain, DKI_KSK, conf->k_algo, conf->k_bits, conf->k_random, conf->k_life / DAYSEC); + dkp = dki_new (dir, domain, DKI_KSK, algo, conf->k_bits, conf->k_random, conf->k_life / DAYSEC); else - dkp = dki_new (dir, domain, DKI_ZSK, conf->k_algo, conf->z_bits, conf->z_random, conf->z_life / DAYSEC); - dki_add (listp, dkp); - dki_setstatus (dkp, status); - - return dkp; -} - -static dki_t *genkey2 (dki_t **listp, const char *dir, const char *domain, int ksk, const zconf_t *conf, int status) -{ - dki_t *dkp; - - if ( listp == NULL || domain == NULL ) - return NULL; - - if ( ksk ) - dkp = dki_new (dir, domain, DKI_KSK, conf->k2_algo, conf->k_bits, conf->k_random, conf->k_life / DAYSEC); - else - dkp = dki_new (dir, domain, DKI_ZSK, conf->k2_algo, conf->z_bits, conf->z_random, conf->z_life / DAYSEC); + dkp = dki_new (dir, domain, DKI_ZSK, algo, conf->z_bits, conf->z_random, conf->z_life / DAYSEC); dki_add (listp, dkp); dki_setstatus (dkp, status); return dkp; } +/* get expiration time */ static time_t get_exptime (dki_t *key, const zconf_t *z) { time_t exptime; @@ -257,7 +280,7 @@ static int kskrollover (dki_t *ksk, zone_t *zonelist, zone_t *zp) { verbmesg (2, z, "\t\tkskrollover: create new key signing key\n"); /* create a new key: this is phase one of a double signing key rollover */ - ksk = genkey (&zp->keys, zp->dir, zp->zone, DKI_KSK, z, DKI_ACTIVE); + ksk = genfirstkey (&zp->keys, zp->dir, zp->zone, DKI_KSK, z, DKI_ACTIVE); if ( ksk == NULL ) { lg_mesg (LG_ERROR, "\"%s\": unable to generate new ksk for double signing rollover", zp->zone); @@ -434,7 +457,7 @@ int ksk5011status (dki_t **listp, const char *dir, const char *domain, const zco verbmesg (1, z, "\tLifetime of Key Signing Key %d exceeded (%s): Starting rfc5011 rollover!\n", activekey->tag, str_delspace (age2str (dki_age (activekey, currtime)))); verbmesg (2, z, "\t\t=>Generating new standby key signing key\n"); - dkp = genkey (listp, dir, domain, DKI_KSK, z, DKI_PUBLISHED); /* gentime == now; lifetime = z->k_life; exp = 0 */ + dkp = genfirstkey (listp, dir, domain, DKI_KSK, z, DKI_PUBLISHED); /* gentime == now; lifetime = z->k_life; exp = 0 */ if ( !dkp ) { error ("\tcould not generate new standby KSK\n"); @@ -484,7 +507,7 @@ int kskstatus (zone_t *zonelist, zone_t *zp) if ( akey == NULL ) { verbmesg (1, z, "\tNo active KSK found: generate new one\n"); - akey = genkey (&zp->keys, zp->dir, zp->zone, DKI_KSK, z, DKI_ACTIVE); + akey = genfirstkey (&zp->keys, zp->dir, zp->zone, DKI_KSK, z, DKI_ACTIVE); if ( !akey ) { error ("\tcould not generate new KSK\n"); @@ -506,7 +529,7 @@ int kskstatus (zone_t *zonelist, zone_t *zp) if ( akey == NULL ) { verbmesg (1, z, "\tNo active KSK for additional algorithm found: generate new one\n"); - akey = genkey2 (&zp->keys, zp->dir, zp->zone, DKI_KSK, z, DKI_ACTIVE); + akey = genaddkey (&zp->keys, zp->dir, zp->zone, DKI_KSK, z, DKI_ACTIVE); if ( !akey ) { error ("\tcould not generate new KSK for additional algorithm\n"); @@ -584,8 +607,14 @@ int zskstatus (dki_t **listp, const char *dir, const char *domain, const zconf_t if ( akey == NULL && lifetime > 0 ) /* no active key found */ { verbmesg (1, z, "\tNo active ZSK found: generate new one\n"); - akey = genkey (listp, dir, domain, DKI_ZSK, z, DKI_ACTIVE); - lg_mesg (LG_INFO, "\"%s\": generated new ZSK %d", domain, akey->tag); + akey = genfirstkey (listp, dir, domain, DKI_ZSK, z, DKI_ACTIVE); + if ( !akey ) + { + error ("\tcould not generate new ZSK\n"); + lg_mesg (LG_ERROR, "\%s\": can't generate new ZSK", domain); + } + else + lg_mesg (LG_INFO, "\"%s\": generated new ZSK %d", domain, akey->tag); } else /* active key exist */ { @@ -626,29 +655,54 @@ int zskstatus (dki_t **listp, const char *dir, const char *domain, const zconf_t } } } - /* Should we add a new publish key? This is necessary if the active - * key will be expired at the next re-signing interval (The published - * time will be checked just before the active key will be removed. - * See above). - */ - nextkey = (dki_t *)dki_findalgo (*listp, DKI_ZSK, z->k_algo, 'p', 1); - if ( nextkey == NULL && lifetime > 0 && (akey == NULL || - dki_age (akey, currtime + z->resign) > lifetime - (OFFSET)) ) - { - keychange = 1; - verbmesg (1, z, "\tNew key for publishing needed\n"); - nextkey = genkey (listp, dir, domain, DKI_ZSK, z, DKI_PUB); - if ( nextkey ) + /* Should we add a new publish key? */ + nextkey = (dki_t *)dki_findalgo (*listp, DKI_ZSK, z->k_algo, 'p', 1); /* is there a published ZSK? */ +#if defined(ALLOW_ALWAYS_PREPUBLISH_ZSK) && ALLOW_ALWAYS_PREPUBLISH_ZSK + if ( z->z_always ) /* always add a pre-publish ZSK (patch from Hrant Dadivanyan) */ + { + if ( nextkey == NULL ) { - verbmesg (1, z, "\t\t->creating new key %d\n", nextkey->tag); - lg_mesg (LG_INFO, "\"%s\": new key %d generated for publishing", domain, nextkey->tag); + verbmesg (1, z, "\tNew key for pre-publishing needed\n"); + nextkey = genfirstkey (listp, dir, domain, DKI_ZSK, z, DKI_PUB); + if ( nextkey ) + { + keychange = 1; + verbmesg (1, z, "\t\t->creating new key %d\n", nextkey->tag); + lg_mesg (LG_INFO, "\"%s\": new key %d generated for pre-publishing", domain, nextkey->tag); + } + else + { + error ("\tcould not generate new ZSK: \"%s\"\n", dki_geterrstr()); + lg_mesg (LG_ERROR, "\"%s\": can't generate new ZSK: \"%s\"", + domain, dki_geterrstr()); + } } - else + } + else /* do we need a new ZSK ? */ +#endif + { + /* This is necessary if the active key will be expired at the + * next re-signing interval (The published time will be checked + * just before the active key will be removed. See above). + */ + if ( nextkey == NULL && lifetime > 0 && (akey == NULL || + dki_age (akey, currtime + z->resign) > lifetime - (OFFSET)) ) { - error ("\tcould not generate new ZSK: \"%s\"\n", dki_geterrstr()); - lg_mesg (LG_ERROR, "\"%s\": can't generate new ZSK: \"%s\"", - domain, dki_geterrstr()); + verbmesg (1, z, "\tNew ZSK for publishing needed\n"); + nextkey = genfirstkey (listp, dir, domain, DKI_ZSK, z, DKI_PUB); + if ( nextkey ) + { + keychange = 1; + verbmesg (1, z, "\t\t->creating new key %d\n", nextkey->tag); + lg_mesg (LG_INFO, "\"%s\": new zone signing key %d generated for publishing", domain, nextkey->tag); + } + else + { + error ("\tcould not generate new ZSK: \"%s\"\n", dki_geterrstr()); + lg_mesg (LG_ERROR, "\"%s\": can't generate new ZSK: \"%s\"", + domain, dki_geterrstr()); + } } } @@ -660,7 +714,7 @@ int zskstatus (dki_t **listp, const char *dir, const char *domain, const zconf_t if ( akey == NULL ) { verbmesg (1, z, "\tNo active ZSK for second algorithm found: generate new one\n"); - akey = genkey2 (listp, dir, domain, DKI_ZSK, z, DKI_ACTIVE); + akey = genaddkey (listp, dir, domain, DKI_ZSK, z, DKI_ACTIVE); if ( !akey ) { error ("\tcould not generate new ZSK for 2nd algorithm\n"); diff --git a/contrib/zkt/rollover.h b/contrib/zkt-1.1.2/rollover.h similarity index 96% rename from contrib/zkt/rollover.h rename to contrib/zkt-1.1.2/rollover.h index ef9c609433..9bd3c9097b 100644 --- a/contrib/zkt/rollover.h +++ b/contrib/zkt-1.1.2/rollover.h @@ -47,11 +47,7 @@ # define OFFSET ((int) (2.5 * MINSEC)) # define PARENT_PROPAGATION (5 * MINSEC) # define ADD_HOLD_DOWN (30 * DAYSEC) -#if 0 # define REMOVE_HOLD_DOWN (30 * DAYSEC) -#else -# define REMOVE_HOLD_DOWN (10 * DAYSEC) /* reduced for testiing purposes */ -#endif extern int ksk5011status (dki_t **listp, const char *dir, const char *domain, const zconf_t *z); extern int kskstatus (zone_t *zonelist, zone_t *zp); diff --git a/contrib/zkt/soaserial.c b/contrib/zkt-1.1.2/soaserial.c similarity index 75% rename from contrib/zkt/soaserial.c rename to contrib/zkt-1.1.2/soaserial.c index 0f6eb2196e..45e186f06b 100644 --- a/contrib/zkt/soaserial.c +++ b/contrib/zkt-1.1.2/soaserial.c @@ -44,7 +44,7 @@ # include # include #ifdef HAVE_CONFIG_H -# include +# include "config.h" #endif # include "config_zkt.h" # include "zconf.h" @@ -79,12 +79,15 @@ static const char *strfindstr (const char *str, const char *search); ** of at least 10 characters like this: ** 1 ; Serial ** +** Since ZKT 1.1.0 single line SOA records are also supported +** ****************************************************************/ int inc_serial (const char *fname, int use_unixtime) { FILE *fp; char buf[4095+1]; int error; + int serial_pos; /** since BIND 9.4, there is a dnssec-signzone option available for @@ -99,22 +102,32 @@ int inc_serial (const char *fname, int use_unixtime) return -1; /* read until the line matches the beginning of a soa record ... */ - while ( fgets (buf, sizeof buf, fp) && !is_soa_rr (buf) ) - ; + while ( fgets (buf, sizeof buf, fp) ) + { + dbg_val ("inc_serial() checking line for SOA RR \"%s\"\n", buf); + serial_pos = is_soa_rr (buf); + if ( serial_pos ) /* SOA record found ? */ + break; + } if ( feof (fp) ) { fclose (fp); return -2; } + dbg_val ("serial_pos = %d\n", serial_pos); + if (serial_pos > 1 ) /* if we found a single line SOA RR */ + fseek (fp, -(long)serial_pos, SEEK_CUR); /* go back to the beginning of the line */ error = inc_soa_serial (fp, use_unixtime); /* .. inc soa serial no ... */ + dbg_val ("inc_soa_serial() returns %d\n", error); - if ( fclose (fp) != 0 ) + if ( fclose (fp) != 0 ) /* close the zone file in any case */ return -5; return error; } +#if 0 /***************************************************************** ** check if line is the beginning of a SOA RR record, thus ** containing the string "IN .* SOA" and ends with a '(' @@ -126,17 +139,65 @@ static int is_soa_rr (const char *line) assert ( line != NULL ); - if ( (p = strfindstr (line, "IN")) && strfindstr (p+2, "SOA") ) /* line contains "IN" and "SOA" */ + /* line contains "IN" and "SOA" */ + if ( (p = strfindstr (line, "IN")) && strfindstr (p+2, "SOA") ) { p = line + strlen (line) - 1; while ( p > line && isspace (*p) ) p--; - if ( *p == '(' ) /* last character have to be a '(' to start a multi line record */ + if ( *p == '(' ) /* last character must be a '(' to start a multi line record */ return 1; } return 0; } +#else +/***************************************************************** +** +** check if line is the beginning of a SOA RR record, thus +** containing the string "IN .* SOA" and ends with a '(' +** (multiline record) or is a single line record. +** +** returns 1 if it is a multi line record (for compability to +** the old function) or the position of the serial number +** field counted from the end of the line +** +*****************************************************************/ +static int is_soa_rr (const char *line) +{ + const char *p; + const char *soa_p; + + assert ( line != NULL ); + + /* line contains "IN" and "SOA" ? */ + if ( (p = strfindstr (line, "IN")) && (soa_p = strfindstr (p+2, "SOA")) ) + { + int len = strlen (line); + + /* check for multiline record */ + p = line + len - 1; + while ( p > line && isspace (*p) ) + p--; + if ( *p == '(' ) /* last character must be a '(' to start a multi line record */ + return 1; + + /* line is single line record */ + p = soa_p + 3; /* start just behind the SOA string */ + dbg_val1 ("p = \"%s\"\n", p); + p += strspn (p, " \t"); /* skip white space */ + p += strcspn (p, " \t"); /* skip primary master */ + p += strspn (p, " \t"); /* skip white space */ + p += strcspn (p, " \t"); /* skip mail address */ + dbg_val1 ("p = \"%s\"\n", p); + + dbg_val1 ("is_soa_rr returns = %d\n", (line+len) - p); + return (line+len) - p; /* position of serial nr from the end of the line */ + } + + return 0; +} +#endif /***************************************************************** ** Find string 'search' in 'str' and ignore case in comparison. @@ -185,6 +246,7 @@ static ulong serialtime (time_t sec) ** inc_soa_serial (fp, use_unixtime) ** increment the soa serial number of the file 'fp' ** 'fp' must be opened "r+" +** returns 0 on success or a negative value in case of an error *****************************************************************/ static int inc_soa_serial (FILE *fp, int use_unixtime) { @@ -194,7 +256,7 @@ static int inc_soa_serial (FILE *fp, int use_unixtime) int digits; ulong today; - /* move forward until any non ws reached */ + /* move forward until any non ws is reached */ while ( (c = getc (fp)) != EOF && isspace (c) ) ; ungetc (c, fp); /* push back the last char */ @@ -223,7 +285,7 @@ static int inc_soa_serial (FILE *fp, int use_unixtime) fseek (fp, pos, SEEK_SET); /* go back to the beginning */ fprintf (fp, "%-*lu", digits, serial); /* write as many chars as before */ - return 1; /* yep! */ + return 0; /* yep! */ } /***************************************************************** @@ -256,9 +318,10 @@ main (int argc, char *argv[]) now = serialtime (now); printf ("now = %lu\n", now); - if ( (err = inc_serial (argv[1], 0)) <= 0 ) + if ( (err = inc_serial (argv[1], 0)) < 0 ) { - error ("can't change serial errno=%d\n", err); + fprintf (stderr, "can't change serial no: errno=%d %s\n", + err, inc_errstr (err)); exit (1); } diff --git a/contrib/zkt/soaserial.h b/contrib/zkt-1.1.2/soaserial.h similarity index 100% rename from contrib/zkt/soaserial.h rename to contrib/zkt-1.1.2/soaserial.h diff --git a/contrib/zkt/strlist.c b/contrib/zkt-1.1.2/strlist.c similarity index 100% rename from contrib/zkt/strlist.c rename to contrib/zkt-1.1.2/strlist.c diff --git a/contrib/zkt/strlist.h b/contrib/zkt-1.1.2/strlist.h similarity index 100% rename from contrib/zkt/strlist.h rename to contrib/zkt-1.1.2/strlist.h diff --git a/contrib/zkt/tags b/contrib/zkt-1.1.2/tags similarity index 94% rename from contrib/zkt/tags rename to contrib/zkt-1.1.2/tags index fa2d67aecf..f676c06ea3 100644 --- a/contrib/zkt/tags +++ b/contrib/zkt-1.1.2/tags @@ -21,10 +21,10 @@ ISDELIM zconf.c 70;" d file: ISTRUE zconf.c 66;" d file: KEYGEN_COMPMODE dki.c 231;" d file: KEYGEN_COMPMODE dki.c 233;" d file: -KEYSET_FILE_PFX zkt-signer.c 747;" d file: +KEYSET_FILE_PFX zkt-signer.c 748;" d file: KeyWords ncparse.c /^static struct KeyWords {$/;" s file: MAXFNAME log.c 98;" d file: -STRCONFIG_DELIMITER zconf.c 632;" d file: +STRCONFIG_DELIMITER zconf.c 677;" d file: TAINTEDCHARS misc.c 60;" d file: TOK_DELEGATION ncparse.c 59;" d file: TOK_DIR ncparse.c 49;" d file: @@ -70,6 +70,7 @@ create_parent_file zkt-keyman.c /^static int create_parent_file (const char *fna createkey zkt-keyman.c /^static void createkey (const char *keyname, const dki_t *list, const zconf_t *conf)$/;" f file: ctype_t zconf.c /^} ctype_t;$/;" t typeref:enum:__anon2 file: def zconf.c /^static zconf_t def = {$/;" v file: +desc zconf.c /^ const char *desc;$/;" m struct:__anon3 file: dirflag zkt-keyman.c /^static int dirflag = 0;$/;" v file: dirflag zkt-ls.c /^static int dirflag = 0;$/;" v file: dirname zkt-signer.c /^static const char *dirname = NULL;$/;" v file: @@ -105,6 +106,7 @@ dki_prt_comment dki.c /^int dki_prt_comment (const dki_t *dkp, FILE *fp)$/;" f dki_prt_dnskey dki.c /^int dki_prt_dnskey (const dki_t *dkp, FILE *fp)$/;" f dki_prt_dnskey_raw dki.c /^int dki_prt_dnskey_raw (const dki_t *dkp, FILE *fp)$/;" f dki_prt_dnskeyttl dki.c /^int dki_prt_dnskeyttl (const dki_t *dkp, FILE *fp, int ttl)$/;" f +dki_prt_managedkey dki.c /^int dki_prt_managedkey (const dki_t *dkp, FILE *fp)$/;" f dki_prt_trustedkey dki.c /^int dki_prt_trustedkey (const dki_t *dkp, FILE *fp)$/;" f dki_read dki.c /^dki_t *dki_read (const char *dirname, const char *filename)$/;" f dki_readdir dki.c /^int dki_readdir (const char *dir, dki_t **listp, int recursive)$/;" f @@ -159,8 +161,8 @@ extern tcap.c 31;" d file: extern tcap.c 33;" d file: extern zconf.c 61;" d file: extern zconf.c 63;" d file: -extern zfparse.c 58;" d file: -extern zfparse.c 60;" d file: +extern zfparse.c 51;" d file: +extern zfparse.c 53;" d file: extern zkt.c 49;" d file: extern zkt.c 51;" d file: extern zone.c 53;" d file: @@ -173,8 +175,9 @@ filesize misc.c /^size_t filesize (const char *name)$/;" f first zconf.c 74;" d file: force zkt-signer.c /^static int force = 0;$/;" v file: freeconfig zconf.c /^zconf_t *freeconfig (zconf_t *conf)$/;" f -genkey rollover.c /^static dki_t *genkey (dki_t **listp, const char *dir, const char *domain, int ksk, const zconf_t *conf, int status)$/;" f file: -genkey2 rollover.c /^static dki_t *genkey2 (dki_t **listp, const char *dir, const char *domain, int ksk, const zconf_t *conf, int status)$/;" f file: +genaddkey rollover.c /^static dki_t *genaddkey (dki_t **listp, const char *dir, const char *domain, int ksk, const zconf_t *conf, int status)$/;" f file: +genfirstkey rollover.c /^static dki_t *genfirstkey (dki_t **listp, const char *dir, const char *domain, int ksk, const zconf_t *conf, int status)$/;" f file: +genkey rollover.c /^static dki_t *genkey (int addkey, dki_t **listp, const char *dir, const char *domain, int ksk, const zconf_t *conf, int status)$/;" f file: gensalt misc.c /^int gensalt (char *salt, size_t saltsize, int saltbits, unsigned int seed)$/;" f get_exptime rollover.c /^static