From e2d635d630f6f61fefd3d4475c45b097b16b8a2a Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Wed, 5 Feb 2014 16:17:50 -0800 Subject: [PATCH] [master] update contrib 3725. [contrib] Updated zkt and nslint to newest versions, cleaned up and rearranged the contrib directory, added a README. --- CHANGES | 4 + configure | 6 +- configure.in | 4 +- contrib/README | 53 + contrib/linux/coredump-patch | 12 - contrib/nslint-2.1a3/VERSION | 1 - contrib/nslint-2.1a3/config.guess | 693 -- contrib/nslint-2.1a3/configure | 1905 ----- contrib/nslint-2.1a3/configure.in | 47 - contrib/nslint-2.1a3/install-sh | 250 - contrib/nslint-2.1a3/lbl/os-irix5.h | 38 - contrib/nslint-2.1a3/lbl/os-osf3.h | 32 - contrib/nslint-2.1a3/lbl/os-solaris2.h | 50 - contrib/nslint-2.1a3/lbl/os-sunos4.h | 215 - contrib/nslint-2.1a3/lbl/os-ultrix4.h | 39 - .../{nslint-2.1a3 => nslint-3.0a2}/CHANGES | 21 +- contrib/{nslint-2.1a3 => nslint-3.0a2}/FILES | 6 +- .../{nslint-2.1a3 => nslint-3.0a2}/INSTALL | 4 +- .../Makefile.in | 41 +- contrib/{nslint-2.1a3 => nslint-3.0a2}/README | 2 +- contrib/nslint-3.0a2/VERSION | 1 + .../{nslint-2.1a3 => nslint-3.0a2}/aclocal.m4 | 367 +- contrib/nslint-3.0a2/config.guess | 1407 ++++ .../{nslint-2.1a3 => nslint-3.0a2}/config.sub | 779 +- contrib/nslint-3.0a2/configure | 6885 +++++++++++++++++ contrib/nslint-3.0a2/configure.in | 51 + contrib/nslint-3.0a2/install-sh | 519 ++ .../{nslint-2.1a3 => nslint-3.0a2}/lbl/gnuc.h | 10 +- contrib/{nslint-2.1a3 => nslint-3.0a2}/mkdep | 0 .../{nslint-2.1a3 => nslint-3.0a2}/nslint.8 | 148 +- .../{nslint-2.1a3 => nslint-3.0a2}/nslint.c | 2644 ++++--- .../{nslint-2.1a3 => nslint-3.0a2}/savestr.c | 5 +- .../{nslint-2.1a3 => nslint-3.0a2}/savestr.h | 2 +- .../{nslint-2.1a3 => nslint-3.0a2}/strerror.c | 0 contrib/nslint-3.0a2/version.h | 3 + contrib/pkcs11-keygen/README | 1 - contrib/{ => scripts}/.gitignore | 0 .../check-secure-delegation.pl.in | 0 contrib/{ => scripts}/check5011.pl | 0 .../named-bootconf.sh | 0 contrib/{nanny => scripts}/nanny.pl | 0 contrib/{ => scripts}/zone-edit.sh.in | 0 contrib/{zkt => zkt-1.1.2}/CHANGELOG | 75 +- contrib/{zkt => zkt-1.1.2}/LICENSE | 0 contrib/{zkt => zkt-1.1.2}/Makefile.in | 39 +- contrib/{zkt => zkt-1.1.2}/README | 24 +- contrib/{zkt => zkt-1.1.2}/README.logging | 6 +- contrib/{zkt => zkt-1.1.2}/TODO | 22 +- contrib/{zkt => zkt-1.1.2}/config.h.in | 0 contrib/{zkt => zkt-1.1.2}/config_zkt.h | 19 +- contrib/{zkt => zkt-1.1.2}/configure | 69 +- contrib/{zkt => zkt-1.1.2}/configure.ac | 43 +- contrib/{zkt => zkt-1.1.2}/debug.h | 0 contrib/zkt-1.1.2/distribute.sh | 82 + contrib/{zkt => zkt-1.1.2}/dki.c | 33 + contrib/{zkt => zkt-1.1.2}/dki.h | 1 + contrib/{zkt => zkt-1.1.2}/doc/KeyRollover.ms | 0 contrib/zkt-1.1.2/doc/KeyRollover.ps | 304 + .../draft-gudmundsson-life-of-dnskey-00.txt | 616 ++ .../doc/draft-ietf-dnsop-rfc4641bis-01.txt | 2128 +++++ contrib/zkt-1.1.2/doc/rfc4641.txt | 1963 +++++ contrib/{zkt => zkt-1.1.2}/doc/rfc5011.txt | 0 contrib/{zkt => zkt-1.1.2}/domaincmp.c | 0 contrib/{zkt => zkt-1.1.2}/domaincmp.h | 0 .../{zkt => zkt-1.1.2}/examples/dnssec.conf | 0 contrib/zkt-1.1.2/examples/flat/core | Bin 0 -> 294912 bytes contrib/zkt-1.1.2/examples/flat/dist.sh | 82 + contrib/zkt-1.1.2/examples/flat/dnssec.conf | 45 + .../Kdyn.example.net.