time_t get_exptime (dki_t *key, const zconf_t *z)$/;" f file: get_parent_phase rollover.c /^static int get_parent_phase (const char *file)$/;" f file: @@ -216,7 +219,7 @@ kskflag zkt-ls.c /^int kskflag = 1;$/;" v kskrollover rollover.c /^static int kskrollover (dki_t *ksk, zone_t *zonelist, zone_t *zp)$/;" f file: kskstatus rollover.c /^int kskstatus (zone_t *zonelist, zone_t *zp)$/;" f kw ncparse.c /^} kw[] = {$/;" v typeref:struct:KeyWords file: -label zconf.c /^ char *label; \/* the name of the paramter *\/$/;" m struct:__anon3 file: +label zconf.c /^ char *label; \/* the name of the parameter *\/$/;" m struct:__anon3 file: labellist zkt-keyman.c /^char *labellist = NULL;$/;" v labellist zkt-ls.c /^char *labellist = NULL;$/;" v last zconf.c 75;" d file: @@ -250,6 +253,7 @@ lifetimeflag zkt-ls.c /^int lifetimeflag = 0;$/;" v linkfile misc.c /^int linkfile (const char *fromfile, const char *tofile)$/;" f list_dnskey zkt.c /^static void list_dnskey (const dki_t **nodep, const VISIT which, int depth)$/;" f file: list_key zkt.c /^static void list_key (const dki_t **nodep, const VISIT which, int depth)$/;" f file: +list_managedkey zkt.c /^static void list_managedkey (const dki_t **nodep, const VISIT which, int depth)$/;" f file: list_trustedkey zkt.c /^static void list_trustedkey (const dki_t **nodep, const VISIT which, int depth)$/;" f file: ljustflag zkt-keyman.c /^int ljustflag = 0;$/;" v ljustflag zkt-ls.c /^int ljustflag = 0;$/;" v @@ -262,22 +266,22 @@ long_options zkt-conf.c /^static struct option long_options[] = {$/;" v typeref: long_options zkt-keyman.c /^static struct option long_options[] = {$/;" v typeref:struct:option file: long_options zkt-ls.c /^static struct option long_options[] = {$/;" v typeref:struct:option file: long_options zkt-signer.c /^static struct option long_options[] = {$/;" v typeref:struct:option file: -lopt_usage zkt-conf.c 306;" d file: -lopt_usage zkt-conf.c 309;" d file: +lopt_usage zkt-conf.c 319;" d file: +lopt_usage zkt-conf.c 322;" d file: lopt_usage zkt-keyman.c 334;" d file: lopt_usage zkt-keyman.c 337;" d file: -lopt_usage zkt-ls.c 314;" d file: -lopt_usage zkt-ls.c 317;" d file: -lopt_usage zkt-signer.c 341;" d file: -lopt_usage zkt-signer.c 344;" d file: -loptstr zkt-conf.c 307;" d file: -loptstr zkt-conf.c 310;" d file: +lopt_usage zkt-ls.c 325;" d file: +lopt_usage zkt-ls.c 328;" d file: +lopt_usage zkt-signer.c 342;" d file: +lopt_usage zkt-signer.c 345;" d file: +loptstr zkt-conf.c 320;" d file: +loptstr zkt-conf.c 323;" d file: loptstr zkt-keyman.c 335;" d file: loptstr zkt-keyman.c 338;" d file: -loptstr zkt-ls.c 315;" d file: -loptstr zkt-ls.c 318;" d file: -loptstr zkt-signer.c 342;" d file: -loptstr zkt-signer.c 345;" d file: +loptstr zkt-ls.c 326;" d file: +loptstr zkt-ls.c 329;" d file: +loptstr zkt-signer.c 343;" d file: +loptstr zkt-signer.c 346;" d file: main domaincmp.c /^main (int argc, char *argv[])$/;" f main log.c /^int main (int argc, char *argv[])$/;" f main misc.c /^main (int argc, char *argv[])$/;" f @@ -292,6 +296,7 @@ main zkt-keyman.c /^int main (int argc, char *argv[])$/;" f main zkt-ls.c /^int main (int argc, char *argv[])$/;" f main zkt-signer.c /^int main (int argc, char *const argv[])$/;" f main zkt-soaserial.c /^int main (int argc, char *argv[])$/;" f +managedkeyflag zkt-ls.c /^static int managedkeyflag = 0;$/;" v file: maxcolor tcap.c /^static int maxcolor;$/;" v file: name ncparse.c /^ char *name;$/;" m struct:KeyWords file: namedconf zkt-signer.c /^static const char *namedconf = NULL;$/;" v file: @@ -358,17 +363,17 @@ setglobalflags zkt-ls.c /^static void setglobalflags (zconf_t *config)$/;" f fil setminmax zfparse.c /^static void setminmax (long *pmin, long val, long *pmax)$/;" f file: short_options zkt-conf.c 73;" d file: short_options zkt-keyman.c 88;" d file: -short_options zkt-ls.c 92;" d file: -short_options zkt-ls.c 94;" d file: +short_options zkt-ls.c 93;" d file: +short_options zkt-ls.c 95;" d file: short_options zkt-signer.c 68;" d file: short_options zkt-signer.c 70;" d file: sign_zone zkt-signer.c /^static int sign_zone (const zone_t *zp)$/;" f file: skiplabel zfparse.c /^static const char *skiplabel (const char *s)$/;" f file: skipws zfparse.c /^static const char *skipws (const char *s)$/;" f file: -sopt_usage zkt-conf.c 304;" d file: +sopt_usage zkt-conf.c 317;" d file: sopt_usage zkt-keyman.c 332;" d file: -sopt_usage zkt-ls.c 312;" d file: -sopt_usage zkt-signer.c 339;" d file: +sopt_usage zkt-ls.c 323;" d file: +sopt_usage zkt-signer.c 340;" d file: splitpath misc.c /^const char *splitpath (char *path, size_t psize, const char *filename)$/;" f start_timer misc.c /^time_t start_timer ()$/;" f stop_timer misc.c /^time_t stop_timer (time_t start)$/;" f @@ -422,6 +427,7 @@ writekeyfile zkt-signer.c /^static int writekeyfile (const char *fname, const dk zconf_para_t zconf.c /^} zconf_para_t;$/;" t typeref:struct:__anon3 file: zkt_list_dnskeys zkt.c /^void zkt_list_dnskeys (const dki_t *data)$/;" f zkt_list_keys zkt.c /^void zkt_list_keys (const dki_t *data)$/;" f +zkt_list_managedkeys zkt.c /^void zkt_list_managedkeys (const dki_t *data)$/;" f zkt_list_trustedkeys zkt.c /^void zkt_list_trustedkeys (const dki_t *data)$/;" f zkt_search zkt.c /^const dki_t *zkt_search (const dki_t *data, int searchtag, const char *keyname)$/;" f zkt_setkeylifetime zkt.c /^void zkt_setkeylifetime (dki_t *data)$/;" f diff --git a/contrib/zkt/tcap.c b/contrib/zkt-1.1.2/tcap.c similarity index 100% rename from contrib/zkt/tcap.c rename to contrib/zkt-1.1.2/tcap.c diff --git a/contrib/zkt/tcap.h b/contrib/zkt-1.1.2/tcap.h similarity index 100% rename from contrib/zkt/tcap.h rename to contrib/zkt-1.1.2/tcap.h diff --git a/contrib/zkt/zconf.c b/contrib/zkt-1.1.2/zconf.c similarity index 85% rename from contrib/zkt/zconf.c rename to contrib/zkt-1.1.2/zconf.c index 25cdb18ddc..08d82dbd14 100644 --- a/contrib/zkt/zconf.c +++ b/contrib/zkt-1.1.2/zconf.c @@ -2,13 +2,13 @@ ** ** @(#) zconf.c -- configuration file parser for dnssec.conf ** -** Most of the code is from the SixXS Heartbeat Client +** The initial code of this module is from the SixXS Heartbeat Client ** written by Jeroen Massar ** ** New config types and many code changes by Holger Zuleger ** ** Copyright (c) Aug 2005, Jeroen Massar. -** Copyright (c) Aug 2005 - Apr 2010, Holger Zuleger. +** Copyright (c) Aug 2005 - Nov 2010, Holger Zuleger. ** All rights reserved. ** ** This software is open source. @@ -105,7 +105,7 @@ static zconf_t def = { RESIGN_INT, KEY_ALGO, ADDITIONAL_KEY_ALGO, KSK_LIFETIME, KSK_BITS, KSK_RANDOM, - ZSK_LIFETIME, ZSK_BITS, ZSK_RANDOM, + ZSK_LIFETIME, ZSK_BITS, ZSK_ALWAYS, ZSK_RANDOM, NSEC3_OFF, SALTLEN, NULL, /* viewname cmdline parameter */ 0, /* noexec cmdline parameter */ @@ -118,11 +118,12 @@ static zconf_t def = { }; typedef struct { - char *label; /* the name of the paramter */ + char *label; /* the name of the parameter */ short used_since; /* compability (from version; 0 == command line) */ short used_till; /* compability (to version) */ ctype_t type; /* the parameter type */ void *var; /* pointer to the parameter variable */ + const char *desc; const void *var2; /* pointer to a second parameter variable */ /* this is a ugly hack needed by cmpconfig () */ } zconf_para_t; @@ -136,12 +137,12 @@ static zconf_para_t confpara[] = { { "", first, 99, CONF_COMMENT, "dnssec-zkt options" }, { "", 100, last, CONF_COMMENT, "zkt-ls options" }, - { "ZoneDir", first, last, CONF_STRING, &def.zonedir }, - { "Recursive", first, last, CONF_BOOL, &def.recursive }, - { "PrintTime", first, last, CONF_BOOL, &def.printtime }, - { "PrintAge", first, last, CONF_BOOL, &def.printage }, - { "LeftJustify", first, last, CONF_BOOL, &def.ljust }, - { "lsColor", 100, last, CONF_STRING, &def.colorterm }, + { "ZoneDir", first, last, CONF_STRING, &def.zonedir, "default zone file directory (also used by zkt-signer)"}, + { "Recursive", first, last, CONF_BOOL, &def.recursive, "looking for keys down the directory tree?" }, + { "PrintTime", first, last, CONF_BOOL, &def.printtime, "print absolute key generation time?" }, + { "PrintAge", first, last, CONF_BOOL, &def.printage, "print relative key age?" }, + { "LeftJustify", first, last, CONF_BOOL, &def.ljust, "zone name is printed left justified?" }, + { "lsColor", 100, last, CONF_STRING, &def.colorterm, "terminal name (for coloring)" }, { "", first, last, CONF_COMMENT, NULL }, { "", first, last, CONF_COMMENT, "zone specific values" }, @@ -159,8 +160,8 @@ static zconf_para_t confpara[] = { { "", first, last, CONF_COMMENT, NULL }, { "", first, last, CONF_COMMENT, "signing key parameters"}, - { "Key_Algo", 99, 100, CONF_ALGO, &def.k_algo }, /* now used as general KEY algoritjm (KSK & ZSK) */ - { "KeyAlgo", 101, last, CONF_ALGO, &def.k_algo }, /* now used as general KEY algoritjm (KSK & ZSK) */ + { "Key_Algo", 99, 100, CONF_ALGO, &def.k_algo }, /* now used as general KEY algorithm (KSK & ZSK) */ + { "KeyAlgo", 101, last, CONF_ALGO, &def.k_algo }, /* now used as general KEY algorithm (KSK & ZSK) */ { "AddKey_Algo", 99, 100, CONF_ALGO, &def.k2_algo }, /* second key algorithm added (v0.99) */ { "AddKeyAlgo", 101, last, CONF_ALGO, &def.k2_algo }, /* second key algorithm added (v0.99) */ { "KSK_lifetime", first, 100, CONF_TIMEINT, &def.k_life }, @@ -176,10 +177,13 @@ static zconf_para_t confpara[] = { { "ZSK_algo", first, 98, CONF_ALGO, &def.k2_algo }, /* if someone using it already, map the algo to the additional key algorithm */ { "ZSK_bits", first, 100, CONF_INT, &def.z_bits }, { "ZSKbits", 101, last, CONF_INT, &def.z_bits }, +#if defined(ALLOW_ALWAYS_PREPUBLISH_ZSK) && ALLOW_ALWAYS_PREPUBLISH_ZSK + { "ZSKpermanent", 102, last, CONF_BOOL, &def.z_always, "Always add a pre-publish zone signing key?" }, +#endif { "ZSK_randfile", first, 100, CONF_STRING, &def.z_random }, { "ZSKrandfile", 101, last, CONF_STRING, &def.z_random }, { "NSEC3", 100, last, CONF_NSEC3, &def.nsec3 }, - { "SaltBits", 98, last, CONF_INT, &def.saltbits }, + { "SaltBits", 98, last, CONF_INT, &def.saltbits, }, { "", first, last, CONF_COMMENT, NULL }, { "", first, 99, CONF_COMMENT, "dnssec-signer options"}, @@ -199,15 +203,15 @@ static zconf_para_t confpara[] = { { "DLV_Domain", first, 100, CONF_STRING, &def.lookaside }, { "DLVdomain", 101, last, CONF_STRING, &def.lookaside }, { "Sig_Randfile", first, 100, CONF_STRING, &def.sig_random }, - { "SigRandfile", 101, last, CONF_STRING, &def.sig_random }, + { "SigRandfile", 101, last, CONF_STRING, &def.sig_random, "a file containing random data" }, { "Sig_Pseudorand", first, 100, CONF_BOOL, &def.sig_pseudo }, - { "SigPseudorand", 101, last, CONF_BOOL, &def.sig_pseudo }, + { "SigPseudorand", 101, last, CONF_BOOL, &def.sig_pseudo, "use pseudorandom data (faster but less secure)?" }, { "Sig_GenerateDS", first, 100, CONF_BOOL, &def.sig_gends }, - { "SigGenerateDS", 101, last, CONF_BOOL, &def.sig_gends }, + { "SigGenerateDS", 101, last, CONF_BOOL, &def.sig_gends, "update DS records based on child zone\' dsset-* files?" }, { "Sig_DnsKeyKSK", 99, 100, CONF_BOOL, &def.sig_dnskeyksk }, - { "SigDnsKeyKSK", 101, last, CONF_BOOL, &def.sig_dnskeyksk }, + { "SigDnsKeyKSK", 101, last, CONF_BOOL, &def.sig_dnskeyksk, "sign dns keyset with ksk only?" }, { "Sig_Parameter", first, 100, CONF_STRING, &def.sig_param }, - { "SigParameter", 101, last, CONF_STRING, &def.sig_param }, + { "SigParameter", 101, last, CONF_STRING, &def.sig_param, "additional dnssec-signzone parameter (if any)" }, { "Distribute_Cmd", 97, 100, CONF_STRING, &def.dist_cmd }, { "DistributeCmd", 101, last, CONF_STRING, &def.dist_cmd }, { "NamedChrootDir", 99, last, CONF_STRING, &def.chroot_dir }, @@ -249,7 +253,9 @@ static void set_all_varptr (zconf_t *cp, const zconf_t *cp2) set_varptr ("resigninterval", &cp->resign, cp2 ? &cp2->resign: NULL); set_varptr ("sigvalidity", &cp->sigvalidity, cp2 ? &cp2->sigvalidity: NULL); set_varptr ("max_ttl", &cp->max_ttl, cp2 ? &cp2->max_ttl: NULL); + set_varptr ("maximumttl", &cp->max_ttl, cp2 ? &cp2->max_ttl: NULL); set_varptr ("key_ttl", &cp->key_ttl, cp2 ? &cp2->key_ttl: NULL); + set_varptr ("dnskeyttl", &cp->key_ttl, cp2 ? &cp2->key_ttl: NULL); set_varptr ("propagation", &cp->proptime, cp2 ? &cp2->proptime: NULL); #if defined (DEF_TTL) set_varptr ("def_ttl", &cp->def_ttl, cp2 ? &cp2->def_ttl: NULLl); @@ -257,17 +263,28 @@ static void set_all_varptr (zconf_t *cp, const zconf_t *cp2) set_varptr ("serialformat", &cp->serialform, cp2 ? &cp2->serialform: NULL); set_varptr ("key_algo", &cp->k_algo, cp2 ? &cp2->k_algo: NULL); + set_varptr ("keyalgo", &cp->k_algo, cp2 ? &cp2->k_algo: NULL); set_varptr ("addkey_algo", &cp->k2_algo, cp2 ? &cp2->k2_algo: NULL); + set_varptr ("addkeyalgo", &cp->k2_algo, cp2 ? &cp2->k2_algo: NULL); set_varptr ("ksk_lifetime", &cp->k_life, cp2 ? &cp2->k_life: NULL); + set_varptr ("ksklifetime", &cp->k_life, cp2 ? &cp2->k_life: NULL); set_varptr ("ksk_algo", &cp->k_algo, cp2 ? &cp2->k_algo: NULL); /* used only in compability mode */ set_varptr ("ksk_bits", &cp->k_bits, cp2 ? &cp2->k_bits: NULL); + set_varptr ("kskbits", &cp->k_bits, cp2 ? &cp2->k_bits: NULL); set_varptr ("ksk_randfile", &cp->k_random, cp2 ? &cp2->k_random: NULL); + set_varptr ("kskrandfile", &cp->k_random, cp2 ? &cp2->k_random: NULL); set_varptr ("zsk_lifetime", &cp->z_life, cp2 ? &cp2->z_life: NULL); + set_varptr ("zsklifetime", &cp->z_life, cp2 ? &cp2->z_life: NULL); // set_varptr ("zsk_algo", &cp->z_algo, cp2 ? &cp2->z_algo: NULL); set_varptr ("zsk_algo", &cp->k2_algo, cp2 ? &cp2->k2_algo: NULL); set_varptr ("zsk_bits", &cp->z_bits, cp2 ? &cp2->z_bits: NULL); + set_varptr ("zskbits", &cp->z_bits, cp2 ? &cp2->z_bits: NULL); +#if defined(ALLOW_ALWAYS_PREPUBLISH_ZSK) && ALLOW_ALWAYS_PREPUBLISH_ZSK + set_varptr ("zskpermanent", &cp->z_always, cp2 ? &cp2->z_always: NULL); +#endif set_varptr ("zsk_randfile", &cp->z_random, cp2 ? &cp2->z_random: NULL); + set_varptr ("zskrandfile", &cp->z_random, cp2 ? &cp2->z_random: NULL); set_varptr ("nsec3", &cp->nsec3, cp2 ? &cp2->nsec3: NULL); set_varptr ("saltbits", &cp->saltbits, cp2 ? &cp2->saltbits: NULL); @@ -284,12 +301,19 @@ static void set_all_varptr (zconf_t *cp, const zconf_t *cp2) set_varptr ("zonefile", &cp->zonefile, cp2 ? &cp2->zonefile: NULL); set_varptr ("keysetdir", &cp->keysetdir, cp2 ? &cp2->keysetdir: NULL); set_varptr ("dlv_domain", &cp->lookaside, cp2 ? &cp2->lookaside: NULL); + set_varptr ("dlvdomain", &cp->lookaside, cp2 ? &cp2->lookaside: NULL); set_varptr ("sig_randfile", &cp->sig_random, cp2 ? &cp2->sig_random: NULL); + set_varptr ("sigrandfile", &cp->sig_random, cp2 ? &cp2->sig_random: NULL); set_varptr ("sig_pseudorand", &cp->sig_pseudo, cp2 ? &cp2->sig_pseudo: NULL); + set_varptr ("sigpseudorand", &cp->sig_pseudo, cp2 ? &cp2->sig_pseudo: NULL); set_varptr ("sig_generateds", &cp->sig_gends, cp2 ? &cp2->sig_gends: NULL); + set_varptr ("siggenerateds", &cp->sig_gends, cp2 ? &cp2->sig_gends: NULL); set_varptr ("sig_dnskeyksk", &cp->sig_dnskeyksk, cp2 ? &cp2->sig_dnskeyksk: NULL); + set_varptr ("sigdnskeyksk", &cp->sig_dnskeyksk, cp2 ? &cp2->sig_dnskeyksk: NULL); set_varptr ("sig_parameter", &cp->sig_param, cp2 ? &cp2->sig_param: NULL); + set_varptr ("sigparameter", &cp->sig_param, cp2 ? &cp2->sig_param: NULL); set_varptr ("distribute_cmd", &cp->dist_cmd, cp2 ? &cp2->dist_cmd: NULL); + set_varptr ("distributecmd", &cp->dist_cmd, cp2 ? &cp2->dist_cmd: NULL); set_varptr ("namedchrootdir", &cp->chroot_dir, cp2 ? &cp2->chroot_dir: NULL); } @@ -422,7 +446,7 @@ static void parseconfigline (char *buf, unsigned int line, zconf_t *z) *((int *)c->var) = DK_ALGO_RSASHA256; else if ( strcmp (val, "10") == 0 || strcasecmp (val, "rsasha5") == 0 || - strcasecmp (val, "rsasha212") == 0 || + strcasecmp (val, "rsasha512") == 0 || strcasecmp (val, "nsec3rsasha5") == 0 || strcasecmp (val, "n3rsasha5") == 0 || strcasecmp (val, "nsec3rsasha512") == 0 || @@ -471,21 +495,24 @@ static void printconfigline (FILE *fp, zconf_para_t *cp) { int i; long lval; + int printnl; assert (fp != NULL); assert (cp != NULL); + printnl = 0; switch ( cp->type ) { case CONF_VERSION: - fprintf (fp, "#\tZKT config file for version %d.%02d\n", - compversion / 100, compversion % 100); + fprintf (fp, "#\tZKT config file for version %d.%d.%d\n", + compversion / 100, + (compversion / 10 ) % 10, + compversion % 10); break; case CONF_COMMENT: if ( cp->var ) - fprintf (fp, "# %s\n", (char *)cp->var); - else - fprintf (fp, "\n"); + fprintf (fp, "# %s", (char *)cp->var); + printnl = 1; break; case CONF_LEVEL: case CONF_FACILITY: @@ -498,25 +525,30 @@ static void printconfigline (FILE *fp, zconf_para_t *cp) fprintf (fp, "%s:\t", cp->label); for ( p = *(char **)cp->var; *p; p++ ) putc (toupper (*p), fp); - fprintf (fp, "\n"); + // fprintf (fp, "\n"); } else fprintf (fp, "%s:\tNONE", cp->label); } + if ( cp->type == CONF_LEVEL ) + fprintf (fp, "\t\t# (NONE|DEBUG|INFO|NOTICE|WARNING|ERROR|FATAL)\n"); + else + fprintf (fp, "\t\t# (NONE|USER|DAEMON|LOCAL[0-7])\n"); break; case CONF_STRING: if ( *(char **)cp->var ) - fprintf (fp, "%s:\t\"%s\"\n", cp->label, *(char **)cp->var); + printnl = fprintf (fp, "%s:\t\"%s\"", cp->label, *(char **)cp->var); break; case CONF_BOOL: - fprintf (fp, "%s:\t%s\n", cp->label, bool2str ( *(int*)cp->var )); + fprintf (fp, "%s:\t%s", cp->label, bool2str ( *(int*)cp->var )); + printnl = 1; break; case CONF_TIMEINT: lval = *(ulong*)cp->var; /* in that case it should be of type ulong */ fprintf (fp, "%s:\t%s", cp->label, timeint2str (lval)); if ( lval ) fprintf (fp, "\t\t# (%ld seconds)", lval); - putc ('\n', fp); + printnl = 1; break; case CONF_ALGO: i = *(int*)cp->var; @@ -545,12 +577,25 @@ static void printconfigline (FILE *fp, zconf_para_t *cp) fprintf (fp, "\t\t# (On|Off|OptOut)\n"); break; case CONF_INT: - fprintf (fp, "%s:\t%d\n", cp->label, *(int *)cp->var); + fprintf (fp, "%s:\t%d", cp->label, *(int *)cp->var); + printnl = 1; break; case CONF_END: /* NOTREACHED */ break; } + if ( printnl ) + { + if ( cp->desc ) + { + if ( printnl < 20 ) + putc ('\t', fp); + fprintf (fp, "\t# %s\n", cp->desc); + } + else + putc ('\n', fp); + + } } /***************************************************************** @@ -826,6 +871,16 @@ int printconfigdiff (const char *fname, const zconf_t *ref, const zconf_t *z) if ( iscmdline (cp) ) /* skip command line parameter */ continue; + if ( !iscompatible (cp) ) /* is parameter compatible to current version? */ + continue; + + if ( cp->type == CONF_VERSION || cp->type == CONF_END || cp->type == CONF_COMMENT ) + continue; + + dbg_val5 ("printconfigdiff: %d: %s %d %d %d\n", cp->type, cp->label, + compversion, cp->used_since, cp->used_till); + assert ( cp->var2 != NULL ); + switch ( cp->type ) { case CONF_VERSION: @@ -884,11 +939,17 @@ int checkconfig (const zconf_t *z) max_ttl = z->sigvalidity; ret = 0; - if ( strcmp (z->k_random, "/dev/urandom") == 0 ) + if ( z->k_random && strcmp (z->k_random, "/dev/urandom") == 0 ) ret = fprintf (stderr, "random device without enough entropie used for KSK generation \n"); - if ( strcmp (z->z_random, "/dev/urandom") == 0 ) + if ( z->z_random && strcmp (z->z_random, "/dev/urandom") == 0 ) ret = fprintf (stderr, "random device without enough entropie used for ZSK generation\n"); + if ( z->k_bits < 512 || z->z_bits < 512 ) + ret = fprintf (stderr, "Algorithm requires a bit size of at least 512 \n"); + + if ( z->k_algo == DK_ALGO_RSASHA512 && ( z->k_bits < 1024 || z->z_bits < 1024 ) ) + ret = fprintf (stderr, "Algorithm RSASHA 512 requires a bit size of at least 1024 \n"); + if ( z->saltbits < 4 ) ret = fprintf (stderr, "Saltlength must be at least 4 bits\n"); if ( z->saltbits > 128 ) @@ -910,7 +971,7 @@ int checkconfig (const zconf_t *z) } else if ( max_ttl > z->sigvalidity/2 ) - ret = fprintf (stderr, "Max TTL (%ld) should be less or equal signature validity (%ld)\n", + ret = fprintf (stderr, "Max TTL (%ld) should be a few times smaller than the signature validity (%ld)\n", max_ttl, z->sigvalidity); // if ( z->resign > (z->sigvalidity*5/6) - (max_ttl + z->proptime) ) @@ -927,7 +988,7 @@ int checkconfig (const zconf_t *z) ret = fprintf (stderr, "signature lifetime (%ld) (%s)\n", z->sigvalidity, timeint2str(z->sigvalidity - max_ttl)); } - if ( z->z_life > (12 * WEEKSEC) * (z->z_bits / 512.) ) + if ( z->z_life > (24 * WEEKSEC) * (z->z_bits / 512.) ) { fprintf (stderr, "Lifetime of zone signing key (%s) ", timeint2str (z->z_life)); fprintf (stderr, "seems a little bit high "); @@ -939,7 +1000,7 @@ int checkconfig (const zconf_t *z) fprintf (stderr, "Lifetime of key signing key (%s) ", timeint2str (z->k_life)); ret = fprintf (stderr, "should be greater than lifetime of zsk\n"); } - if ( z->k_life > 0 && z->k_life > (26 * WEEKSEC) * (z->k_bits / 512.) ) + if ( z->k_life > 0 && z->k_life > (52 * WEEKSEC) * (z->k_bits / 512.) ) { fprintf (stderr, "Lifetime of key signing key (%s) ", timeint2str (z->k_life)); fprintf (stderr, "seems a little bit high "); diff --git a/contrib/zkt/zconf.h b/contrib/zkt-1.1.2/zconf.h similarity index 94% rename from contrib/zkt/zconf.h rename to contrib/zkt-1.1.2/zconf.h index f35d8f7543..09ed0abce9 100644 --- a/contrib/zkt/zconf.h +++ b/contrib/zkt-1.1.2/zconf.h @@ -49,7 +49,7 @@ # define MONTH (DAY * 30) # define YEAR (DAY * 365) -# define SIG_VALID_DAYS (10) /* or 3 Weeks ? */ +# define SIG_VALID_DAYS (21) /* 3 Weeks */ # define SIG_VALIDITY (SIG_VALID_DAYS * DAYSEC) # define MAX_TTL ( 8 * HOURSEC) /* default value of maximum ttl time */ # define KEY_TTL ( 4 * HOURSEC) /* default value of KEY TTL */ @@ -60,35 +60,36 @@ #endif # define RESIGN_INT ((SIG_VALID_DAYS - (SIG_VALID_DAYS / 3)) * DAYSEC) -# define KSK_LIFETIME (1 * YEARSEC) -#if 0 +# define KSK_LIFETIME (2 * YEARSEC) +#if 1 # define ZSK_LIFETIME ((SIG_VALID_DAYS * 3) * DAYSEC) /* set to three times the sig validity */ #else -# if 0 -# define ZSK_LIFETIME ((MONTH * 3) * DAYSEC) /* set fixed to 3 month */ -# else -# define ZSK_LIFETIME (12 * WEEKSEC) /* set fixed to 3 month */ -# endif +# define ZSK_LIFETIME (12 * WEEKSEC) /* set fixed to 3 month */ #endif /* # define KSK_ALGO (DK_ALGO_RSASHA1) KSK_ALGO renamed to KEY_ALGO (v0.99) */ # define KEY_ALGO (DK_ALGO_RSASHA1) /* general KEY_ALGO used for both ksk and zsk */ # define ADDITIONAL_KEY_ALGO 0 # define KSK_BITS (1300) -# define KSK_RANDOM "/dev/urandom" /* was NULL before v0.94 */ +# define KSK_RANDOM NULL /* # define ZSK_ALGO (DK_ALGO_RSASHA1) ZSK_ALGO has to be the same as KSK, so this is no longer used (v0.99) */ # define ZSK_BITS (512) +# define ZSK_ALWAYS 0 # define ZSK_RANDOM "/dev/urandom" # define NSEC3 0 /* by default nsec3 is off */ # define SALTLEN 24 /* salt length in bits (resolution is 4 bits)*/ +#if 0 # define ZONEDIR "." +#else +# define ZONEDIR CONFIG_PATH +#endif # define RECURSIVE 0 # define PRINTTIME 1 # define PRINTAGE 0 # define LJUST 0 # define LSCOLORTERM NULL /* or "" */ -# define KEYSETDIR NULL /* keysets */ +# define KEYSETDIR ".." /* keysets */ # define LOGFILE "" # define LOGLEVEL "error" # define LOGDOMAINDIR "" @@ -162,6 +163,7 @@ typedef struct zconf { long z_life; /* int z_algo; no longer used; renamed to k2_algo (v0.99) */ int z_bits; + int z_always; /* always pre-publish zsk ? */ char *z_random; nsec3_t nsec3; /* 0 == off; 1 == on; 2 == on with optout */ int saltbits; diff --git a/contrib/zkt/zfparse.c b/contrib/zkt-1.1.2/zfparse.c similarity index 96% rename from contrib/zkt/zfparse.c rename to contrib/zkt-1.1.2/zfparse.c index 07d966ff80..2905691f33 100644 --- a/contrib/zkt/zfparse.c +++ b/contrib/zkt-1.1.2/zfparse.c @@ -40,19 +40,12 @@ # include /* for link(), unlink() */ # include # include -#if 0 -# include -# include -# include -# include -# include -# include -#endif #ifdef HAVE_CONFIG_H # include #endif # include "config_zkt.h" # include "zconf.h" +# include "misc.h" # include "log.h" # include "debug.h" #define extern @@ -184,7 +177,10 @@ int parsezonefile (const char *file, long *pminttl, long *pmaxttl, const char *k dbg_val4 ("parsezonefile (\"%s\", %ld, %ld, \"%s\")\n", file, *pminttl, *pmaxttl, keydbfile); if ( (infp = fopen (file, "r")) == NULL ) + { + error ("parsezonefile: couldn't open file \"%s\" for input\n", file); return -1; + } lnr = 0; keydbfilefound = 0; @@ -220,7 +216,11 @@ int parsezonefile (const char *file, long *pminttl, long *pmaxttl, const char *k if ( keydbfile && strcmp (fname, keydbfile) == 0 ) keydbfilefound = 1; else - keydbfilefound = parsezonefile (fname, pminttl, pmaxttl, keydbfile); + { + int ret = parsezonefile (fname, pminttl, pmaxttl, keydbfile); + if ( ret ) /* keydb found or read error ? */ + keydbfilefound = ret; + } } } else if ( !isspace (*p) ) /* label ? */ diff --git a/contrib/zkt/zfparse.h b/contrib/zkt-1.1.2/zfparse.h similarity index 100% rename from contrib/zkt/zfparse.h rename to contrib/zkt-1.1.2/zfparse.h diff --git a/contrib/zkt/zkt-conf.c b/contrib/zkt-1.1.2/zkt-conf.c similarity index 91% rename from contrib/zkt/zkt-conf.c rename to contrib/zkt-1.1.2/zkt-conf.c index 82a1c33e25..cc03201750 100644 --- a/contrib/zkt/zkt-conf.c +++ b/contrib/zkt-1.1.2/zkt-conf.c @@ -99,8 +99,9 @@ int main (int argc, char *argv[]) int c; int opt_index; int action; - int major; - int minor; + int major = 0; + int minor = 0; + int revision = 0; const char *file; const char *defconfname = NULL; const char *confname = NULL; @@ -115,7 +116,7 @@ int main (int argc, char *argv[]) view = getnameappendix (progname, "zkt-conf"); defconfname = getdefconfname (view); - dbg_val0 ("Load built in config \"%s\"\n"); + dbg_val0 ("Load built in config\n"); config = loadconfig ("", (zconf_t *)NULL); /* load built in config */ if ( fileexist (defconfname) ) /* load default config file */ @@ -130,7 +131,18 @@ int main (int argc, char *argv[]) opterr = 0; opt_index = 0; action = 0; - setconfigversion (100); + + /* set current config version based on ZKT version */ + switch ( sscanf (ZKT_VERSION, "%d.%d.%d", &major, &minor, &revision) ) + { + case 3: major = (major * 100) + (minor * 10) + revision; break; + case 2: major = (major * 100) + (minor * 10); break; + case 1: major = major * 100; break; + default: + usage ("illegal release number"); + } + setconfigversion (major); + #if defined(HAVE_GETOPT_LONG) && HAVE_GETOPT_LONG while ( (c = getopt_long (argc, argv, short_options, long_options, &opt_index)) != -1 ) #else @@ -152,10 +164,11 @@ int main (int argc, char *argv[]) config = loadconfig_fromstr (optarg, config); break; case 'C': - switch ( sscanf (optarg, "%d.%d", &major, &minor) ) + switch ( sscanf (optarg, "%d.%d.%d", &major, &minor, &revision) ) { - case 2: major = major * 100 + minor; - case 1: break; + case 3: major = (major * 100) + (minor * 10) + revision; break; + case 2: major = (major * 100) + (minor * 10); break; + case 1: major = major * 100; break; default: usage ("illegal release number"); } @@ -277,11 +290,11 @@ int main (int argc, char *argv[]) } if ( minttl < (10 * MINSEC) ) - fprintf (stderr, "Min_TTL of %s (%ld seconds) is too low to use it in a signed zone (see RFC4641)\n", + fprintf (stderr, "MinimumTTL of %s (%ld seconds) is too low to use it in a signed zone (see RFC4641)\n", timeint2str (minttl), minttl); else - fprintf (stderr, "Min_TTL:\t%s\t# (%ld seconds)\n", timeint2str (minttl), minttl); - fprintf (stdout, "Max_TTL:\t%s\t# (%ld seconds)\n", timeint2str (maxttl), maxttl); + fprintf (stderr, "MinimumTTL:\t%s\t# (%ld seconds)\n", timeint2str (minttl), minttl); + fprintf (stdout, "MaximumTTL:\t%s\t# (%ld seconds)\n", timeint2str (maxttl), maxttl); if ( writeflag ) { @@ -292,7 +305,7 @@ int main (int argc, char *argv[]) dbg_val ("Load local config file \"%s\"\n", LOCALCONF_FILE); config = loadconfig (LOCALCONF_FILE, config); } - setconfigpar (config, "Max_TTL", &maxttl); + setconfigpar (config, "MaximumTTL", &maxttl); printconfigdiff (confname, refconfig, config); } } diff --git a/contrib/zkt/zkt-keyman.c b/contrib/zkt-1.1.2/zkt-keyman.c similarity index 100% rename from contrib/zkt/zkt-keyman.c rename to contrib/zkt-1.1.2/zkt-keyman.c diff --git a/contrib/zkt/zkt-ls.c b/contrib/zkt-1.1.2/zkt-ls.c similarity index 94% rename from contrib/zkt/zkt-ls.c rename to contrib/zkt-1.1.2/zkt-ls.c index 67e2ce4873..e9ac692bdb 100644 --- a/contrib/zkt/zkt-ls.c +++ b/contrib/zkt-1.1.2/zkt-ls.c @@ -85,18 +85,20 @@ int subdomain_before_parent = 1; static int dirflag = 0; static int recflag = RECURSIVE; static int trustedkeyflag = 0; +static int managedkeyflag = 0; static const char *view = ""; static const char *term = NULL; #if defined(COLOR_MODE) && COLOR_MODE -# define short_options ":HKTV:afC::c:O:dhkLl:prstez" +# define short_options ":HKTMV:afC::c:O:dhkLl:prstez" #else -# define short_options ":HKTV:af:c:O:dhkLl:prstez" +# define short_options ":HKTMV:af:c:O:dhkLl:prstez" #endif #if defined(HAVE_GETOPT_LONG) && HAVE_GETOPT_LONG static struct option long_options[] = { {"list-dnskeys", no_argument, NULL, 'K'}, {"list-trustedkeys", no_argument, NULL, 'T'}, + {"list-managedkeys", no_argument, NULL, 'M'}, {"ksk", no_argument, NULL, 'k'}, {"zsk", no_argument, NULL, 'z'}, {"age", no_argument, NULL, 'a'}, @@ -182,6 +184,12 @@ int main (int argc, char *argv[]) term = getenv ("TERM"); break; #endif + case 'M': + managedkeyflag = 1; + subdomain_before_parent = 0; + zskflag = pathflag = 0; + action = c; + break; case 'T': trustedkeyflag = 1; subdomain_before_parent = 0; @@ -300,6 +308,9 @@ int main (int argc, char *argv[]) case 'T': zkt_list_trustedkeys (data); break; + case 'M': + zkt_list_managedkeys (data); + break; default: zkt_list_keys (data); } @@ -333,13 +344,17 @@ static void usage (char *mesg, zconf_t *cp) sopt_usage ("\tusage: %s -T [-dhrz] [-c config] [file|dir ...]\n", progname); lopt_usage ("\tusage: %s --list-trustedkeys [-dhzr] [-c config] [file|dir ...]\n", progname); fprintf (stderr, "\n"); + fprintf (stderr, "List managed keys (output is suitable for managed-keys section)\n"); + sopt_usage ("\tusage: %s -M [-dhrz] [-c config] [file|dir ...]\n", progname); + lopt_usage ("\tusage: %s --list-managedkeys [-dhzr] [-c config] [file|dir ...]\n", progname); + fprintf (stderr, "\n"); fprintf (stderr, "General options \n"); fprintf (stderr, "\t-c file%s", loptstr (", --config=file\n", "")); fprintf (stderr, "\t\t read config from instead of %s\n", CONFIG_FILE); fprintf (stderr, "\t-O optstr%s", loptstr (", --config-option=\"optstr\"\n", "")); fprintf (stderr, "\t\t read config options from commandline\n"); - fprintf (stderr, "\t-h%s\t no headline or trusted-key section header/trailer in -T mode\n", loptstr (", --nohead", "\t")); + fprintf (stderr, "\t-h%s\t no headline or trusted/managed-key section header/trailer in -T/-M mode\n", loptstr (", --nohead", "\t")); fprintf (stderr, "\t-d%s\t skip directory arguments\n", loptstr (", --directory", "\t")); fprintf (stderr, "\t-L%s\t print the domain name left justified (default: %s)\n", loptstr (", --leftjust", "\t"), ljustflag ? "on": "off"); fprintf (stderr, "\t-l list%s", loptstr (", --label=\"list\"\n\t", "")); diff --git a/contrib/zkt/zkt-signer.c b/contrib/zkt-1.1.2/zkt-signer.c similarity index 99% rename from contrib/zkt/zkt-signer.c rename to contrib/zkt-1.1.2/zkt-signer.c index 7a20ae3469..5a2a285b34 100644 --- a/contrib/zkt/zkt-signer.c +++ b/contrib/zkt-1.1.2/zkt-signer.c @@ -254,13 +254,10 @@ int main (int argc, char *const argv[]) if ( lg_open (progname, config->syslogfacility, config->sysloglevel, config->zonedir, logfile, config->loglevel) < -1 ) fatal ("Couldn't open logfile %s in dir %s\n", logfile, config->zonedir); -#if defined(DBG) && DBG - for ( zp = zonelist; zp; zp = zp->next ) - zone_print ("in main: ", zp); -#endif lg_args (LG_NOTICE, argc, argv); - /* 1.0rc1: If the ttl for dynamic zones is not known or if it is 0, use sig valid time for this */ + /* 1.0rc1: If the ttl is 0 or not known because of dynamic zone signing, ... */ + /* ... use sig valid time for this */ if ( config->max_ttl <= 0 || dynamic_zone ) { // config = dupconfig (config); @@ -316,10 +313,14 @@ int main (int argc, char *const argv[]) free (dir); } - /* none of the above: read current directory tree */ + /* none of the above: read default directory tree */ if ( zonelist == NULL ) parsedir (config->zonedir, &zonelist, config); +#if defined(DBG) && DBG + for ( zp = zonelist; zp; zp = zp->next ) + zone_print ("in main: ", zp); +#endif for ( zp = zonelist; zp; zp = zp->next ) if ( in_strarr (zp->zone, &argv[optind], argc - optind) ) { @@ -550,7 +551,7 @@ static int dosigning (zone_t *zonelist, zone_t *zp) if ( force ) snprintf (mesg, sizeof(mesg), "Option -f"); else if ( newkey ) - snprintf (mesg, sizeof(mesg), "Modfied zone key set"); + snprintf (mesg, sizeof(mesg), "Modified zone key set"); else if ( newkeysetfile ) snprintf (mesg, sizeof(mesg), "Modified KSK in delegated domain"); else if ( file_mtime (path) > zfilesig_time ) @@ -626,7 +627,7 @@ static int dosigning (zone_t *zonelist, zone_t *zp) } /* at last, sign the zone file */ - if ( err > 0 ) + if ( err >= 0 ) { time_t timer; diff --git a/contrib/zkt/zkt-soaserial.c b/contrib/zkt-1.1.2/zkt-soaserial.c similarity index 100% rename from contrib/zkt/zkt-soaserial.c rename to contrib/zkt-1.1.2/zkt-soaserial.c diff --git a/contrib/zkt/zkt.c b/contrib/zkt-1.1.2/zkt.c similarity index 87% rename from contrib/zkt/zkt.c rename to contrib/zkt-1.1.2/zkt.c index 511c08c535..6b6ce69e73 100644 --- a/contrib/zkt/zkt.c +++ b/contrib/zkt-1.1.2/zkt.c @@ -244,6 +244,43 @@ static void list_trustedkey (const dki_t **nodep, const VISIT which, int depth) } } } +static void list_managedkey (const dki_t **nodep, const VISIT which, int depth) +{ + const dki_t *dkp; + + if ( nodep == NULL ) + return; + + dkp = *nodep; + if ( which == INORDER || which == LEAF ) + { +// fprintf (stderr, "list_trustedkey order=%d(pre=0,in=1,post=2,leaf=3) depth=%d %s\n", which, depth, dkp->name); + if ( labellist && !isinlist (dkp->name, labellist) ) + return; + + if ( parent == NULL || !issubdomain (dkp->name, parent->name) ) + { + const dki_t *dkp_head = NULL; + const dki_t *standby = NULL; + + parent = dkp; + + dkp_head = dkp; + /* look for a standby key */ + for ( dkp = dkp_head; dkp; dkp = dkp->next ) + if ( dki_isksk (dkp) && dki_ispublished (dkp) ) + standby = dkp; + + if ( !standby ) /* no standby key found ? */ + return; + + /* print all non-standby ksk */ + for ( dkp = dkp_head; dkp; dkp = dkp->next ) + if ( dki_isksk (dkp) && dkp != standby ) + dki_prt_managedkey (dkp, stdout); + } + } +} # endif #endif @@ -268,6 +305,27 @@ void zkt_list_trustedkeys (const dki_t *data) printf ("};\n"); } +void zkt_list_managedkeys (const dki_t *data) +{ + + /* print headline if list is not empty */ + if ( data && headerflag ) + printf ("managed-keys {\n"); + +#if defined(USE_TREE) && USE_TREE + twalk (data, list_managedkey); +#else + for ( dkp = data; dkp; dkp = dkp->next ) /* loop through list */ + if ( (dki_isksk (dkp) || zskflag) && + (labellist == NULL || isinlist (dkp->name, labellist)) ) + dki_prt_managedkey (dkp, stdout); +#endif + + /* print end of trusted-key section */ + if ( data && headerflag ) + printf ("};\n"); +} + #if defined(USE_TREE) && USE_TREE static void list_dnskey (const dki_t **nodep, const VISIT which, int depth) { diff --git a/contrib/zkt/zkt.h b/contrib/zkt-1.1.2/zkt.h similarity index 97% rename from contrib/zkt/zkt.h rename to contrib/zkt-1.1.2/zkt.h index 2f3398d5fb..01460527ee 100644 --- a/contrib/zkt/zkt.h +++ b/contrib/zkt-1.1.2/zkt.h @@ -40,6 +40,7 @@ extern const dki_t *zkt_search (const dki_t *data, int searchtag, const char *keyname); extern void zkt_list_keys (const dki_t *data); extern void zkt_list_trustedkeys (const dki_t *data); +extern void zkt_list_managedkeys (const dki_t *data); extern void zkt_list_dnskeys (const dki_t *data); extern void zkt_setkeylifetime (dki_t *data); diff --git a/contrib/zkt/zone.c b/contrib/zkt-1.1.2/zone.c similarity index 100% rename from contrib/zkt/zone.c rename to contrib/zkt-1.1.2/zone.c diff --git a/contrib/zkt/zone.h b/contrib/zkt-1.1.2/zone.h similarity index 100% rename from contrib/zkt/zone.h rename to contrib/zkt-1.1.2/zone.h diff --git a/contrib/zkt/dnssec-zkt.c b/contrib/zkt/dnssec-zkt.c deleted file mode 100644 index 744a6f865f..0000000000 --- a/contrib/zkt/dnssec-zkt.c +++ /dev/null @@ -1,816 +0,0 @@ -/***************************************************************** -** -** @(#) dnssec-zkt.c (c) Jan 2005 Holger Zuleger hznet.de -** -** Secure DNS zone key tool -** A wrapper command around the BIND dnssec-keygen utility -** -** Copyright (c) 2005 - 2008, Holger Zuleger HZnet. All rights reserved. -** -** This software is open source. -** -** Redistribution and use in source and binary forms, with or without -** modification, are permitted provided that the following conditions -** are met: -** -** Redistributions of source code must retain the above copyright notice, -** this list of conditions and the following disclaimer. -** -** Redistributions in binary form must reproduce the above copyright notice, -** this list of conditions and the following disclaimer in the documentation -** and/or other materials provided with the distribution. -** -** Neither the name of Holger Zuleger HZnet nor the names of its contributors may -** be used to endorse or promote products derived from this software without -** specific prior written permission. -** -** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED -** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE -** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -** POSSIBILITY OF SUCH DAMAGE. -** -*****************************************************************/ - -# include -# include /* abort(), exit(), ... */ -# include -# include -# include -# include -# include - -#ifdef HAVE_CONFIG_H -# include -#endif -# include "config_zkt.h" -#if defined(HAVE_GETOPT_LONG) && HAVE_GETOPT_LONG -# include -#endif - -# include "debug.h" -# include "misc.h" -# include "strlist.h" -# include "zconf.h" -# include "dki.h" -# include "zkt.h" - -extern int optopt; -extern int opterr; -extern int optind; -extern char *optarg; -const char *progname; - -char *labellist = NULL; - -int headerflag = 1; -int ageflag = 0; -int lifetime = 0; -int lifetimeflag = 0; -int timeflag = 1; -int exptimeflag = 0; -int pathflag = 0; -int kskflag = 1; -int zskflag = 1; -int ljustflag = 0; - -static int dirflag = 0; -static int recflag = RECURSIVE; -static int trustedkeyflag = 0; -static char *kskdomain = ""; -static const char *view = ""; - -# define short_options ":0:1:2:3:9A:C:D:P:S:R:HKTs:ZV:afF:c:O:dhkLl:prtez" -#if defined(HAVE_GETOPT_LONG) && HAVE_GETOPT_LONG -static struct option long_options[] = { - {"ksk-rollover", no_argument, NULL, '9'}, - {"ksk-status", required_argument, NULL, '0'}, - {"ksk-roll-status", required_argument, NULL, '0'}, - {"ksk-newkey", required_argument, NULL, '1'}, - {"ksk-publish", required_argument, NULL, '2'}, - {"ksk-delkey", required_argument, NULL, '3'}, - {"ksk-roll-phase1", required_argument, NULL, '1'}, - {"ksk-roll-phase2", required_argument, NULL, '2'}, - {"ksk-roll-phase3", required_argument, NULL, '3'}, - {"list-dnskeys", no_argument, NULL, 'K'}, - {"list-trustedkeys", no_argument, NULL, 'T'}, - {"ksk", no_argument, NULL, 'k'}, - {"zsk", no_argument, NULL, 'z'}, - {"age", no_argument, NULL, 'a'}, - {"lifetime", no_argument, NULL, 'f'}, - {"time", no_argument, NULL, 't'}, - {"expire", no_argument, NULL, 'e'}, - {"recursive", no_argument, NULL, 'r'}, - {"zone-config", no_argument, NULL, 'Z'}, - {"leftjust", no_argument, NULL, 'L'}, - {"path", no_argument, NULL, 'p'}, - {"nohead", no_argument, NULL, 'h'}, - {"directory", no_argument, NULL, 'd'}, - {"config", required_argument, NULL, 'c'}, - {"option", required_argument, NULL, 'O'}, - {"config-option", required_argument, NULL, 'O'}, - {"published", required_argument, NULL, 'P'}, - {"standby", required_argument, NULL, 'S'}, - {"active", required_argument, NULL, 'A'}, - {"depreciated", required_argument, NULL, 'D'}, - {"create", required_argument, NULL, 'C'}, - {"revoke", required_argument, NULL, 'R'}, - {"remove", required_argument, NULL, 19 }, - {"destroy", required_argument, NULL, 20 }, - {"setlifetime", required_argument, NULL, 'F' }, - {"view", required_argument, NULL, 'V' }, - {"help", no_argument, NULL, 'H'}, - {0, 0, 0, 0} -}; -#endif - -static int parsedirectory (const char *dir, dki_t **listp); -static void parsefile (const char *file, dki_t **listp); -static void createkey (const char *keyname, const dki_t *list, const zconf_t *conf); -static void ksk_roll (const char *keyname, int phase, const dki_t *list, const zconf_t *conf); -static int create_parent_file (const char *fname, int phase, int ttl, const dki_t *dkp); -static void usage (char *mesg, zconf_t *cp); -static const char *parsetag (const char *str, int *tagp); - -static void setglobalflags (zconf_t *config) -{ - recflag = config->recursive; - ageflag = config->printage; - timeflag = config->printtime; - ljustflag = config->ljust; -} - -int main (int argc, char *argv[]) -{ - dki_t *data = NULL; - dki_t *dkp; - int c; - int opt_index; - int action; - const char *file; - const char *defconfname = NULL; - char *p; - char str[254+1]; - const char *keyname = NULL; - int searchtag; - zconf_t *config; - - progname = *argv; - if ( (p = strrchr (progname, '/')) ) - progname = ++p; - view = getnameappendix (progname, "dnssec-zkt"); - - defconfname = getdefconfname (view); - config = loadconfig ("", (zconf_t *)NULL); /* load built in config */ - if ( fileexist (defconfname) ) /* load default config file */ - config = loadconfig (defconfname, config); - if ( config == NULL ) - fatal ("Out of memory\n"); - setglobalflags (config); - - opterr = 0; - opt_index = 0; - action = 0; -#if defined(HAVE_GETOPT_LONG) && HAVE_GETOPT_LONG - while ( (c = getopt_long (argc, argv, short_options, long_options, &opt_index)) != -1 ) -#else - while ( (c = getopt (argc, argv, short_options)) != -1 ) -#endif - { - switch ( c ) - { - case '9': /* ksk rollover help */ - ksk_roll ("help", c - '0', NULL, NULL); - exit (1); - case '1': /* ksk rollover: create new key */ - case '2': /* ksk rollover: publish DS */ - case '3': /* ksk rollover: delete old key */ - case '0': /* ksk rollover: show current status */ - action = c; - if ( !optarg ) - usage ("ksk rollover requires an domain argument", config); - kskdomain = domain_canonicdup (optarg); - break; - case 'T': - trustedkeyflag = 1; - zskflag = pathflag = 0; - /* fall through */ - case 'H': - case 'K': - case 'Z': - action = c; - break; - case 'C': - pathflag = !pathflag; - /* fall through */ - case 'P': - case 'S': - case 'A': - case 'D': - case 'R': - case 's': - case 19: - case 20: - if ( (keyname = parsetag (optarg, &searchtag)) != NULL ) - keyname = domain_canonicdup (keyname); - action = c; - break; - case 'a': /* age */ - ageflag = !ageflag; - break; - case 'f': /* key lifetime */ - lifetimeflag = !lifetimeflag; - break; - case 'F': /* set key lifetime */ - lifetime = atoi (optarg); - lifetimeflag = 1; /* set some flags for more informative output */ - exptimeflag = 1; - timeflag = 1; - action = c; - break; - case 'V': /* view name */ - view = optarg; - defconfname = getdefconfname (view); - if ( fileexist (defconfname) ) /* load default config file */ - config = loadconfig (defconfname, config); - if ( config == NULL ) - fatal ("Out of memory\n"); - setglobalflags (config); - break; - case 'c': - config = loadconfig (optarg, config); - setglobalflags (config); - checkconfig (config); - break; - case 'O': /* read option from commandline */ - config = loadconfig_fromstr (optarg, config); - setglobalflags (config); - checkconfig (config); - break; - case 'd': /* ignore directory arg */ - dirflag = 1; - break; - case 'h': /* print no headline */ - headerflag = 0; - break; - case 'k': /* ksk only */ - zskflag = 0; - break; - case 'L': /* ljust */ - ljustflag = !ljustflag; - break; - case 'l': /* label list */ - labellist = prepstrlist (optarg, LISTDELIM); - if ( labellist == NULL ) - fatal ("Out of memory\n"); - break; - case 'p': /* print path */ - pathflag = 1; - break; - case 'r': /* switch recursive flag */ - recflag = !recflag; - break; - case 't': /* time */ - timeflag = !timeflag; - break; - case 'e': /* expire time */ - exptimeflag = !exptimeflag; - break; - case 'z': /* zsk only */ - kskflag = 0; - break; - case ':': - snprintf (str, sizeof(str), "option \"-%c\" requires an argument.\n", - optopt); - usage (str, config); - break; - case '?': - if ( isprint (optopt) ) - snprintf (str, sizeof(str), "Unknown option \"-%c\".\n", - optopt); - else - snprintf (str, sizeof (str), "Unknown option char \\x%x.\n", - optopt); - usage (str, config); - break; - default: - abort(); - } - } - - /* it's better to do this before we read the whole directory tree */ - if ( action == 'Z' ) - { - fprintf (stderr, "The use of -Z is deprecated. Please use zkt-conf instead\n"); - printconfig ("stdout", config); - return 0; - } - - if ( kskflag == 0 && zskflag == 0 ) - kskflag = zskflag = 1; - - c = optind; - do { - if ( c >= argc ) /* no args left */ - file = config->zonedir; /* use default directory */ - else - file = argv[c++]; - - if ( is_directory (file) ) - parsedirectory (file, &data); - else - parsefile (file, &data); - - } while ( c < argc ); /* for all arguments */ - - switch ( action ) - { - case 'H': - usage ("", config); - case 'C': - createkey (keyname, data, config); - break; - case 'P': - case 'S': - case 'A': - case 'D': - if ( (dkp = (dki_t*)zkt_search (data, searchtag, keyname)) == NULL ) - fatal ("Key with tag %u not found\n", searchtag); - else if ( dkp == (void *) 01 ) - fatal ("Key with tag %u found multiple times\n", searchtag); - if ( (c = dki_setstatus_preservetime (dkp, action)) != 0 ) - fatal ("Couldn't change status of key %u: %d\n", searchtag, c); - break; - case 19: /* remove (rename) key file */ - if ( (dkp = (dki_t *)zkt_search (data, searchtag, keyname)) == NULL ) - fatal ("Key with tag %u not found\n", searchtag); - else if ( dkp == (void *) 01 ) - fatal ("Key with tag %u found multiple times\n", searchtag); - dki_remove (dkp); - break; - case 20: /* destroy the key (remove the files!) */ - if ( (dkp = (dki_t *)zkt_search (data, searchtag, keyname)) == NULL ) - fatal ("Key with tag %u not found\n", searchtag); - else if ( dkp == (void *) 01 ) - fatal ("Key with tag %u found multiple times\n", searchtag); - dki_destroy (dkp); - break; - case 'R': - if ( (dkp = (dki_t *)zkt_search (data, searchtag, keyname)) == NULL ) - fatal ("Key with tag %u not found\n", searchtag); - else if ( dkp == (void *) 01 ) - fatal ("Key with tag %u found multiple times\n", searchtag); - if ( (c = dki_setstatus (dkp, action)) != 0 ) - fatal ("Couldn't change status of key %u: %d\n", searchtag, c); - break; - case 's': - if ( (dkp = (dki_t *)zkt_search (data, searchtag, keyname)) == NULL ) - fatal ("Key with tag %u not found\n", searchtag); - else if ( dkp == (void *) 01 ) - fatal ("Key with tag %u found multiple times\n", searchtag); - dki_prt_dnskey (dkp, stdout); - break; - case 'K': - zkt_list_dnskeys (data); - break; - case 'T': - zkt_list_trustedkeys (data); - break; - case '1': /* ksk rollover new key */ - case '2': /* ksk rollover publish DS */ - case '3': /* ksk rollover delete old key */ - case '0': /* ksk rollover status */ - ksk_roll (kskdomain, action - '0', data, config); - break; - case 'F': - zkt_setkeylifetime (data); - /* fall through */ - default: - zkt_list_keys (data); - } - - return 0; -} - -# define sopt_usage(mesg, value) fprintf (stderr, mesg, value) -#if defined(HAVE_GETOPT_LONG) && HAVE_GETOPT_LONG -# define lopt_usage(mesg, value) fprintf (stderr, mesg, value) -# define loptstr(lstr, sstr) lstr -#else -# define lopt_usage(mesg, value) -# define loptstr(lstr, sstr) sstr -#endif -static void usage (char *mesg, zconf_t *cp) -{ - fprintf (stderr, "Secure DNS Zone Key Tool %s\n", ZKT_VERSION); - fprintf (stderr, "\n"); - fprintf (stderr, "Show zone config parameter as %s file\n", LOCALCONF_FILE); - sopt_usage ("\tusage: %s -Z\n", progname); - lopt_usage ("\tusage: %s --zone-config\n", progname); - fprintf (stderr, "\n"); - fprintf (stderr, "List keys in current or given directory (-r for recursive mode)\n"); - sopt_usage ("\tusage: %s [-dhatkzpr] [-c config] [file|dir ...]\n", progname); - fprintf (stderr, "\n"); - fprintf (stderr, "List public part of keys in DNSKEY RR format\n"); - sopt_usage ("\tusage: %s -K [-dhkzr] [-c config] [file|dir ...]\n", progname); - lopt_usage ("\tusage: %s --list-dnskeys [-dhkzr] [-c config] [file|dir ...]\n", progname); - fprintf (stderr, "\n"); - fprintf (stderr, "List keys (output is suitable for trusted-keys section)\n"); - sopt_usage ("\tusage: %s -T [-dhzr] [-c config] [file|dir ...]\n", progname); - lopt_usage ("\tusage: %s --list-trustedkeys [-dhzr] [-c config] [file|dir ...]\n", progname); - fprintf (stderr, "\n"); - fprintf (stderr, "Create a new key \n"); - sopt_usage ("\tusage: %s -C [-k] [-dpr] [-c config] [dir ...]\n", progname); - lopt_usage ("\tusage: %s --create= [-k] [-dpr] [-c config] [dir ...]\n", progname); - fprintf (stderr, "\t\tKSK (use -k): %s %d bits\n", dki_algo2str (cp->k_algo), cp->k_bits); - fprintf (stderr, "\t\tZSK (default): %s %d bits\n", dki_algo2str (cp->k_algo), cp->z_bits); - fprintf (stderr, "\n"); - fprintf (stderr, "Change key status of specified key to published, active or depreciated\n"); - fprintf (stderr, "\t( := tag | tag:name) \n"); - sopt_usage ("\tusage: %s -P|-A|-D [-dr] [-c config] [dir ...]\n", progname); - lopt_usage ("\tusage: %s --published= [-dr] [-c config] [dir ...]\n", progname); - lopt_usage ("\tusage: %s --active= [-dr] [-c config] [dir ...]\n", progname); - lopt_usage ("\tusage: %s --depreciated= [-dr] [-c config] [dir ...]\n", progname); - fprintf (stderr, "\n"); - fprintf (stderr, "Revoke specified key ( := tag | tag:name) \n"); - sopt_usage ("\tusage: %s -R [-dr] [-c config] [dir ...]\n", progname); - lopt_usage ("\tusage: %s --revoke= [-dr] [-c config] [dir ...]\n", progname); - fprintf (stderr, "\n"); - fprintf (stderr, "Remove (rename) or destroy (delete) specified key ( := tag | tag:name) \n"); - lopt_usage ("\tusage: %s --remove= [-dr] [-c config] [dir ...]\n", progname); - lopt_usage ("\tusage: %s --destroy= [-dr] [-c config] [dir ...]\n", progname); - fprintf (stderr, "\n"); - fprintf (stderr, "Initiate a semi-automated KSK rollover"); - fprintf (stderr, "('%s -9%s' prints out a short description)\n", progname, loptstr ("|--ksk-rollover", "")); - sopt_usage ("\tusage: %s {-1} do.ma.in.\n", progname); - lopt_usage ("\tusage: %s {--ksk-roll-phase1|--ksk-newkey} do.ma.in.\n", progname); - sopt_usage ("\tusage: %s {-2} do.ma.in.