+007+30323.key | 0 .../Kdyn.example.net.+007+30323.private | 0 .../Kdyn.example.net.+007+52935.key | 0 .../Kdyn.example.net.+007+52935.private | 0 .../examples/flat/dyn.example.net/dnskey.db | 23 + .../examples/flat/dyn.example.net/dnssec.conf | 3 + .../dyn.example.net/zktlog-dyn.example.net. | 0 .../examples/flat/dyn.example.net/zone.db | 135 + .../flat/dyn.example.net/zone.db.dsigned | 135 + .../examples/flat/dyn.example.net/zone.org | 30 + .../example.net/Kexample.net.+008+02957.key | 3 + .../Kexample.net.+008+02957.published | 10 + .../example.net/Kexample.net.+008+21605.key | 3 + .../Kexample.net.+008+21605.private | 10 + .../example.net/Kexample.net.+008+52101.key | 3 + .../Kexample.net.+008+52101.private | 10 + .../Kexample.net.+008+56360.depreciated | 10 + .../example.net/Kexample.net.+008+56360.key | 3 + .../examples/flat/example.net/dnskey.db | 36 + .../examples/flat/example.net/dnssec.conf | 1 + .../examples/flat/example.net/z.db | 0 .../flat/example.net/zktlog-example.net. | 238 + .../examples/flat/example.net/zone.db | 43 + .../examples/flat/example.net/zone.db.signed | 169 + .../flat/keysets/dlvset-sub.example.net. | 4 + .../flat/keysets/dsset-dyn.example.net. | 2 + .../examples/flat/keysets/dsset-example.net. | 2 + .../flat/keysets/dsset-sub.example.net. | 4 + .../flat/keysets/keyset-dyn.example.net. | 8 + .../examples/flat/keysets/keyset-example.net. | 10 + .../flat/keysets/keyset-sub.example.net. | 15 + contrib/zkt-1.1.2/examples/flat/named.conf | 111 + .../Ksub.example.net.+005+24183.key | 3 + .../Ksub.example.net.+005+24183.private | 10 + .../Ksub.example.net.+005+44660.key | 3 + .../Ksub.example.net.+005+44660.private | 10 + .../Ksub.example.net.+007+00855.key | 3 + .../Ksub.example.net.+007+00855.private | 10 + .../Ksub.example.net.+007+34493.key | 3 + .../Ksub.example.net.+007+34493.private | 10 + .../Ksub.example.net.+007+55983.key | 3 + .../Ksub.example.net.+007+55983.private | 10 + .../Ksub.example.net.+007+59870.key | 3 + .../Ksub.example.net.+007+59870.private | 10 + .../Ksub.example.net.+010+07987.key | 3 + .../Ksub.example.net.+010+07987.private | 10 + .../Ksub.example.net.+010+33176.key | 3 + .../Ksub.example.net.+010+33176.private | 10 + .../sub.example.net/dlvset-sub.example.net. | 2 + .../examples/flat/sub.example.net/dnskey.db | 68 + .../examples/flat/sub.example.net/dnssec.conf | 7 + .../examples/flat/sub.example.net/maxhexsalt | 1 + .../flat/sub.example.net/maxhexsalt+1 | 1 + .../sub.example.net/zktlog-sub.example.net. | 48 + .../examples/flat/sub.example.net/zone.db | 25 + .../flat/sub.example.net/zone.db.signed | 216 + contrib/zkt-1.1.2/examples/flat/zkt-ls | 1 + contrib/zkt-1.1.2/examples/flat/zkt-signer | 1 + contrib/zkt-1.1.2/examples/flat/zkt.log | 423 + contrib/zkt-1.1.2/examples/flat/zone.conf | 10 + .../de/example.de/Kexample.de.