\n", progname); - lopt_usage ("\tusage: %s {--ksk-roll-phase2|--ksk-publish} do.ma.in.\n", progname); - sopt_usage ("\tusage: %s {-3} do.ma.in.\n", progname); - lopt_usage ("\tusage: %s {--ksk-roll-phase3|--ksk-delkey} do.ma.in.\n", progname); - sopt_usage ("\tusage: %s {-0} do.ma.in.\n", progname); - lopt_usage ("\tusage: %s {--ksk-roll-status|--ksk-status} do.ma.in.\n", progname); - fprintf (stderr, "\n"); - - fprintf (stderr, "\n"); - fprintf (stderr, "General options \n"); - fprintf (stderr, "\t-c file%s", loptstr (", --config=file\n", "")); - fprintf (stderr, "\t\t read config from instead of %s\n", CONFIG_FILE); - fprintf (stderr, "\t-O optstr%s", loptstr (", --config-option=\"optstr\"\n", "")); - fprintf (stderr, "\t\t read config options from commandline\n"); - fprintf (stderr, "\t-h%s\t no headline or trusted-key section header/trailer in -T mode\n", loptstr (", --nohead", "\t")); - fprintf (stderr, "\t-d%s\t skip directory arguments\n", loptstr (", --directory", "\t")); - fprintf (stderr, "\t-L%s\t print the domain name left justified (default: %s)\n", loptstr (", --leftjust", "\t"), ljustflag ? "on": "off"); - fprintf (stderr, "\t-l list\t\t print out only zone keys out of the given domain list\n"); - fprintf (stderr, "\t-p%s\t show path of keyfile / create key in current directory\n", loptstr (", --path", "\t")); - fprintf (stderr, "\t-r%s\t recursive mode on/off (default: %s)\n", loptstr(", --recursive", "\t"), recflag ? "on": "off"); - fprintf (stderr, "\t-a%s\t print age of key (default: %s)\n", loptstr (", --age", "\t"), ageflag ? "on": "off"); - fprintf (stderr, "\t-t%s\t print key generation time (default: %s)\n", loptstr (", --time", "\t"), - timeflag ? "on": "off"); - fprintf (stderr, "\t-e%s\t print key expiration time\n", loptstr (", --expire", "\t")); - fprintf (stderr, "\t-f%s\t print key lifetime\n", loptstr (", --lifetime", "\t")); - fprintf (stderr, "\t-F days%s=days\t set key lifetime\n", loptstr (", --setlifetime", "\t")); - fprintf (stderr, "\t-k%s\t key signing keys only\n", loptstr (", --ksk", "\t")); - fprintf (stderr, "\t-z%s\t zone signing keys only\n", loptstr (", --zsk", "\t")); - if ( mesg && *mesg ) - fprintf (stderr, "%s\n", mesg); - exit (1); -} - -static void createkey (const char *keyname, const dki_t *list, const zconf_t *conf) -{ - const char *dir = ""; - dki_t *dkp; - - if ( keyname == NULL || *keyname == '\0' ) - fatal ("Create key: no keyname!"); - - dbg_val2 ("createkey: keyname %s, pathflag = %d\n", keyname, pathflag); - /* search for already existent key to get the directory name */ - if ( pathflag && (dkp = (dki_t *)zkt_search (list, 0, keyname)) != NULL ) - { - char path[MAX_PATHSIZE+1]; - zconf_t localconf; - - dir = dkp->dname; - pathname (path, sizeof (path), dir, LOCALCONF_FILE, NULL); - if ( fileexist (path) ) /* load local config file */ - { - dbg_val ("Load local config file \"%s\"\n", path); - memcpy (&localconf, conf, sizeof (zconf_t)); - conf = loadconfig (path, &localconf); - } - } - - if ( zskflag ) - dkp = dki_new (dir, keyname, DKI_ZSK, conf->k_algo, conf->z_bits, conf->z_random, conf->z_life / DAYSEC); - else - dkp = dki_new (dir, keyname, DKI_KSK, conf->k_algo, conf->k_bits, conf->k_random, conf->k_life / DAYSEC); - if ( dkp == NULL ) - fatal ("Can't create key %s: %s!\n", keyname, dki_geterrstr ()); - - /* create a new key always in state published, which means "standby" for ksk */ - dki_setstatus (dkp, DKI_PUB); -} - -static int get_parent_phase (const char *file) -{ - FILE *fp; - int phase; - - if ( (fp = fopen (file, "r")) == NULL ) - return -1; - - phase = 0; - if ( fscanf (fp, "; KSK rollover phase%d", &phase) != 1 ) - phase = 0; - - fclose (fp); - return phase; -} - -static void ksk_roll (const char *keyname, int phase, const dki_t *list, const zconf_t *conf) -{ - char path[MAX_PATHSIZE+1]; - zconf_t localconf; - const char *dir; - dki_t *keylist; - dki_t *dkp; - dki_t *standby; - int parent_exist; - int parent_age; - int parent_phase; - int parent_propagation; - int key_ttl; - int ksk; - - if ( phase == 9 ) /* usage */ - { - fprintf (stderr, "A KSK rollover requires three consecutive steps:\n"); - fprintf (stderr, "\n"); - fprintf (stderr, "-1%s", loptstr ("|--ksk-roll-phase1 (--ksk-newkey)\n", "")); - fprintf (stderr, "\t Create a new KSK.\n"); - fprintf (stderr, "\t This step also creates a parent- file which contains only\n"); - fprintf (stderr, "\t the _old_ key. This file will be copied in hierarchical mode\n"); - fprintf (stderr, "\t by dnssec-signer to the parent directory as keyset- file.\n"); - fprintf (stderr, "\t Wait until the new keyset is propagated, before going to the next step.\n"); - fprintf (stderr, "\n"); - fprintf (stderr, "-2%s", loptstr ("|--ksk-roll-phase2 (--ksk-publish)\n", "")); - fprintf (stderr, "\t This step creates a parent- file with the _new_ key only.\n"); - fprintf (stderr, "\t Please send this file immediately to the parent (In hierarchical\n"); - fprintf (stderr, "\t mode this will be done automatically by the dnssec-signer command).\n"); - fprintf (stderr, "\t Then wait until the new DS is generated by the parent and propagated\n"); - fprintf (stderr, "\t to all the parent name server, plus the old DS TTL before going to step three.\n"); - fprintf (stderr, "\n"); - fprintf (stderr, "-3%s", loptstr ("|--ksk-roll-phase3 (--ksk-delkey)\n", "")); - fprintf (stderr, "\t Remove (rename) the old KSK and the parent- file.\n"); - fprintf (stderr, "\t You have to manually delete the old KSK (look at file names beginning\n"); - fprintf (stderr, "\t with an lower 'k').\n"); - fprintf (stderr, "\n"); - fprintf (stderr, "-0%s", loptstr ("|--ksk-roll-stat (--ksk-status)\n", "")); - fprintf (stderr, "\t Show the current KSK rollover state of a domain.\n"); - - fprintf (stderr, "\n"); - - return; - } - - if ( keyname == NULL || *keyname == '\0' ) - fatal ("ksk rollover: no domain!"); - - dbg_val2 ("ksk_roll: keyname %s, phase = %d\n", keyname, phase); - - /* search for already existent key to get the directory name */ - if ( (keylist = (dki_t *)zkt_search (list, 0, keyname)) == NULL ) - fatal ("ksk rollover: domain %s not found!\n", keyname); - dkp = keylist; - - /* try to read local config file */ - dir = dkp->dname; - pathname (path, sizeof (path), dir, LOCALCONF_FILE, NULL); - if ( fileexist (path) ) /* load local config file */ - { - dbg_val ("Load local config file \"%s\"\n", path); - memcpy (&localconf, conf, sizeof (zconf_t)); - conf = loadconfig (path, &localconf); - } - key_ttl = conf->key_ttl; - - /* check if parent-file already exist */ - pathname (path, sizeof (path), dir, "parent-", keyname); - parent_phase = parent_age = 0; - if ( (parent_exist = fileexist (path)) != 0 ) - { - parent_phase = get_parent_phase (path); - parent_age = file_age (path); - } - // parent_propagation = 2 * DAYSEC; - parent_propagation = 5 * MINSEC; - - ksk = 0; /* count active(!) key signing keys */ - standby = NULL; /* find standby key if available */ - for ( dkp = keylist; dkp; dkp = dkp->next ) - if ( dki_isksk (dkp) ) - { - if ( dki_status (dkp) == DKI_ACT ) - ksk++; - else if ( dki_status (dkp) == DKI_PUB ) - standby = dkp; - } - - switch ( phase ) - { - case 0: /* print status (debug) */ - fprintf (stdout, "ksk_rollover:\n"); - fprintf (stdout, "\t domain = %s\n", keyname); - fprintf (stdout, "\t phase = %d\n", parent_phase); - fprintf (stdout, "\t parent_file %s %s\n", path, parent_exist ? "exist": "not exist"); - if ( parent_exist ) - fprintf (stdout, "\t age of parent_file %d %s\n", parent_age, str_delspace (age2str (parent_age))); - fprintf (stdout, "\t # of active key signing keys %d\n", ksk); - fprintf (stdout, "\t parent_propagation %d %s\n", parent_propagation, str_delspace (age2str (parent_propagation))); - fprintf (stdout, "\t keys ttl %d %s\n", key_ttl, age2str (key_ttl)); - - for ( dkp = keylist; dkp; dkp = dkp->next ) - { - /* TODO: Nur zum testen */ - dki_prt_dnskey (dkp, stdout); - } - break; - case 1: - if ( parent_exist || ksk > 1 ) - fatal ("Can\'t create new ksk because there is already an ksk rollover in progress\n"); - - fprintf (stdout, "create new ksk \n"); - dkp = dki_new (dir, keyname, DKI_KSK, conf->k_algo, conf->k_bits, conf->k_random, conf->k_life / DAYSEC); - if ( dkp == NULL ) - fatal ("Can't create key %s: %s!\n", keyname, dki_geterrstr ()); - if ( standby ) - { - dki_setstatus (standby, DKI_ACT); /* activate standby key */ - dki_setstatus (dkp, DKI_PUB); /* new key will be the new standby */ - } - - // dkp = keylist; /* use old key to create the parent file */ - if ( (dkp = (dki_t *)dki_findalgo (keylist, 1, conf->k_algo, 'a', 1)) == NULL ) /* find the oldest active ksk to create the parent file */ - fatal ("ksk_rollover phase1: Couldn't find the old active key\n"); - if ( !create_parent_file (path, phase, key_ttl, dkp) ) - fatal ("Couldn't create parentfile %s\n", path); - break; - - case 2: - if ( ksk < 2 ) - fatal ("Can\'t publish new key because no one exist\n"); - if ( !parent_exist ) - fatal ("More than one KSK but no parent file found!\n"); - if ( parent_phase != 1 ) - fatal ("Parent file exists but is in wrong state (phase = %d)\n", parent_phase); - if ( parent_age < conf->proptime + key_ttl ) - fatal ("ksk_rollover (phase2): you have to wait for the propagation of the new KSK (at least %dsec or %s)\n", - conf->proptime + key_ttl - parent_age, - str_delspace (age2str (conf->proptime + key_ttl - parent_age))); - - fprintf (stdout, "save new ksk in parent file\n"); - dkp = keylist->next; /* set dkp to new ksk */ - if ( !create_parent_file (path, phase, key_ttl, dkp) ) - fatal ("Couldn't create parentfile %s\n", path); - break; - case 3: - if ( !parent_exist || ksk < 2 ) - fatal ("ksk-delkey only allowed after ksk-publish\n"); - if ( parent_phase != 2 ) - fatal ("Parent file exists but is in wrong state (phase = %d)\n", parent_phase); - if ( parent_age < parent_propagation + key_ttl ) - fatal ("ksk_rollover (phase3): you have to wait for DS propagation (at least %dsec or %s)\n", - parent_propagation + key_ttl - parent_age, - str_delspace (age2str (parent_propagation + key_ttl - parent_age))); - /* remove the parentfile */ - fprintf (stdout, "remove parentfile \n"); - unlink (path); - /* remove or rename the old key */ - fprintf (stdout, "old ksk renamed \n"); - dkp = keylist; /* set dkp to old ksk */ - dki_remove (dkp); - break; - default: assert (phase == 1 || phase == 2 || phase == 3); - } -} - -/***************************************************************** -** create_parent_file () -*****************************************************************/ -static int create_parent_file (const char *fname, int phase, int ttl, const dki_t *dkp) -{ - FILE *fp; - - assert ( fname != NULL ); - - if ( dkp == NULL || (phase != 1 && phase != 2) ) - return 0; - - if ( (fp = fopen (fname, "w")) == NULL ) - fatal ("can\'t create new parentfile \"%s\"\n", fname); - - if ( phase == 1 ) - fprintf (fp, "; KSK rollover phase1 (old key)\n"); - else - fprintf (fp, "; KSK rollover phase2 (new key)\n"); - - dki_prt_dnskeyttl (dkp, fp, ttl); - fclose (fp); - - return phase; -} - -static int parsedirectory (const char *dir, dki_t **listp) -{ - dki_t *dkp; - DIR *dirp; - struct dirent *dentp; - char path[MAX_PATHSIZE+1]; - - if ( dirflag ) - return 0; - - dbg_val ("directory: opendir(%s)\n", dir); - if ( (dirp = opendir (dir)) == NULL ) - return 0; - - while ( (dentp = readdir (dirp)) != NULL ) - { - if ( is_dotfilename (dentp->d_name) ) - continue; - - dbg_val ("directory: check %s\n", dentp->d_name); - pathname (path, sizeof (path), dir, dentp->d_name, NULL); - if ( is_directory (path) && recflag ) - { - dbg_val ("directory: recursive %s\n", path); - parsedirectory (path, listp); - } - else if ( is_keyfilename (dentp->d_name) ) - if ( (dkp = dki_read (dir, dentp->d_name)) ) - { - // fprintf (stderr, "parsedir: tssearch (%d %s)\n", dkp, dkp->name); -#if defined (USE_TREE) && USE_TREE - dki_tadd (listp, dkp, 1); -#else - dki_add (listp, dkp); -#endif - } - } - closedir (dirp); - return 1; -} - -static void parsefile (const char *file, dki_t **listp) -{ - char path[MAX_PATHSIZE+1]; - dki_t *dkp; - - /* file arg contains path ? ... */ - file = splitpath (path, sizeof (path), file); /* ... then split of */ - - if ( is_keyfilename (file) ) /* plain file name looks like DNS key file ? */ - { - if ( (dkp = dki_read (path, file)) ) /* read DNS key file ... */ -#if defined (USE_TREE) && USE_TREE - dki_tadd (listp, dkp, 1); /* ... and add to tree */ -#else - dki_add (listp, dkp); /* ... and add to list */ -#endif - else - error ("error parsing %s: (%s)\n", file, dki_geterrstr()); - } -} - -static const char *parsetag (const char *str, int *tagp) -{ - const char *p; - - *tagp = 0; - while ( isspace (*str) ) /* skip leading ws */ - str++; - - p = str; - if ( isdigit (*p) ) /* keytag starts with digit */ - { - sscanf (p, "%u", tagp); /* read keytag as number */ - do /* eat up to the end of the number */ - p++; - while ( isdigit (*p) ); - - if ( *p == ':' ) /* label follows ? */ - return p+1; /* return that */ - if ( *p == '\0' ) - return NULL; /* no label */ - } - return str; /* return as label string if not a numeric keytag */ -} - diff --git a/contrib/zkt/examples/flat/example.net/Kexample.net.+008+08406.key b/contrib/zkt/examples/flat/example.net/Kexample.net.+008+08406.key deleted file mode 100644 index fa33d5a6a0..0000000000 --- a/contrib/zkt/examples/flat/example.net/Kexample.net.+008+08406.key +++ /dev/null @@ -1,3 +0,0 @@ -;% generationtime=20100311225233 -;% lifetime=60d -example.net. IN DNSKEY 257 3 8 BQEAAAABDUkWE4dtbBTfkAnlOJSbnYSikE7cyHPg6qFItoYObenlTGkG TECQb1flWaKLDhQZ54CdnYN3FdlRVHKmkkxZOwH0HvW+fGXTGv35adGJ JBDqlJWJC0bxHsrlUZTdczt2B6g9AHUUg2WSXTa5KZHJGjFiACFzfln9 SQlVj/UzWGv2sDwQb+XiOIHkZ2VmMPx3SvFOOIG4nmTla76XYTNfUJPY BQ== diff --git a/contrib/zkt/examples/flat/example.net/Kexample.net.+008+08406.private b/contrib/zkt/examples/flat/example.net/Kexample.net.+008+08406.private deleted file mode 100644 index b2832b23a6..0000000000 --- a/contrib/zkt/examples/flat/example.net/Kexample.net.+008+08406.private +++ /dev/null @@ -1,10 +0,0 @@ -Private-key-format: v1.2 -Algorithm: 8 (RSASHA256) -Modulus: DUkWE4dtbBTfkAnlOJSbnYSikE7cyHPg6qFItoYObenlTGkGTECQb1flWaKLDhQZ54CdnYN3FdlRVHKmkkxZOwH0HvW+fGXTGv35adGJJBDqlJWJC0bxHsrlUZTdczt2B6g9AHUUg2WSXTa5KZHJGjFiACFzfln9SQlVj/UzWGv2sDwQb+XiOIHkZ2VmMPx3SvFOOIG4nmTla76XYTNfUJPYBQ== -PublicExponent: AQAAAAE= -PrivateExponent: AeHyClC8SYdKB3mQtwWx/z08pCjHEs18KF9HbWddQnQrrJKP1lh1r6DGmJ5oigg3i2x/NEBUXw345FYQ7ynaVewt4KoQ2c6vT1ZyOXuoCmJknMxXKaVma5L3+hrGwdaS7tbJXGQrq6FHaYOO/2un8G7qRU5zoods+iR8qCRktkYVk2PS7wrdeQu9XaGUl5pPwh7fmNmjpfe16kyk3M2xoThEUQ== -Prime1: A9GgY74jQxKOqTEMivti0zJIuxjlN7k1+MlTDQliH8EiFy8b/6HqRqddgdeuPDt8s0jv1cGxnMig4761JszH7CQeHbefeoLw95OXu7v6hpw3Uw== -Prime2: A3qansKrFaIwWJw7n0//qO52mEKCxoljeMzbeXx4f+pgADmyMcv8ysHMUPP6BEwVxlxHVyv9a3lxQRa8ZdPtFV+QK3Zy3PfAV8SoahbYgi2ARw== -Exponent1: v6z/wlryoSYkgnlkxM6uC6AEc7ZQQdla7cG+iaeEJq8pfzPClkU+WiBP9MJroO8ExM1mj/bjIfw3/Vel5NuLD9uU+BIV1qzcWKbPwo7xZnqh -Exponent2: OPEA/pb22DU0GDyS1UmOmJGjyp2Irxe1LJL6J16bK/lCqPNenT8qIYbLY2EKUoRhAirvurd4/fXqnzNVYdw369C/DBtfZ6AeAfs4no/+Fnfx -Coefficient: /pte3nUM+M1VmAs7z3bhTdbPWIJZk7z0RkcBhFvUn4ZGgImUSFF8/psPzvQFy9pyGzinviE16aI0UVEBxL7NkFfSs9cMX0jpItFDyJTcxvjA diff --git a/contrib/zkt/examples/flat/example.net/Kexample.net.+008+36257.key b/contrib/zkt/examples/flat/example.net/Kexample.net.+008+36257.key deleted file mode 100644 index 3ded31f8fe..0000000000 --- a/contrib/zkt/examples/flat/example.net/Kexample.net.+008+36257.key +++ /dev/null @@ -1,3 +0,0 @@ -;% generationtime=20100311225233 -;% lifetime=14d -example.net. IN DNSKEY 256 3 8 BQEAAAABy5vGV4emguE++EM1DlDEro5fPi7oHyQ4N95DZE//Wtr+/twH y339QiyRFhYcZrb8Wt6ZgT3qXbL2RUVQ9X8ZCQ== diff --git a/contrib/zkt/examples/flat/example.net/Kexample.net.+008+36257.private b/contrib/zkt/examples/flat/example.net/Kexample.net.+008+36257.private deleted file mode 100644 index d13ba75f20..0000000000 --- a/contrib/zkt/examples/flat/example.net/Kexample.net.+008+36257.private +++ /dev/null @@ -1,10 +0,0 @@ -Private-key-format: v1.2 -Algorithm: 8 (RSASHA256) -Modulus: y5vGV4emguE++EM1DlDEro5fPi7oHyQ4N95DZE//Wtr+/twHy339QiyRFhYcZrb8Wt6ZgT3qXbL2RUVQ9X8ZCQ== -PublicExponent: AQAAAAE= -PrivateExponent: uHA+A2dABi4t2afEHHud8MajxjMLqxw/+t0yzsRgye6eiAkJVuhYSdxxqmlqMmSayrBNSX2jYHdKmY49W6kmUQ== -Prime1: 6pzzNfud8Hzw9UdeitwJwVzFaAfV/RmRmTCm4OLBGD0= -Prime2: 3itJLwoOTYkb2rOQNjZ/4hMNov3plClxo5e9iPSARL0= -Exponent1: w/gumsQA0FOkuuMBp5PcTsbHbebL9SAVDURQgLo2ZMU= -Exponent2: ILYpsGsfTcHDSAmGbQBRSsFQEKw7Ghx/mIcWoUIN250= -Coefficient: cwmz0VwEQ4Jjc3+T0tDgH9fhUiyISbuV/0Bz25E5bYA= diff --git a/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+02048.key b/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+02048.key deleted file mode 100644 index 92cea13a34..0000000000 --- a/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+02048.key +++ /dev/null @@ -1,3 +0,0 @@ -;% generationtime=20100311224635 -;% lifetime=3d -sub.example.net. IN DNSKEY 256 3 7 AwEAAZeWiMSfoNTQkZhKHK2+OXmKRSXgBjad7VBC9tZ40aIr5pPtDWCg 8iELYF4M6ybq0M1ffUO+GHZt89A624SkWps= diff --git a/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+02048.published b/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+02048.published deleted file mode 100644 index da71bf9c49..0000000000 --- a/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+02048.published +++ /dev/null @@ -1,10 +0,0 @@ -Private-key-format: v1.2 -Algorithm: 7 (NSEC3RSASHA1) -Modulus: l5aIxJ+g1NCRmEocrb45eYpFJeAGNp3tUEL21njRoivmk+0NYKDyIQtgXgzrJurQzV99Q74Ydm3z0DrbhKRamw== -PublicExponent: AQAB -PrivateExponent: ItWA0E4uUzkqe+hr9rED3B4eDboRM3PPGOaKenaBFdbONA8X6GbCTCAE6oF7DGSebfi6I9HTjLs24ZItD7bHwQ== -Prime1: yLZLkD+0SqDwPDKXlK6qHMRKwGDcNw5MxELfv3ftyRM= -Prime2: wVginHuVgdmvAxTX51WmK922+KTwk/w+Od+/W2N6IVk= -Exponent1: XE5aGhDyHZA+a7DovVxGp8wuhKMHI9rTuz72H9xL4zk= -Exponent2: XemKfknFGBp9WNjR+kru+RWrn2C2fpsiOohE8YYDN5k= -Coefficient: ZmS8ZDDLz6CtwYEvGJgTsNTw/bj6JMaZ8cFh3x1Zd4Y= diff --git a/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+41747.key b/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+41747.key deleted file mode 100644 index d91daac257..0000000000 --- a/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+41747.key +++ /dev/null @@ -1,3 +0,0 @@ -;% generationtime=20100308221149 -;% lifetime=3d -sub.example.net. IN DNSKEY 256 3 7 AwEAAcIDTNHrG9ssCz/VueiPUQaw4IAM5GvECljWsX+SfXSCkhHg5loq +FXNRa80EJCyh5b0sicbdVOhJ9DVNaRKYxU= diff --git a/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+41747.private b/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+41747.private deleted file mode 100644 index 749ba93907..0000000000 --- a/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+41747.private +++ /dev/null @@ -1,10 +0,0 @@ -Private-key-format: v1.2 -Algorithm: 7 (NSEC3RSASHA1) -Modulus: wgNM0esb2ywLP9W56I9RBrDggAzka8QKWNaxf5J9dIKSEeDmWir4Vc1FrzQQkLKHlvSyJxt1U6En0NU1pEpjFQ== -PublicExponent: AQAB -PrivateExponent: fYBY/ynROTQCiuacfh3HUka00uCEGloUP2eSJm4CjYyQyy/he5haU0hcJw5JvxhI0pGj+eDEzaE+5oq1pKntOQ== -Prime1: 4YRNB1cSh3F9+pQglY5/H4STx2pIADAO0mRFO2Lu+Mc= -Prime2: 3DzZhCWENMYZvx9ovZTtIUIUpXEPtN4p7FqYC0OFgUM= -Exponent1: Dk7UjEir9kfvFDzdrF90FU3WCmrl0o06A4M1GUV3n/U= -Exponent2: ppnBUZ2vrNxOja2M5hzKZOZACAbHAuMsg4bkjWC+lVE= -Coefficient: LA7G4rCRiDP8P+Cg+JQUKBUgZ8F+dpGA3E/aVOYhaWw= diff --git a/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+42834.key b/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+42834.key deleted file mode 100644 index 984cbbe6ed..0000000000 --- a/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+42834.key +++ /dev/null @@ -1,3 +0,0 @@ -;% generationtime=20100124184339 -;% lifetime=7d -sub.example.net. IN DNSKEY 257 3 7 AwEAAfTQL8DTr3eYpPziT+cnKnzMewbEBtRxfkb697qoRK4pKkGYGVWu jIEyjts/aluYd+Nw85rvRFPNVJwmM63jvJapql1pKfyFPSl4YVJMxaCv OMhd1JATDnrTq70evQQmOHyxVKe8k9zk0GKeRgX8sl228AvdiGOfxWmT BoOxYowx diff --git a/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+42834.private b/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+42834.private deleted file mode 100644 index a0f44d7982..0000000000 --- a/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+42834.private +++ /dev/null @@ -1,10 +0,0 @@ -Private-key-format: v1.2 -Algorithm: 7 (NSEC3RSASHA1) -Modulus: 9NAvwNOvd5ik/OJP5ycqfMx7BsQG1HF+Rvr3uqhErikqQZgZVa6MgTKO2z9qW5h343Dzmu9EU81UnCYzreO8lqmqXWkp/IU9KXhhUkzFoK84yF3UkBMOetOrvR69BCY4fLFUp7yT3OTQYp5GBfyyXbbwC92IY5/FaZMGg7FijDE= -PublicExponent: AQAB -PrivateExponent: nn1ZLQDejBKqXX02NXPJsdm/m/W0ZjzDf7hiQNlG/WlxDd4mKK5EEDBnA9HeTUY792bcjuVv2sEHkb+5nU3efHdZypvY8wsvKKNUtxWJl9O5ip7GXh4/7YQeNKW/zgE1Xz+Yu6ht3e8XuxaIXHuQ5mBC0E5AUUYPhVBCTR08CkE= -Prime1: /MeAn2UCjXS8VIoi5Zp90w2qB6ub0wqeLCI0zpXCxWlLTrDSpFORdGuPEctE5cNlDX7y9gq6a5vxnN/b+DnNdQ== -Prime2: 9+6zb1zEpyJzcscrSVVjacjNbyI9OwfrA7XjU5PppCyFLRvP3+L/pjqgDhyoZmCo3VMqnOjxpIeffvmDsUjATQ== -Exponent1: ddE+4AwifnAUf4rK7R1u2/oYb+7KeDkQtB1VY5xl5cFH+mtsIm9Y8lxXmMGXYUgLR5kOASPK8/EBUk78pdu7KQ== -Exponent2: OIT16sEfI2q7HsNAnusUSp04F8maY8aeUK46MGdbr81mXq4kaUl6Ng7PRehKi2wlkq7O3A5OZ89zEKMY3mVTUQ== -Coefficient: ZO4OrBf5SCcbAccN63xHAlm/Pelu4wWw3yo/BaWPYE3Sf+FJt0O3TJQsmm5B+KbrruLsX6lWWHf4ZerizKFhKQ== diff --git a/contrib/zkt/examples/flat/sub.example.net/zktlog-sub.example.net. b/contrib/zkt/examples/flat/sub.example.net/zktlog-sub.example.net. deleted file mode 100644 index 01111fd312..0000000000 --- a/contrib/zkt/examples/flat/sub.example.net/zktlog-sub.example.net. +++ /dev/null @@ -1,321 +0,0 @@ -2010-02-06 00:26:54.532: debug: Check RFC5011 status -2010-02-06 00:26:54.532: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-02-06 00:26:54.533: debug: Check KSK status -2010-02-06 00:26:54.533: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 5d4h43m15s -2010-02-06 00:26:54.533: debug: Check ZSK status -2010-02-06 00:26:54.533: debug: Re-signing not necessary! -2010-02-06 00:26:54.533: debug: Check if there is a parent file to copy -2010-02-06 00:29:31.290: debug: Check RFC5011 status -2010-02-06 00:29:31.290: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-02-06 00:29:31.290: debug: Check KSK status -2010-02-06 00:29:31.290: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 5d4h45m52s -2010-02-06 00:29:31.290: debug: Check ZSK status -2010-02-06 00:29:31.290: debug: Re-signing not necessary! -2010-02-06 00:29:31.290: debug: Check if there is a parent file to copy -2010-02-06 00:40:35.043: debug: Check RFC5011 status -2010-02-06 00:40:35.043: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-02-06 00:40:35.043: debug: Check KSK status -2010-02-06 00:40:35.043: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 5d4h56m56s -2010-02-06 00:40:35.043: debug: Check ZSK status -2010-02-06 00:40:35.043: debug: Re-signing not necessary! -2010-02-06 00:40:35.043: debug: Check if there is a parent file to copy -2010-02-06 00:52:55.402: debug: Check RFC5011 status -2010-02-06 00:52:55.402: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-02-06 00:52:55.402: debug: Check KSK status -2010-02-06 00:52:55.403: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 5d5h9m16s -2010-02-06 00:52:55.403: debug: Check ZSK status -2010-02-06 00:52:55.403: debug: Re-signing not necessary! -2010-02-06 00:52:55.403: debug: Check if there is a parent file to copy -2010-02-07 13:53:47.883: debug: Check RFC5011 status -2010-02-07 13:53:47.883: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-02-07 13:53:47.883: debug: Check KSK status -2010-02-07 13:53:47.883: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 6d18h10m8s -2010-02-07 13:53:47.883: debug: Check ZSK status -2010-02-07 13:53:47.883: debug: Re-signing necessary: re-signing interval (1d) reached -2010-02-07 13:53:47.884: notice: "sub.example.net.": re-signing triggered: re-signing interval (1d) reached -2010-02-07 13:53:47.884: debug: Writing key file "./sub.example.net/dnskey.db" -2010-02-07 13:53:47.884: debug: Signing zone "sub.example.net." -2010-02-07 13:53:47.884: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 880820 -C -g -p -d ../keysets -o sub.example.net. -e +172800 -N unixtime zone.db K*.private 2>&1" -2010-02-07 13:53:48.303: debug: Cmd dnssec-signzone return: "zone.db.signed" -2010-02-07 13:53:48.304: debug: Signing completed after 1s. -2010-02-07 13:54:03.465: debug: Check RFC5011 status -2010-02-07 13:54:03.465: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-02-07 13:54:03.465: debug: Check KSK status -2010-02-07 13:54:03.466: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 6d18h10m24s -2010-02-07 13:54:03.466: debug: Check ZSK status -2010-02-07 13:54:03.466: debug: Re-signing not necessary! -2010-02-07 13:54:03.466: debug: Check if there is a parent file to copy -2010-02-07 13:54:07.955: debug: Check RFC5011 status -2010-02-07 13:54:07.955: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-02-07 13:54:07.955: debug: Check KSK status -2010-02-07 13:54:07.955: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 6d18h10m28s -2010-02-07 13:54:07.955: debug: Check ZSK status -2010-02-07 13:54:07.956: debug: Re-signing necessary: Option -f -2010-02-07 13:54:07.956: notice: "sub.example.net.": re-signing triggered: Option -f -2010-02-07 13:54:07.956: debug: Writing key file "./sub.example.net/dnskey.db" -2010-02-07 13:54:07.956: debug: Signing zone "sub.example.net." -2010-02-07 13:54:07.956: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 325964 -C -g -p -d ../keysets -o sub.example.net. -e +172800 -N unixtime zone.db K*.private 2>&1" -2010-02-07 13:54:08.003: debug: Cmd dnssec-signzone return: "zone.db.signed" -2010-02-07 13:54:08.003: debug: Signing completed after 1s. -2010-02-07 13:54:08.003: notice: "sub.example.net.": distribution triggered -2010-02-07 13:54:08.003: debug: Distribute zone "sub.example.net." -2010-02-07 13:54:08.003: debug: Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net/zone.db.signed " -2010-02-07 13:54:08.013: debug: ./dist.sh distribute return: "scp ./sub.example.net/zone.db.signed localhost:/var/named/sub.example.net./" -2010-02-07 13:54:08.013: notice: "sub.example.net.": reload triggered -2010-02-07 13:54:08.013: debug: Reload zone "sub.example.net." -2010-02-07 13:54:08.013: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net/zone.db.signed " -2010-02-07 13:54:08.019: debug: ./dist.sh reload return: "rndc reload sub.example.net. " -2010-02-07 14:06:27.669: debug: Check RFC5011 status -2010-02-07 14:06:27.669: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-02-07 14:06:27.669: debug: Check KSK status -2010-02-07 14:06:27.669: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 6d18h22m48s -2010-02-07 14:06:27.669: debug: Check ZSK status -2010-02-07 14:06:27.669: debug: Re-signing not necessary! -2010-02-07 14:06:27.670: debug: Check if there is a parent file to copy -2010-02-07 14:06:33.713: debug: Check RFC5011 status -2010-02-07 14:06:33.713: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-02-07 14:06:33.713: debug: Check KSK status -2010-02-07 14:06:33.713: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 6d18h22m54s -2010-02-07 14:06:33.713: debug: Check ZSK status -2010-02-07 14:06:33.714: debug: Re-signing necessary: Option -f -2010-02-07 14:06:33.714: notice: "sub.example.net.": re-signing triggered: Option -f -2010-02-07 14:06:33.714: debug: Writing key file "./sub.example.net/dnskey.db" -2010-02-07 14:06:33.714: debug: Signing zone "sub.example.net." -2010-02-07 14:06:33.714: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 4A3DFB -C -g -p -d ../keysets -o sub.example.net. -e +172800 -N unixtime zone.db K*.private 2>&1" -2010-02-07 14:06:33.745: debug: Cmd dnssec-signzone return: "zone.db.signed" -2010-02-07 14:06:33.745: debug: Signing completed after 0s. -2010-02-07 14:06:33.745: notice: "sub.example.net.": distribution triggered -2010-02-07 14:06:33.745: debug: Distribute zone "sub.example.net." -2010-02-07 14:06:33.745: debug: Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net/zone.db.signed " -2010-02-07 14:06:33.749: debug: ./dist.sh distribute return: "scp ./sub.example.net/zone.db.signed localhost:/var/named/sub.example.net./" -2010-02-07 14:06:33.749: notice: "sub.example.net.": reload triggered -2010-02-07 14:06:33.749: debug: Reload zone "sub.example.net." -2010-02-07 14:06:33.749: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net/zone.db.signed " -2010-02-07 14:06:33.753: debug: ./dist.sh reload return: "rndc reload sub.example.net. " -2010-02-21 12:50:43.176: debug: Check RFC5011 status -2010-02-21 12:50:43.176: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-02-21 12:50:43.176: debug: Check KSK status -2010-02-21 12:50:43.176: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 2w6d17h7m4s -2010-02-21 12:50:43.176: debug: Check ZSK status -2010-02-21 12:50:43.176: debug: Lifetime(259200 +/-150 sec) of active key 7505 exceeded (1345179 sec) -2010-02-21 12:50:43.176: debug: ->depreciate it -2010-02-21 12:50:43.176: debug: ->activate published key 57167 -2010-02-21 12:50:43.176: notice: "sub.example.net.": lifetime of zone signing key 7505 exceeded: ZSK rollover done -2010-02-21 12:50:43.176: debug: New key for publishing needed -2010-02-21 12:50:43.445: debug: ->creating new key 49712 -2010-02-21 12:50:43.445: info: "sub.example.net.": new key 49712 generated for publishing -2010-02-21 12:50:43.445: debug: Re-signing necessary: Modfied zone key set -2010-02-21 12:50:43.445: notice: "sub.example.net.": re-signing triggered: Modfied zone key set -2010-02-21 12:50:43.445: debug: Writing key file "./sub.example.net/dnskey.db" -2010-02-21 12:50:43.445: debug: Signing zone "sub.example.net." -2010-02-21 12:50:43.445: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 2E31B5 -C -g -p -d ../keysets -o sub.example.net. -e +172800 -N unixtime zone.db K*.private 2>&1" -2010-02-21 12:50:43.580: debug: Cmd dnssec-signzone return: "zone.db.signed" -2010-02-21 12:50:43.580: debug: Signing completed after 0s. -2010-02-21 12:50:51.158: debug: Check RFC5011 status -2010-02-21 12:50:51.158: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-02-21 12:50:51.158: debug: Check KSK status -2010-02-21 12:50:51.159: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 2w6d17h7m12s -2010-02-21 12:50:51.159: debug: Check ZSK status -2010-02-21 12:50:51.159: debug: Re-signing necessary: Modfied zone key set -2010-02-21 12:50:51.159: notice: "sub.example.net.": re-signing triggered: Modfied zone key set -2010-02-21 12:50:51.159: debug: Writing key file "./sub.example.net/dnskey.db" -2010-02-21 12:50:51.159: debug: Signing zone "sub.example.net." -2010-02-21 12:50:51.159: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 41F65A -C -g -p -d ../keysets -o sub.example.net. -e +172800 -N unixtime zone.db K*.private 2>&1" -2010-02-21 12:50:51.205: debug: Cmd dnssec-signzone return: "zone.db.signed" -2010-02-21 12:50:51.205: debug: Signing completed after 0s. -2010-02-21 12:51:23.497: debug: Check RFC5011 status -2010-02-21 12:51:23.497: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-02-21 12:51:23.497: debug: Check KSK status -2010-02-21 12:51:23.497: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 2w6d17h7m44s -2010-02-21 12:51:23.497: debug: Check ZSK status -2010-02-21 12:51:23.497: debug: Re-signing not necessary! -2010-02-21 12:51:23.497: debug: Check if there is a parent file to copy -2010-02-21 19:16:18.384: debug: Check RFC5011 status -2010-02-21 19:16:18.384: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-02-21 19:16:18.384: debug: Check KSK status -2010-02-21 19:16:18.385: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 2w6d23h32m39s -2010-02-21 19:16:18.385: debug: Check ZSK status -2010-02-21 19:16:18.385: debug: Lifetime(390 sec) of depreciated key 7505 exceeded (23135 sec) -2010-02-21 19:16:18.385: info: "sub.example.net.": old ZSK 7505 removed -2010-02-21 19:16:18.401: debug: ->remove it -2010-02-21 19:16:18.401: debug: Re-signing necessary: Modfied zone key set -2010-02-21 19:16:18.401: notice: "sub.example.net.": re-signing triggered: Modfied zone key set -2010-02-21 19:16:18.401: debug: Writing key file "./sub.example.net/dnskey.db" -2010-02-21 19:16:18.401: debug: Signing zone "sub.example.net." -2010-02-21 19:16:18.401: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 3DADF2 -C -g -p -d ../keysets -o sub.example.net. -e +172800 -N unixtime zone.db K*.private 2>&1" -2010-02-21 19:16:18.593: debug: Cmd dnssec-signzone return: "zone.db.signed" -2010-02-21 19:16:18.593: debug: Signing completed after 0s. -2010-02-21 19:32:11.378: debug: Check RFC5011 status -2010-02-21 19:32:11.378: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-02-21 19:32:11.378: debug: Check KSK status -2010-02-21 19:32:11.378: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 2w6d23h48m32s -2010-02-21 19:32:11.378: debug: Check ZSK status -2010-02-21 19:32:11.378: debug: Re-signing not necessary! -2010-02-21 19:32:11.378: debug: Check if there is a parent file to copy -2010-02-21 19:32:15.930: debug: Check RFC5011 status -2010-02-21 19:32:15.930: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-02-21 19:32:15.930: debug: Check KSK status -2010-02-21 19:32:15.930: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 2w6d23h48m36s -2010-02-21 19:32:15.930: debug: Check ZSK status -2010-02-21 19:32:15.930: debug: Re-signing necessary: Option -f -2010-02-21 19:32:15.930: notice: "sub.example.net.": re-signing triggered: Option -f -2010-02-21 19:32:15.930: debug: Writing key file "./sub.example.net/dnskey.db" -2010-02-21 19:32:15.931: debug: Signing zone "sub.example.net." -2010-02-21 19:32:15.931: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 623FD7 -C -g -p -d ../keysets -o sub.example.net. -e +172800 -N unixtime zone.db K*.private 2>&1" -2010-02-21 19:32:15.982: debug: Cmd dnssec-signzone return: "zone.db.signed" -2010-02-21 19:32:15.982: debug: Signing completed after 0s. -2010-02-21 19:32:32.203: debug: Check RFC5011 status -2010-02-21 19:32:32.203: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-02-21 19:32:32.203: debug: Check KSK status -2010-02-21 19:32:32.203: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 2w6d23h48m53s -2010-02-21 19:32:32.203: debug: Check ZSK status -2010-02-21 19:32:32.203: debug: Re-signing necessary: Option -f -2010-02-21 19:32:32.203: notice: "sub.example.net.": re-signing triggered: Option -f -2010-02-21 19:32:32.203: debug: Writing key file "./sub.example.net/dnskey.db" -2010-02-21 19:32:32.203: debug: Signing zone "sub.example.net." -2010-02-21 19:32:32.203: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 C522CA -C -g -p -d ../keysets -o sub.example.net. -e +172800 -N unixtime zone.db K*.private 2>&1" -2010-02-21 19:32:32.232: debug: Cmd dnssec-signzone return: "zone.db.signed" -2010-02-21 19:32:32.232: debug: Signing completed after 0s. -2010-02-25 00:12:26.443: debug: Check RFC5011 status -2010-02-25 00:12:26.443: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-02-25 00:12:26.443: debug: Check KSK status -2010-02-25 00:12:26.443: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 3w3d4h28m47s -2010-02-25 00:12:26.443: debug: Check ZSK status -2010-02-25 00:12:26.443: debug: Lifetime(259200 +/-150 sec) of active key 57167 exceeded (300103 sec) -2010-02-25 00:12:26.443: debug: ->depreciate it -2010-02-25 00:12:26.444: debug: ->activate published key 49712 -2010-02-25 00:12:26.444: notice: "sub.example.net.": lifetime of zone signing key 57167 exceeded: ZSK rollover done -2010-02-25 00:12:26.444: debug: New key for publishing needed -2010-02-25 00:12:26.902: debug: ->creating new key 65009 -2010-02-25 00:12:26.902: info: "sub.example.net.": new key 65009 generated for publishing -2010-02-25 00:12:26.902: debug: Re-signing necessary: Modfied zone key set -2010-02-25 00:12:26.902: notice: "sub.example.net.": re-signing triggered: Modfied zone key set -2010-02-25 00:12:26.902: debug: Writing key file "./sub.example.net/dnskey.db" -2010-02-25 00:12:26.902: debug: Signing zone "sub.example.net." -2010-02-25 00:12:26.902: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 9AA7CB -C -g -p -d ../keysets -o sub.example.net. -e +172800 -N unixtime zone.db K*.private 2>&1" -2010-02-25 00:12:27.016: debug: Cmd dnssec-signzone return: "zone.db.signed" -2010-02-25 00:12:27.016: debug: Signing completed after 1s. -2010-02-25 23:42:20.653: debug: Check RFC5011 status -2010-02-25 23:42:20.653: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-02-25 23:42:20.653: debug: Check KSK status -2010-02-25 23:42:20.653: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 3w4d3h58m41s -2010-02-25 23:42:20.653: debug: Check ZSK status -2010-02-25 23:42:20.653: debug: Lifetime(390 sec) of depreciated key 57167 exceeded (84594 sec) -2010-02-25 23:42:20.653: info: "sub.example.net.": old ZSK 57167 removed -2010-02-25 23:42:20.661: debug: ->remove it -2010-02-25 23:42:20.661: debug: Re-signing necessary: Modfied zone key set -2010-02-25 23:42:20.661: notice: "sub.example.net.": re-signing triggered: Modfied zone key set -2010-02-25 23:42:20.661: debug: Writing key file "./sub.example.net/dnskey.db" -2010-02-25 23:42:20.662: debug: Signing zone "sub.example.net." -2010-02-25 23:42:20.662: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 2942EB -C -g -p -d ../keysets -o sub.example.net. -e +172800 -N unixtime zone.db K*.private 2>&1" -2010-02-25 23:42:21.012: debug: Cmd dnssec-signzone return: "zone.db.signed" -2010-02-25 23:42:21.012: debug: Signing completed after 1s. -2010-03-02 10:59:11.845: debug: Check RFC5011 status -2010-03-02 10:59:11.845: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-03-02 10:59:11.845: debug: Check KSK status -2010-03-02 10:59:11.846: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 4w1d15h15m32s -2010-03-02 10:59:11.846: debug: Check ZSK status -2010-03-02 10:59:11.846: debug: Lifetime(259200 +/-150 sec) of active key 49712 exceeded (470805 sec) -2010-03-02 10:59:11.846: debug: ->depreciate it -2010-03-02 10:59:11.846: debug: ->activate published key 65009 -2010-03-02 10:59:11.846: notice: "sub.example.net.": lifetime of zone signing key 49712 exceeded: ZSK rollover done -2010-03-02 10:59:11.846: debug: New key for publishing needed -2010-03-02 10:59:12.256: debug: ->creating new key 27377 -2010-03-02 10:59:12.256: info: "sub.example.net.": new key 27377 generated for publishing -2010-03-02 10:59:12.256: debug: Re-signing necessary: Modfied zone key set -2010-03-02 10:59:12.256: notice: "sub.example.net.": re-signing triggered: Modfied zone key set -2010-03-02 10:59:12.256: debug: Writing key file "./sub.example.net/dnskey.db" -2010-03-02 10:59:12.256: debug: Signing zone "sub.example.net." -2010-03-02 10:59:12.256: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 F9A34F -C -g -p -d ../keysets -o sub.example.net. -e +172800 -N unixtime zone.db K*.private 2>&1" -2010-03-02 10:59:12.415: debug: Cmd dnssec-signzone return: "zone.db.signed" -2010-03-02 10:59:12.416: debug: Signing completed after 0s. -2010-03-03 23:22:00.127: debug: Check RFC5011 status -2010-03-03 23:22:00.127: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-03-03 23:22:00.127: debug: Check KSK status -2010-03-03 23:22:00.127: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 4w3d3h38m21s -2010-03-03 23:22:00.127: debug: Check ZSK status -2010-03-03 23:22:00.127: debug: Lifetime(390 sec) of depreciated key 49712 exceeded (130969 sec) -2010-03-03 23:22:00.127: info: "sub.example.net.": old ZSK 49712 removed -2010-03-03 23:22:00.127: debug: ->remove it -2010-03-03 23:22:00.127: debug: Re-signing necessary: Modfied zone key set -2010-03-03 23:22:00.127: notice: "sub.example.net.": re-signing triggered: Modfied zone key set -2010-03-03 23:22:00.127: debug: Writing key file "./sub.example.net/dnskey.db" -2010-03-03 23:22:00.127: debug: Signing zone "sub.example.net." -2010-03-03 23:22:00.127: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 A3B721 -C -g -p -d ../keysets -o sub.example.net. -e +172800 -N unixtime zone.db K*.private 2>&1" -2010-03-03 23:22:00.394: debug: Cmd dnssec-signzone return: "zone.db.signed" -2010-03-03 23:22:00.394: debug: Signing completed after 0s. -2010-03-08 23:11:49.663: debug: Check RFC5011 status -2010-03-08 23:11:49.663: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-03-08 23:11:49.663: debug: Check KSK status -2010-03-08 23:11:49.663: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 5w1d3h28m10s -2010-03-08 23:11:49.664: debug: Check ZSK status -2010-03-08 23:11:49.664: debug: Lifetime(259200 +/-150 sec) of active key 65009 exceeded (562358 sec) -2010-03-08 23:11:49.664: debug: ->depreciate it -2010-03-08 23:11:49.664: debug: ->activate published key 27377 -2010-03-08 23:11:49.664: notice: "sub.example.net.": lifetime of zone signing key 65009 exceeded: ZSK rollover done -2010-03-08 23:11:49.664: debug: New key for publishing needed -2010-03-08 23:11:50.060: debug: ->creating new key 41747 -2010-03-08 23:11:50.060: info: "sub.example.net.": new key 41747 generated for publishing -2010-03-08 23:11:50.060: debug: Re-signing necessary: Modfied zone key set -2010-03-08 23:11:50.061: notice: "sub.example.net.": re-signing triggered: Modfied zone key set -2010-03-08 23:11:50.061: debug: Writing key file "././sub.example.net/dnskey.db" -2010-03-08 23:11:50.061: debug: Signing zone "sub.example.net." -2010-03-08 23:11:50.061: debug: Run cmd "cd ././sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 71C04F -C -g -p -d ../keysets -o sub.example.net. -e +172800 -N unixtime zone.db K*.private 2>&1" -2010-03-08 23:11:50.169: debug: Cmd dnssec-signzone return: "zone.db.signed" -2010-03-08 23:11:50.169: debug: Signing completed after 0s. -2010-03-08 23:18:52.243: debug: Check RFC5011 status -2010-03-08 23:18:52.243: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-03-08 23:18:52.243: debug: Check KSK status -2010-03-08 23:18:52.243: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 5w1d3h35m13s -2010-03-08 23:18:52.243: debug: Check ZSK status -2010-03-08 23:18:52.243: debug: Lifetime(390 sec) of depreciated key 65009 exceeded (423 sec) -2010-03-08 23:18:52.243: info: "sub.example.net.": old ZSK 65009 removed -2010-03-08 23:18:52.243: debug: ->remove it -2010-03-08 23:18:52.243: debug: Re-signing necessary: Modfied zone key set -2010-03-08 23:18:52.243: notice: "sub.example.net.": re-signing triggered: Modfied zone key set -2010-03-08 23:18:52.243: debug: Writing key file "././sub.example.net/dnskey.db" -2010-03-08 23:18:52.243: debug: Signing zone "sub.example.net." -2010-03-08 23:18:52.243: debug: Run cmd "cd ././sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 CF729B -C -g -p -d ../keysets -o sub.example.net. -e +172800 -N unixtime zone.db K*.private 2>&1" -2010-03-08 23:18:52.287: debug: Cmd dnssec-signzone return: "zone.db.signed" -2010-03-08 23:18:52.287: debug: Signing completed after 0s. -2010-03-11 23:46:35.497: debug: Check RFC5011 status -2010-03-11 23:46:35.497: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-03-11 23:46:35.497: debug: Check KSK status -2010-03-11 23:46:35.497: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 5w4d4h2m56s -2010-03-11 23:46:35.498: debug: Check ZSK status -2010-03-11 23:46:35.498: debug: Lifetime(259200 +/-150 sec) of active key 27377 exceeded (261286 sec) -2010-03-11 23:46:35.498: debug: ->depreciate it -2010-03-11 23:46:35.498: debug: ->activate published key 41747 -2010-03-11 23:46:35.498: notice: "sub.example.net.": lifetime of zone signing key 27377 exceeded: ZSK rollover done -2010-03-11 23:46:35.498: debug: New key for publishing needed -2010-03-11 23:46:35.768: debug: ->creating new key 2048 -2010-03-11 23:46:35.768: info: "sub.example.net.": new key 2048 generated for publishing -2010-03-11 23:46:35.768: debug: Re-signing necessary: Modfied zone key set -2010-03-11 23:46:35.768: notice: "sub.example.net.": re-signing triggered: Modfied zone key set -2010-03-11 23:46:35.768: debug: Writing key file "./sub.example.net/dnskey.db" -2010-03-11 23:46:35.768: debug: Signing zone "sub.example.net." -2010-03-11 23:46:35.768: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 B86C9F -C -g -p -d ../keysets -o sub.example.net. -e +172800 -N unixtime zone.db K*.private 2>&1" -2010-03-11 23:46:35.814: debug: Cmd dnssec-signzone return: "zone.db.signed" -2010-03-11 23:46:35.814: debug: Signing completed after 0s. -2010-03-11 23:52:33.132: debug: Check RFC5011 status -2010-03-11 23:52:33.132: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-03-11 23:52:33.132: debug: Check KSK status -2010-03-11 23:52:33.132: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 5w4d4h8m54s -2010-03-11 23:52:33.132: debug: Check ZSK status -2010-03-11 23:52:33.132: debug: Re-signing not necessary! -2010-03-11 23:52:33.132: debug: Check if there is a parent file to copy -2010-03-11 23:53:27.804: debug: Check RFC5011 status -2010-03-11 23:53:27.804: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-03-11 23:53:27.804: debug: Check KSK status -2010-03-11 23:53:27.804: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 5w4d4h9m48s -2010-03-11 23:53:27.804: debug: Check ZSK status -2010-03-11 23:53:27.804: debug: Lifetime(390 sec) of depreciated key 27377 exceeded (412 sec) -2010-03-11 23:53:27.804: info: "sub.example.net.": old ZSK 27377 removed -2010-03-11 23:53:27.804: debug: ->remove it -2010-03-11 23:53:27.804: debug: Re-signing necessary: Modfied zone key set -2010-03-11 23:53:27.804: notice: "sub.example.net.": re-signing triggered: Modfied zone key set -2010-03-11 23:53:27.804: debug: Writing key file "./sub.example.net/dnskey.db" -2010-03-11 23:53:27.804: debug: Signing zone "sub.example.net." -2010-03-11 23:53:27.805: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 67AA7F -C -g -p -d ../keysets -o sub.example.net. -e +172800 -N unixtime zone.db K*.private 2>&1" -2010-03-11 23:53:27.856: debug: Cmd dnssec-signzone return: "zone.db.signed" -2010-03-11 23:53:27.856: debug: Signing completed after 0s. diff --git a/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+09743.key b/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+09743.key deleted file mode 100644 index e00ff0f004..0000000000 --- a/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+09743.key +++ /dev/null @@ -1,3 +0,0 @@ -;% generationtime=20100331230548 -;% lifetime=28d -example.de. IN DNSKEY 256 3 5 BQEAAAABx4bzjHCRCraU9v/UP2O9dQ7YVF1vMhDWjWofWonrvX+T1Rb/ 2qIYq9kNPbQABLG5X/oe3dJIN4OGZAfL46sceQ== diff --git a/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+09743.published b/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+09743.published deleted file mode 100644 index 52e1797fa2..0000000000 --- a/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+09743.published +++ /dev/null @@ -1,10 +0,0 @@ -Private-key-format: v1.2 -Algorithm: 5 (RSASHA1) -Modulus: x4bzjHCRCraU9v/UP2O9dQ7YVF1vMhDWjWofWonrvX+T1Rb/2qIYq9kNPbQABLG5X/oe3dJIN4OGZAfL46sceQ== -PublicExponent: AQAAAAE= -PrivateExponent: MWWd0AvKmimZrtVrPrTAK/UD0ZrJuL3Rcxw6qzxPWE5S3KcdJNtt5HzOPeGWIZVN8rBtPCSRhiksjugrMqkMRQ== -Prime1: 48VMTrU7heYjFQ5ou7rSOpqt2Eot+EBDjYUPKeOR268= -Prime2: 4EGLA3LuyNrDfBHTn0xmGHdO3DvHn6YUmJKh/98WzFc= -Exponent1: WhbPWcw2bisYr9cS59vOFmLxvbXUQgJZTZVYSDW3EF0= -Exponent2: BoCEx7RES9scWl7PFrUZzrzjDIZiBUICbw4BViSUVWs= -Coefficient: DmwngpeIb8+dzC9ETnQOojRJTv1MRpW4k0Jo1NfAC+c= diff --git a/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+39599.key b/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+39599.key deleted file mode 100644 index 316ed4061f..0000000000 --- a/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+39599.key +++ /dev/null @@ -1,3 +0,0 @@ -;% generationtime=20100224232104 -;% lifetime=28d -example.de. IN DNSKEY 256 3 5 BQEAAAABsbG8YGFKUQkJl2jdfLpO6yhnttoFp8lmfzCQfbMdIG6riFes ZIO2aMevhBM/+RWN7lNSCu8+vA4Ph7Mzp8OMCQ== diff --git a/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+39599.private b/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+39599.private deleted file mode 100644 index da24c84685..0000000000 --- a/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+39599.private +++ /dev/null @@ -1,10 +0,0 @@ -Private-key-format: v1.2 -Algorithm: 5 (RSASHA1) -Modulus: sbG8YGFKUQkJl2jdfLpO6yhnttoFp8lmfzCQfbMdIG6riFesZIO2aMevhBM/+RWN7lNSCu8+vA4Ph7Mzp8OMCQ== -PublicExponent: AQAAAAE= -PrivateExponent: PHPdKKwdgE+02a+6R+2xk7RfPUmjIW0dclILS0uQ2GL2lYJCaFKoMEZJb/30CkJLWBBGUS4XUPzplYQ8VLn6gQ== -Prime1: 5efr+OinaF8nLpI/N1EuTxuoSbILnPn5pSWVpwJPgTk= -Prime2: xdzEgtE9CEHT06oa0yM+lLMJp2K6RlBiByRo13Sd8VE= -Exponent1: dE2UZNfo/uln1Yq9lz3pImp5gWDjeT+sYIdBBk8qfOk= -Exponent2: TPXU6D9veGi9J41RR3KvLo4s3u/rQWHXyQrO6jQwX0E= -Coefficient: t1ysP5l5JUhi+d3GvFN0EyZAv1nW31lsL+4979deLsw= diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+07295.key b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+07295.key deleted file mode 100644 index ac38acdc2e..0000000000 --- a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+07295.key +++ /dev/null @@ -1,3 +0,0 @@ -;% generationtime=20100311230027 -;% lifetime=3d -sub.example.de. IN DNSKEY 256 3 5 BQEAAAABxKxfV/mwTsnyVaZLWg8vyG5U97RMupLke5t50q2pJdHLzb2+ fqswgt/pBwAYbYWTBQr2UTnQ4TBRunBiRSuapQ== diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+07295.private b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+07295.private deleted file mode 100644 index 3aec6098e3..0000000000 --- a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+07295.private +++ /dev/null @@ -1,10 +0,0 @@ -Private-key-format: v1.2 -Algorithm: 5 (RSASHA1) -Modulus: xKxfV/mwTsnyVaZLWg8vyG5U97RMupLke5t50q2pJdHLzb2+fqswgt/pBwAYbYWTBQr2UTnQ4TBRunBiRSuapQ== -PublicExponent: AQAAAAE= -PrivateExponent: LDta/Lx7ETLqQamSm9XAERno+ixf6Dl/cq10zcd8QNLuvleFqMvtRURxfhFhNlrvFTuckz1IzIX7ufecSrarYQ== -Prime1: 5x1rjqJnLrLUd+i4DUmSutQQrQZWg+vzwurpGkxBCTc= -Prime2: 2dmVy5A1h7avKD9Ez0rcg1G96wxVkdp+/8AvXEYe+QM= -Exponent1: Fx9QLrquictb9W74f5gmRs5wQcsyWjkNVXUE/eb84l0= -Exponent2: kexPooMJG2rfGbnWG0Mnav28EcV7q7xNnIHELjRCfWU= -Coefficient: Liq85Ma7Ki3tZePKv/v+he9UgH7J5tgDnmHof0370/M= diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+40559.key b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+40559.key deleted file mode 100644 index 1cc8af8d35..0000000000 --- a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+40559.key +++ /dev/null @@ -1,3 +0,0 @@ -;% generationtime=20100331230548 -;% lifetime=3d -sub.example.de. IN DNSKEY 256 3 5 BQEAAAABwp1NkMWtDJ+B7uvjb4nejqCDAtmqfy0LRTq13tdgm33A04T2 uvdzfFpnd/t3giXCC588xP/ZT0pXekaZEyfhew== diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+40559.published