+005+25598.key | 3 + .../Kexample.de.+005+25598.published | 10 + .../de/example.de/Kexample.de.+005+37983.key | 3 + .../Kexample.de.+005+37983.published | 10 + .../de/example.de/Kexample.de.+005+47280.key | 3 + .../example.de/Kexample.de.+005+47280.private | 10 + .../de/example.de/Kexample.de.+005+60407.key | 3 + .../example.de/Kexample.de.+005+60407.private | 10 + .../hierarchical/de/example.de/dnskey.db | 39 + .../de/example.de/dsset-example.de. | 4 + .../de/example.de/keyset-example.de. | 19 + .../de/example.de/keyset-sub.example.de. | 7 + .../Ksub.example.de.+005+27647.key | 3 + .../Ksub.example.de.+005+27647.private | 10 + .../Ksub.example.de.+005+32679.key | 3 + .../Ksub.example.de.+005+32679.private | 10 + .../Ksub.example.de.+005+38331.key | 3 + .../Ksub.example.de.+005+38331.private | 10 + .../Ksub.example.de.+005+51846.key | 3 + .../Ksub.example.de.+005+51846.private | 10 + .../Ksub.example.de.+005+55550.key | 3 + .../Ksub.example.de.+005+55550.published | 10 + .../sub.example.de/dlvset-sub.example.de. | 6 + .../de/example.de/sub.example.de/dnskey.db | 45 + .../de/example.de/sub.example.de/dnssec.conf | 16 + .../sub.example.de/dsset-sub.example.de. | 6 + .../sub.example.de/keyset-sub.example.de. | 22 + .../ksub.example.de.+005+08544.key} | 0 .../ksub.example.de.+005+08544.private} | 0 .../ksub.example.de.+005+27861.key} | 0 .../ksub.example.de.+005+27861.private} | 0 .../ksub.example.de.+005+42639.key} | 0 .../ksub.example.de.+005+42639.private} | 0 .../sub.example.de/parent-sub.example.de. | 7 + .../de/example.de/sub.example.de/zone.db | 25 + .../example.de/sub.example.de/zone.db.signed | 131 + .../hierarchical/de/example.de/zone.db | 38 + .../hierarchical/de/example.de/zone.db.signed | 129 + .../hierarchical/de/example.de/zone.soa | 10 + .../hierarchical/de/keyset-example.de. | 19 + .../examples/hierarchical/dnssec.conf | 44 + .../hierarchical/log/zktlog-example.de. | 8 + .../hierarchical/log/zktlog-sub.example.de. | 14 + .../examples/hierarchical/named.conf | 102 + .../zkt-1.1.2/examples/hierarchical/zkt-ls | 1 + .../examples/hierarchical/zkt-signer | 1 + .../zkt-1.1.2/examples/hierarchical/zone.conf | 10 + .../examples/views/dnssec-extern.conf | 39 + .../examples/views/dnssec-intern.conf | 39 + .../examples/views/dnssec-signer-extern | 7 + .../examples/views/dnssec-signer-intern | 7 + .../examples/views/dnssec-zkt-extern | 7 + .../examples/views/dnssec-zkt-intern | 7 + .../example.net/Kexample.net.+005+08885.key | 3 + .../Kexample.net.+005+08885.published | 10 + .../example.net/Kexample.net.+005+23553.key | 1 + .../Kexample.net.+005+23553.private | 10 + .../example.net/Kexample.net.+005+38930.key | 3 + .../Kexample.net.