b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+40559.published deleted file mode 100644 index a6a00f8211..0000000000 --- a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+40559.published +++ /dev/null @@ -1,10 +0,0 @@ -Private-key-format: v1.2 -Algorithm: 5 (RSASHA1) -Modulus: wp1NkMWtDJ+B7uvjb4nejqCDAtmqfy0LRTq13tdgm33A04T2uvdzfFpnd/t3giXCC588xP/ZT0pXekaZEyfhew== -PublicExponent: AQAAAAE= -PrivateExponent: Xgmu9fyg1QoKridDOUywH7mZg92dEvGVIcz5QrpXMYZDhi/Z1NLB4UJwaO4Kmbg9EyAT+ms3fjjC8ncy+mVnEQ== -Prime1: 9wrDpiFEJkYGuCC0JriZgA+uaLBYtzudTzUByr8BGU0= -Prime2: yavdgu+a7BloewO3Fzg6JwxYvJYrfeAgYLVr4uXzwec= -Exponent1: Z8tEYnN2N5LxFjL9+mdfnOjNhVxAouZ/wyyokWf0C4U= -Exponent2: axnHnwpVRfb5Xt25+8oIVoVH4YdTXDCbr4nkcjru4As= -Coefficient: dvqfAzS1VFtC6dvzFTgh+GoFt3EwIxHDXcskNmbFDto= diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+63530.depreciated b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+63530.depreciated deleted file mode 100644 index 6bfb3dcaec..0000000000 --- a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+63530.depreciated +++ /dev/null @@ -1,10 +0,0 @@ -Private-key-format: v1.2 -Algorithm: 5 (RSASHA1) -Modulus: wBxCT/MYqHr+xX1vViWWlt36h1dkkx+qtfeY3603p+J4QlglYkStawB4atu2je/RrEUQXco40iGnYuqqUWQsdw== -PublicExponent: AQAAAAE= -PrivateExponent: mcrUc9cypiq7j30rntMoCrIxE9SemJxzTJ/USNZPGqfa4MpfsfvIt6A+8JzgS0Sx+6piSk9d8QSdr55aVqgEYQ== -Prime1: 6dRm4EGvg7WN5LFAMv/8HzeyZbNu7FlQwf08QZOmgYc= -Prime2: 0lM7LrrOzTThb372TCC+7Wz0S6GuqfjhM33MWwNEeZE= -Exponent1: Q8jFuxbjffHEGZxuUdLkkmWka0hDlACozr31blXYgCc= -Exponent2: yqc1ijD9jaK8b5IUIqsx42nbJ6boeMyx77wfOUoXw7E= -Coefficient: R4QnEkjxtLd7bPChAqblYPb9A8lcsD7KGh5fTR9LcFM= diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+63530.key b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+63530.key deleted file mode 100644 index 776c4a95e5..0000000000 --- a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+63530.key +++ /dev/null @@ -1,3 +0,0 @@ -;% generationtime=20100302100004 -;% lifetime=2d -sub.example.de. IN DNSKEY 256 3 5 BQEAAAABwBxCT/MYqHr+xX1vViWWlt36h1dkkx+qtfeY3603p+J4Qlgl YkStawB4atu2je/RrEUQXco40iGnYuqqUWQsdw== diff --git a/contrib/zkt/man/dnssec-zkt.8.pdf b/contrib/zkt/man/dnssec-zkt.8.pdf deleted file mode 100644 index 4e88297601..0000000000 Binary files a/contrib/zkt/man/dnssec-zkt.8.pdf and /dev/null differ diff --git a/contrib/zkt/man/zkt-ls.8.pdf b/contrib/zkt/man/zkt-ls.8.pdf deleted file mode 100644 index 8e0ac69e63..0000000000 Binary files a/contrib/zkt/man/zkt-ls.8.pdf and /dev/null differ diff --git a/contrib/zkt/man/zkt-signer.8.pdf b/contrib/zkt/man/zkt-signer.8.pdf deleted file mode 100644 index 6fbbb1d361..0000000000 Binary files a/contrib/zkt/man/zkt-signer.8.pdf and /dev/null differ diff --git a/util/copyrights b/util/copyrights index 8d3792349c..d257216482 100644 --- a/util/copyrights +++ b/util/copyrights @@ -1167,7 +1167,7 @@ ./bin/tests/system/ecdsa/ns1/root.db.in ZONE 2012 ./bin/tests/system/ecdsa/ns1/sign.sh SH 2012,2014 ./bin/tests/system/ecdsa/ns2/named.conf CONF-C 2012 -./bin/tests/system/ecdsa/prereq.sh SH 20122014,2014 +./bin/tests/system/ecdsa/prereq.sh SH 2012,2014 ./bin/tests/system/ecdsa/setup.sh SH 2012,2014 ./bin/tests/system/ecdsa/tests.sh SH 2012,2013 ./bin/tests/system/emptyzones/clean.sh SH 2014 @@ -2110,9 +2110,7 @@ ./conftools/perllib/dnsconf/Makefile.PL PERL 2000,2001,2004,2007,2012 ./conftools/perllib/dnsconf/named1.conf CONF-C 2000,2001,2004,2007 ./conftools/perllib/dnsconf/test.pl PERL 2000,2001,2004,2007,2012 -./contrib/.gitignore X 2012 -./contrib/check-secure-delegation.pl.in PERL 2010,2012 -./contrib/check5011.pl X 2013 +./contrib/README X 2014 ./contrib/dane/mkdane.sh X 2012 ./contrib/dane/tlsa6698.pem X 2012 ./contrib/dlz/bin/dlzbdb/Makefile.in X 2005,2007,2009,2011,2012 @@ -2379,34 +2377,25 @@ ./contrib/idn/idnkit-1.0-src/wsock/wsock20/dllstub.c X 2003 ./contrib/idn/idnkit-1.0-src/wsock/wsock20/make.wnt X 2003 ./contrib/idn/idnkit-1.0-src/wsock/wsock20/ws2_32.def X 2003 -./contrib/linux/coredump-patch X 2000,2001 -./contrib/named-bootconf/named-bootconf.sh SH.PORTION 1999,2000,2001,2004,2006,2007,2012,2014 -./contrib/nanny/nanny.pl PERL 2000,2001,2004,2007,2012 -./contrib/nslint-2.1a3/CHANGES X 2001 -./contrib/nslint-2.1a3/FILES X 2001 -./contrib/nslint-2.1a3/INSTALL X 2001 -./contrib/nslint-2.1a3/Makefile.in X 2001,2004 -./contrib/nslint-2.1a3/README X 2001 -./contrib/nslint-2.1a3/VERSION X 2001 -./contrib/nslint-2.1a3/aclocal.m4 X 2001 -./contrib/nslint-2.1a3/config.guess X 2001 -./contrib/nslint-2.1a3/config.sub X 2001 -./contrib/nslint-2.1a3/configure X 2001 -./contrib/nslint-2.1a3/configure.in X 2001 -./contrib/nslint-2.1a3/install-sh X 2001 -./contrib/nslint-2.1a3/lbl/gnuc.h X 2001 -./contrib/nslint-2.1a3/lbl/os-irix5.h X 2001 -./contrib/nslint-2.1a3/lbl/os-osf3.h X 2001 -./contrib/nslint-2.1a3/lbl/os-solaris2.h X 2001 -./contrib/nslint-2.1a3/lbl/os-sunos4.h X 2001 -./contrib/nslint-2.1a3/lbl/os-ultrix4.h X 2001 -./contrib/nslint-2.1a3/mkdep X 2001 -./contrib/nslint-2.1a3/nslint.8 X 2001 -./contrib/nslint-2.1a3/nslint.c X 2001,2011 -./contrib/nslint-2.1a3/savestr.c X 2001 -./contrib/nslint-2.1a3/savestr.h X 2001 -./contrib/nslint-2.1a3/strerror.c X 2001,2014 -./contrib/pkcs11-keygen/README X 2008,2009 +./contrib/nslint-3.0a2/CHANGES X 2001,2014 +./contrib/nslint-3.0a2/FILES X 2001,2014 +./contrib/nslint-3.0a2/INSTALL X 2001,2014 +./contrib/nslint-3.0a2/Makefile.in X 2001,2004,2014 +./contrib/nslint-3.0a2/README X 2001,2014 +./contrib/nslint-3.0a2/VERSION X 2001,2014 +./contrib/nslint-3.0a2/aclocal.m4 X 2001,2014 +./contrib/nslint-3.0a2/config.guess X 2001,2014 +./contrib/nslint-3.0a2/config.sub X 2001,2014 +./contrib/nslint-3.0a2/configure X 2001,2014 +./contrib/nslint-3.0a2/configure.in X 2001,2014 +./contrib/nslint-3.0a2/install-sh X 2001,2014 +./contrib/nslint-3.0a2/lbl/gnuc.h X 2001,2014 +./contrib/nslint-3.0a2/mkdep X 2001,2014 +./contrib/nslint-3.0a2/nslint.8 X 2001,2014 +./contrib/nslint-3.0a2/nslint.c X 2001,2011,2014 +./contrib/nslint-3.0a2/savestr.c X 2001,2014 +./contrib/nslint-3.0a2/savestr.h X 2001,2014 +./contrib/nslint-3.0a2/strerror.c X 2001,2014 ./contrib/query-loc-0.4.0/ADDRESSES X 2008 ./contrib/query-loc-0.4.0/ALGO X 2008 ./contrib/query-loc-0.4.0/INSTALL X 2008 @@ -2435,6 +2424,12 @@ ./contrib/queryperf/missing/getnameinfo.c X 2004 ./contrib/queryperf/queryperf.c X 2001,2002,2003,2004,2005,2007,2012,2013,2014 ./contrib/queryperf/utils/gen-data-queryperf.py X 2003,2008 +./contrib/scripts/.gitignore X 2012 +./contrib/scripts/check5011.pl X 2013 +./contrib/scripts/check-secure-delegation.pl.in PERL 2010,2012 +./contrib/scripts/named-bootconf.sh SH.PORTION 1999,2000,2001,2004,2006,2007,2012,2014 +./contrib/scripts/nanny.pl PERL 2000,2001,2004,2007,2012 +./contrib/scripts/zone-edit.sh.in SH 2010,2012 ./contrib/sdb/bdb/README X 2002 ./contrib/sdb/bdb/bdb.c X 2002,2011 ./contrib/sdb/bdb/bdb.h X 2002 @@ -2460,110 +2455,81 @@ ./contrib/sdb/tcl/tcldb.h C 2000,2001,2004,2007 ./contrib/sdb/time/timedb.c C 2000,2001,2004,2007,2011 ./contrib/sdb/time/timedb.h C 2000,2001,2004,2007 -./contrib/zkt/CHANGELOG X 2008,2009,2010 -./contrib/zkt/LICENSE X 2008 -./contrib/zkt/Makefile.in X 2008,2009,2010 -./contrib/zkt/README X 2008,2009,2010 -./contrib/zkt/README.logging X 2008,2009,2010 -./contrib/zkt/TODO X 2008,2009,2010 -./contrib/zkt/config.h.in X 2008,2009,2010 -./contrib/zkt/config_zkt.h X 2008,2009,2010 -./contrib/zkt/configure X 2008,2009,2010 -./contrib/zkt/configure.ac X 2009,2010 -./contrib/zkt/debug.h X 2008 -./contrib/zkt/dki.c X 2008,2009,2010,2013 -./contrib/zkt/dki.h X 2008,2009,2010 -./contrib/zkt/dnssec-zkt.c X 2008,2009,2010 -./contrib/zkt/doc/KeyRollover.ms X 2009 -./contrib/zkt/doc/rfc5011.txt X 2009 -./contrib/zkt/domaincmp.c X 2008,2010 -./contrib/zkt/domaincmp.h X 2008,2010 -./contrib/zkt/examples/dnssec.conf X 2010 -./contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+007+30323.key X 2010 -./contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+007+30323.private X 2010 -./contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+007+52935.key X 2010 -./contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+007+52935.private X 2010 -./contrib/zkt/examples/flat/dyn.example.net/zktlog-dyn.example.net. X 2010 -./contrib/zkt/examples/flat/example.net/Kexample.net.+008+08406.key X 2010 -./contrib/zkt/examples/flat/example.net/Kexample.net.+008+08406.private X 2010 -./contrib/zkt/examples/flat/example.net/Kexample.net.+008+36257.key X 2010 -./contrib/zkt/examples/flat/example.net/Kexample.net.+008+36257.private X 2010 -./contrib/zkt/examples/flat/example.net/dnssec.conf X 2010 -./contrib/zkt/examples/flat/example.net/z.db X 2010 -./contrib/zkt/examples/flat/example.net/zktlog-example.net. X 2010 -./contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+02048.key X 2010 -./contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+02048.published X 2010 -./contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+41747.key X 2010 -./contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+41747.private X 2010 -./contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+42834.key X 2010 -./contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+42834.private X 2010 -./contrib/zkt/examples/flat/sub.example.net/zktlog-sub.example.net. X 2010 -./contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+09743.key X 2010 -./contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+09743.published X 2010 -./contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+39599.key X 2010 -./contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+39599.private X 2010 -./contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+07295.key X 2010 -./contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+07295.private X 2010 -./contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+08544.key X 2010 -./contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+08544.private X 2010 -./contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+27861.key X 2010 -./contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+27861.private X 2010 -./contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+40559.key X 2010 -./contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+40559.published X 2010 -./contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+42639.key X 2010 -./contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+42639.private X 2010 -./contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+63530.depreciated X 2010 -./contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+63530.key X 2010 -./contrib/zkt/examples/hierarchical/log/zktlog-example.de. X 2010 -./contrib/zkt/examples/hierarchical/log/zktlog-sub.example.de. X 2010 -./contrib/zkt/examples/zkt-ls.sh X 2010 -./contrib/zkt/examples/zkt-signer.sh X 2010 -./contrib/zkt/log.c X 2008,2010 -./contrib/zkt/log.h X 2008,2010 -./contrib/zkt/man/dnssec-zkt.8 X 2009 -./contrib/zkt/man/dnssec-zkt.8.pdf X 2009 -./contrib/zkt/man/zkt-conf.8 X 2010 -./contrib/zkt/man/zkt-conf.8.html X 2010 -./contrib/zkt/man/zkt-conf.8.org X 2010 -./contrib/zkt/man/zkt-conf.8.pdf X 2010 -./contrib/zkt/man/zkt-keyman.8 X 2010 -./contrib/zkt/man/zkt-keyman.8.html X 2010 -./contrib/zkt/man/zkt-keyman.8.pdf X 2010 -./contrib/zkt/man/zkt-ls.8 X 2010 -./contrib/zkt/man/zkt-ls.8.html X 2010 -./contrib/zkt/man/zkt-ls.8.pdf X 2010 -./contrib/zkt/man/zkt-signer.8 X 2010 -./contrib/zkt/man/zkt-signer.8.html X 2010 -./contrib/zkt/man/zkt-signer.8.pdf X 2010 -./contrib/zkt/misc.c X 2008,2009,2010 -./contrib/zkt/misc.h X 2008,2009,2010 -./contrib/zkt/ncparse.c X 2008,2009,2010 -./contrib/zkt/ncparse.h X 2008,2009 -./contrib/zkt/nscomm.c X 2009,2010 -./contrib/zkt/nscomm.h X 2009,2010 -./contrib/zkt/rollover.c X 2008,2009,2010 -./contrib/zkt/rollover.h X 2008,2009 -./contrib/zkt/soaserial.c X 2009 -./contrib/zkt/soaserial.h X 2009 -./contrib/zkt/strlist.c X 2008,2009 -./contrib/zkt/strlist.h X 2008 -./contrib/zkt/tags X 2008,2009,2010 -./contrib/zkt/tcap.c X 2010 -./contrib/zkt/tcap.h X 2010 -./contrib/zkt/zconf.c X 2008,2009,2010 -./contrib/zkt/zconf.h X 2008,2009,2010 -./contrib/zkt/zfparse.c X 2010 -./contrib/zkt/zfparse.h X 2010 -./contrib/zkt/zkt-conf.c X 2010 -./contrib/zkt/zkt-keyman.c X 2010 -./contrib/zkt/zkt-ls.c X 2010 -./contrib/zkt/zkt-signer.c X 2010 -./contrib/zkt/zkt-soaserial.c X 2008,2013 -./contrib/zkt/zkt.c X 2008,2009,2010 -./contrib/zkt/zkt.h X 2008 -./contrib/zkt/zone.c X 2008,2009,2010 -./contrib/zkt/zone.h X 2008 -./contrib/zone-edit.sh.in SH 2010,2012 +./contrib/zkt-1.1.2/CHANGELOG X 2008,2009,2010,2014 +./contrib/zkt-1.1.2/LICENSE X 2008,2014 +./contrib/zkt-1.1.2/Makefile.in X 2008,2009,2010,2014 +./contrib/zkt-1.1.2/README X 2008,2009,2010,2014 +./contrib/zkt-1.1.2/README.logging X 2008,2009,2010,2014 +./contrib/zkt-1.1.2/TODO X 2008,2009,2010,2014 +./contrib/zkt-1.1.2/config.h.in X 2008,2009,2010,2014 +./contrib/zkt-1.1.2/config_zkt.h X 2008,2009,2010,2014 +./contrib/zkt-1.1.2/configure X 2008,2009,2010,2014 +./contrib/zkt-1.1.2/configure.ac X 2009,2010,2014 +./contrib/zkt-1.1.2/debug.h X 2008,2014 +./contrib/zkt-1.1.2/dki.c X 2008,2009,2010,2013,2014 +./contrib/zkt-1.1.2/dki.h X 2008,2009,2010,2014 +./contrib/zkt-1.1.2/doc/KeyRollover.ms X 2009,2014 +./contrib/zkt-1.1.2/doc/rfc5011.txt X 2009,2014 +./contrib/zkt-1.1.2/domaincmp.c X 2008,2010,2014 +./contrib/zkt-1.1.2/domaincmp.h X 2008,2010,2014 +./contrib/zkt-1.1.2/examples/dnssec.conf X 2010,2014 +./contrib/zkt-1.1.2/examples/flat/dyn.example.net/Kdyn.example.net.+007+30323.key X 2010,2014 +./contrib/zkt-1.1.2/examples/flat/dyn.example.net/Kdyn.example.net.+007+30323.private X 2010,2014 +./contrib/zkt-1.1.2/examples/flat/dyn.example.net/Kdyn.example.net.+007+52935.key X 2010,2014 +./contrib/zkt-1.1.2/examples/flat/dyn.example.net/Kdyn.example.net.+007+52935.private X 2010,2014 +./contrib/zkt-1.1.2/examples/flat/dyn.example.net/zktlog-dyn.example.net. X 2010,2014 +./contrib/zkt-1.1.2/examples/flat/example.net/dnssec.conf X 2010,2014 +./contrib/zkt-1.1.2/examples/flat/example.net/z.db X 2010,2014 +./contrib/zkt-1.1.2/examples/flat/example.net/zktlog-example.net. X 2010,2014 +./contrib/zkt-1.1.2/examples/flat/sub.example.net/zktlog-sub.example.net. X 2010,2014 +./contrib/zkt-1.1.2/examples/hierarchical/log/zktlog-example.de. X 2010,2014 +./contrib/zkt-1.1.2/examples/hierarchical/log/zktlog-sub.example.de. X 2010,2014 +./contrib/zkt-1.1.2/examples/zkt-ls.sh X 2010,2014 +./contrib/zkt-1.1.2/examples/zkt-signer.sh X 2010,2014 +./contrib/zkt-1.1.2/log.c X 2008,2010,2014 +./contrib/zkt-1.1.2/log.h X 2008,2010,2014 +./contrib/zkt-1.1.2/man/dnssec-zkt.8 X 2009,2014 +./contrib/zkt-1.1.2/man/zkt-conf.8 X 2010,2014 +./contrib/zkt-1.1.2/man/zkt-conf.8.html X 2010,2014 +./contrib/zkt-1.1.2/man/zkt-conf.8.org X 2010,2014 +./contrib/zkt-1.1.2/man/zkt-conf.8.pdf X 2010,2014 +./contrib/zkt-1.1.2/man/zkt-keyman.8 X 2010,2014 +./contrib/zkt-1.1.2/man/zkt-keyman.8.html X 2010,2014 +./contrib/zkt-1.1.2/man/zkt-keyman.8.pdf X 2010,2014 +./contrib/zkt-1.1.2/man/zkt-ls.8 X 2010,2014 +./contrib/zkt-1.1.2/man/zkt-ls.8.html X 2010,2014 +./contrib/zkt-1.1.2/man/zkt-ls.8.pdf X 2010,2014 +./contrib/zkt-1.1.2/man/zkt-signer.8 X 2010,2014 +./contrib/zkt-1.1.2/man/zkt-signer.8.html X 2010,2014 +./contrib/zkt-1.1.2/man/zkt-signer.8.pdf X 2010,2014 +./contrib/zkt-1.1.2/misc.c X 2008,2009,2010,2014 +./contrib/zkt-1.1.2/misc.h X 2008,2009,2010,2014 +./contrib/zkt-1.1.2/ncparse.c X 2008,2009,2010,2014 +./contrib/zkt-1.1.2/ncparse.h X 2008,2009,2014 +./contrib/zkt-1.1.2/nscomm.c X 2009,2010,2014 +./contrib/zkt-1.1.2/nscomm.h X 2009,2010,2014 +./contrib/zkt-1.1.2/rollover.c X 2008,2009,2010,2014 +./contrib/zkt-1.1.2/rollover.h X 2008,2009,2014 +./contrib/zkt-1.1.2/soaserial.c X 2009,2014 +./contrib/zkt-1.1.2/soaserial.h X 2009,2014 +./contrib/zkt-1.1.2/strlist.c X 2008,2009,2014 +./contrib/zkt-1.1.2/strlist.h X 2008,2014 +./contrib/zkt-1.1.2/tags X 2008,2009,2010,2014 +./contrib/zkt-1.1.2/tcap.c X 2010,2014 +./contrib/zkt-1.1.2/tcap.h X 2010,2014 +./contrib/zkt-1.1.2/zconf.c X 2008,2009,2010,2014 +./contrib/zkt-1.1.2/zconf.h X 2008,2009,2010,2014 +./contrib/zkt-1.1.2/zfparse.c X 2010,2014 +./contrib/zkt-1.1.2/zfparse.h X 2010,2014 +./contrib/zkt-1.1.2/zkt-conf.c X 2010,2014 +./contrib/zkt-1.1.2/zkt-keyman.c X 2010,2014 +./contrib/zkt-1.1.2/zkt-ls.c X 2010,2014 +./contrib/zkt-1.1.2/zkt-signer.c X 2010,2014 +./contrib/zkt-1.1.2/zkt-soaserial.c X 2008,2013,2014 +./contrib/zkt-1.1.2/zkt.c X 2008,2009,2010,2014 +./contrib/zkt-1.1.2/zkt.h X 2008,2014 +./contrib/zkt-1.1.2/zone.c X 2008,2009,2010,2014 +./contrib/zkt-1.1.2/zone.h X 2008,2014 ./doc/Makefile.in MAKE 2000,2001,2004,2005,2006,2007,2012 ./doc/arm/Bv9ARM-book.xml SGML 2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2012,2013,2014 ./doc/arm/Bv9ARM.ch01.html X 2000,2001,2003,2004,2005,2006,2007,2008,2009,2010,2011,2012,2013,2014