+005+38930.private | 10 + .../views/extern/example.net/dnskey.db | 30 + .../extern/example.net/dsset-example.net. | 2 + .../extern/example.net/keyset-example.net. | 10 + .../examples/views/extern/example.net/zone.db | 33 + .../views/extern/example.net/zone.db.signed | 109 + .../examples/views/extern/keyset-example.net. | 10 + .../examples/views/extern/zkt-ext.log | 51 + .../example.net/Kexample.net.+005+00126.key | 1 + .../Kexample.net.+005+00126.private | 10 + .../example.net/Kexample.net.+005+52235.key | 3 + .../Kexample.net.+005+52235.published | 10 + .../example.net/Kexample.net.+005+57602.key | 3 + .../Kexample.net.+005+57602.private | 10 + .../views/intern/example.net/dnskey.db | 30 + .../intern/example.net/dsset-example.net. | 2 + .../intern/example.net/keyset-example.net. | 10 + .../examples/views/intern/example.net/zone.db | 33 + .../views/intern/example.net/zone.db.signed | 109 + .../examples/views/intern/keyset-example.net. | 10 + .../examples/views/intern/zkt-int.log | 192 + contrib/zkt-1.1.2/examples/views/named.conf | 97 + contrib/zkt-1.1.2/examples/views/named.log | 17 + contrib/zkt-1.1.2/examples/views/root.hint | 45 + contrib/zkt-1.1.2/examples/views/viewtest.sh | 20 + contrib/{zkt => zkt-1.1.2}/examples/zkt-ls.sh | 0 .../{zkt => zkt-1.1.2}/examples/zkt-signer.sh | 0 contrib/{zkt => zkt-1.1.2}/log.c | 0 contrib/{zkt => zkt-1.1.2}/log.h | 0 contrib/{zkt => zkt-1.1.2}/man/dnssec-zkt.8 | 0 contrib/{zkt => zkt-1.1.2}/man/zkt-conf.8 | 0 .../{zkt => zkt-1.1.2}/man/zkt-conf.8.html | 0 contrib/{zkt => zkt-1.1.2}/man/zkt-conf.8.org | 0 contrib/{zkt => zkt-1.1.2}/man/zkt-conf.8.pdf | Bin contrib/{zkt => zkt-1.1.2}/man/zkt-keyman.8 | 4 +- .../{zkt => zkt-1.1.2}/man/zkt-keyman.8.html | 6 +- .../{zkt => zkt-1.1.2}/man/zkt-keyman.8.pdf | Bin 9659 -> 9642 bytes contrib/{zkt => zkt-1.1.2}/man/zkt-ls.8 | 30 +- contrib/{zkt => zkt-1.1.2}/man/zkt-ls.8.html | 21 +- contrib/zkt-1.1.2/man/zkt-ls.8.pdf | Bin 0 -> 8176 bytes contrib/{zkt => zkt-1.1.2}/man/zkt-signer.8 | 62 +- .../{zkt => zkt-1.1.2}/man/zkt-signer.8.html | 72 +- contrib/zkt-1.1.2/man/zkt-signer.8.pdf | Bin 0 -> 12556 bytes contrib/{zkt => zkt-1.1.2}/misc.c | 0 contrib/{zkt => zkt-1.1.2}/misc.h | 0 contrib/{zkt => zkt-1.1.2}/ncparse.c | 0 contrib/{zkt => zkt-1.1.2}/ncparse.h | 0 contrib/{zkt => zkt-1.1.2}/nscomm.c | 0 contrib/{zkt => zkt-1.1.2}/nscomm.h | 0 contrib/{zkt => zkt-1.1.2}/rollover.c | 146 +- contrib/{zkt => zkt-1.1.2}/rollover.h | 4 - contrib/{zkt => zkt-1.1.2}/soaserial.c | 83 +- contrib/{zkt => zkt-1.1.2}/soaserial.h | 0 contrib/{zkt => zkt-1.1.2}/strlist.c | 0 contrib/{zkt => zkt-1.1.2}/strlist.h | 0 contrib/{zkt => zkt-1.1.2}/tags | 54 +- contrib/{zkt => zkt-1.1.2}/tcap.c | 0 contrib/{zkt => zkt-1.1.2}/tcap.h | 0 contrib/{zkt => zkt-1.1.2}/zconf.c | 129 +- contrib/{zkt => zkt-1.1.2}/zconf.h | 22 +- contrib/{zkt => zkt-1.1.2}/zfparse.c | 18 +- contrib/{zkt => zkt-1.1.2}/zfparse.h | 0 contrib/{zkt => zkt-1.1.2}/zkt-conf.c | 35 +- contrib/{zkt => zkt-1.1.2}/zkt-keyman.c | 0 contrib/{zkt => zkt-1.1.2}/zkt-ls.c | 21 +- contrib/{zkt => zkt-1.1.2}/zkt-signer.c | 17 +- contrib/{zkt => zkt-1.1.2}/zkt-soaserial.c | 0 contrib/{zkt => zkt-1.1.2}/zkt.c | 58 + contrib/{zkt => zkt-1.1.2}/zkt.h | 1 + contrib/{zkt => zkt-1.1.2}/zone.c | 0 contrib/{zkt => zkt-1.1.2}/zone.h | 0 contrib/zkt/dnssec-zkt.c | 816 -- .../example.net/Kexample.net.+008+08406.key | 3 - .../Kexample.net.+008+08406.private | 10 - .../example.net/Kexample.net.+008+36257.key | 3 - .../Kexample.net.+008+36257.private | 10 - .../Ksub.example.net.+007+02048.key | 3 - .../Ksub.example.net.+007+02048.published | 10 - .../Ksub.example.net.+007+41747.key | 3 - .../Ksub.example.net.+007+41747.private | 10 - .../Ksub.example.net.+007+42834.key | 3 - .../Ksub.example.net.+007+42834.private | 10 - .../sub.example.net/zktlog-sub.example.net. | 321 - .../de/example.de/Kexample.de.+005+09743.key | 3 - .../Kexample.de.+005+09743.published | 10 - .../de/example.de/Kexample.de.+005+39599.key | 3 - .../example.de/Kexample.de.+005+39599.private | 10 - .../Ksub.example.de.+005+07295.key | 3 - .../Ksub.example.de.+005+07295.private | 10 - .../Ksub.example.de.+005+40559.key | 3 - .../Ksub.example.de.+005+40559.published | 10 - .../Ksub.example.de.+005+63530.depreciated | 10 - .../Ksub.example.de.+005+63530.key | 3 - contrib/zkt/man/dnssec-zkt.8.pdf | Bin 12950 -> 0 bytes contrib/zkt/man/zkt-ls.8.pdf | Bin 8086 -> 0 bytes contrib/zkt/man/zkt-signer.8.pdf | Bin 12620 -> 0 bytes util/copyrights | 238 +- 283 files changed, 21499 insertions(+), 6323 deletions(-) create mode 100644 contrib/README delete mode 100644 contrib/linux/coredump-patch delete mode 100644 contrib/nslint-2.1a3/VERSION delete mode 100644 contrib/nslint-2.1a3/config.guess delete mode 100644 contrib/nslint-2.1a3/configure delete mode 100644 contrib/nslint-2.1a3/configure.in delete mode 100644 contrib/nslint-2.1a3/install-sh delete mode 100644 contrib/nslint-2.1a3/lbl/os-irix5.h delete mode 100644 contrib/nslint-2.1a3/lbl/os-osf3.h delete mode 100644 contrib/nslint-2.1a3/lbl/os-solaris2.h delete mode 100644 contrib/nslint-2.1a3/lbl/os-sunos4.h delete mode 100644 contrib/nslint-2.1a3/lbl/os-ultrix4.h rename contrib/{nslint-2.1a3 => nslint-3.0a2}/CHANGES (92%) rename contrib/{nslint-2.1a3 => nslint-3.0a2}/FILES (69%) rename contrib/{nslint-2.1a3 => nslint-3.0a2}/INSTALL (88%) rename contrib/{nslint-2.1a3 => nslint-3.0a2}/Makefile.in (74%) rename contrib/{nslint-2.1a3 => nslint-3.0a2}/README (81%) create mode 100644 contrib/nslint-3.0a2/VERSION rename contrib/{nslint-2.1a3 => nslint-3.0a2}/aclocal.m4 (71%) create mode 100755 contrib/nslint-3.0a2/config.guess rename contrib/{nslint-2.1a3 => nslint-3.0a2}/config.sub (54%) mode change 100644 => 100755 create mode 100755 contrib/nslint-3.0a2/configure create mode 100644 contrib/nslint-3.0a2/configure.in create mode 100755 contrib/nslint-3.0a2/install-sh rename contrib/{nslint-2.1a3 => nslint-3.0a2}/lbl/gnuc.h (72%) rename contrib/{nslint-2.1a3 => nslint-3.0a2}/mkdep (100%) mode change 100644 => 100755 rename contrib/{nslint-2.1a3 => nslint-3.0a2}/nslint.8 (84%) rename contrib/{nslint-2.1a3 => nslint-3.0a2}/nslint.c (60%) rename contrib/{nslint-2.1a3 => nslint-3.0a2}/savestr.c (90%) rename contrib/{nslint-2.1a3 => nslint-3.0a2}/savestr.h (89%) rename contrib/{nslint-2.1a3 => nslint-3.0a2}/strerror.c (100%) create mode 100644 contrib/nslint-3.0a2/version.h delete mode 100644 contrib/pkcs11-keygen/README rename contrib/{ => scripts}/.gitignore (100%) rename contrib/{ => scripts}/check-secure-delegation.pl.in (100%) rename contrib/{ => scripts}/check5011.pl (100%) rename contrib/{named-bootconf => scripts}/named-bootconf.sh (100%) rename contrib/{nanny => scripts}/nanny.pl (100%) rename contrib/{ => scripts}/zone-edit.sh.in (100%) rename contrib/{zkt => zkt-1.1.2}/CHANGELOG (89%) rename contrib/{zkt => zkt-1.1.2}/LICENSE (100%) rename contrib/{zkt => zkt-1.1.2}/Makefile.in (82%) rename contrib/{zkt => zkt-1.1.2}/README (63%) rename contrib/{zkt => zkt-1.1.2}/README.logging (95%) rename contrib/{zkt => zkt-1.1.2}/TODO (64%) rename contrib/{zkt => zkt-1.1.2}/config.h.in (100%) rename contrib/{zkt => zkt-1.1.2}/config_zkt.h (88%) rename contrib/{zkt => zkt-1.1.2}/configure (98%) rename contrib/{zkt => zkt-1.1.2}/configure.ac (75%) rename contrib/{zkt => zkt-1.1.2}/debug.h (100%) create mode 100755 contrib/zkt-1.1.2/distribute.sh rename contrib/{zkt => zkt-1.1.2}/dki.c (97%) rename contrib/{zkt => zkt-1.1.2}/dki.h (99%) rename contrib/{zkt => zkt-1.1.2}/doc/KeyRollover.ms (100%) create mode 100644 contrib/zkt-1.1.2/doc/KeyRollover.ps create mode 100644 contrib/zkt-1.1.2/doc/draft-gudmundsson-life-of-dnskey-00.txt create mode 100644 contrib/zkt-1.1.2/doc/draft-ietf-dnsop-rfc4641bis-01.txt create mode 100644 contrib/zkt-1.1.2/doc/rfc4641.txt rename contrib/{zkt => zkt-1.1.2}/doc/rfc5011.txt (100%) rename contrib/{zkt => zkt-1.1.2}/domaincmp.c (100%) rename contrib/{zkt => zkt-1.1.2}/domaincmp.h (100%) rename contrib/{zkt => zkt-1.1.2}/examples/dnssec.conf (100%) create mode 100644 contrib/zkt-1.1.2/examples/flat/core create mode 100755 contrib/zkt-1.1.2/examples/flat/dist.sh create mode 100644 contrib/zkt-1.1.2/examples/flat/dnssec.conf rename contrib/{zkt => zkt-1.1.2}/examples/flat/dyn.example.net/Kdyn.example.net.+007+30323.key (100%) rename contrib/{zkt => zkt-1.1.2}/examples/flat/dyn.example.net/Kdyn.example.net.+007+30323.private (100%) rename contrib/{zkt => zkt-1.1.2}/examples/flat/dyn.example.net/Kdyn.example.net.+007+52935.key (100%) rename contrib/{zkt => zkt-1.1.2}/examples/flat/dyn.example.net/Kdyn.example.net.+007+52935.private (100%) create mode 100644 contrib/zkt-1.1.2/examples/flat/dyn.example.net/dnskey.db create mode 100644 contrib/zkt-1.1.2/examples/flat/dyn.example.net/dnssec.conf rename contrib/{zkt => zkt-1.1.2}/examples/flat/dyn.example.net/zktlog-dyn.example.net. (100%) create mode 100644 contrib/zkt-1.1.2/examples/flat/dyn.example.net/zone.db create mode 100644 contrib/zkt-1.1.2/examples/flat/dyn.example.net/zone.db.dsigned create mode 100644 contrib/zkt-1.1.2/examples/flat/dyn.example.net/zone.org create mode 100644 contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+02957.key create mode 100644 contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+02957.published create mode 100644 contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+21605.key create mode 100644 contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+21605.private create mode 100644 contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+52101.key create mode 100644 contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+52101.private create mode 100644 contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+56360.depreciated create mode 100644 contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+56360.key create mode 100644 contrib/zkt-1.1.2/examples/flat/example.net/dnskey.db rename contrib/{zkt => zkt-1.1.2}/examples/flat/example.net/dnssec.conf (73%) rename contrib/{zkt => zkt-1.1.2}/examples/flat/example.net/z.db (100%) rename contrib/{zkt => zkt-1.1.2}/examples/flat/example.net/zktlog-example.net. (52%) create mode 100644 contrib/zkt-1.1.2/examples/flat/example.net/zone.db create mode 100644 contrib/zkt-1.1.2/examples/flat/example.net/zone.db.signed create mode 100644 contrib/zkt-1.1.2/examples/flat/keysets/dlvset-sub.example.net. create mode 100644 contrib/zkt-1.1.2/examples/flat/keysets/dsset-dyn.example.net. create mode 100644 contrib/zkt-1.1.2/examples/flat/keysets/dsset-example.net. create mode 100644 contrib/zkt-1.1.2/examples/flat/keysets/dsset-sub.example.net. create mode 100644 contrib/zkt-1.1.2/examples/flat/keysets/keyset-dyn.example.net. create mode 100644 contrib/zkt-1.1.2/examples/flat/keysets/keyset-example.net. create mode 100644 contrib/zkt-1.1.2/examples/flat/keysets/keyset-sub.example.net. create mode 100644 contrib/zkt-1.1.2/examples/flat/named.conf create mode 100644 contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+005+24183.key create mode 100644 contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+005+24183.private create mode 100644 contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+005+44660.key create mode 100644 contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+005+44660.private create mode 100644 contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+00855.key create mode 100644 contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+00855.private create mode 100644 contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+34493.key create mode 100644 contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+34493.private create mode 100644 contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+55983.key create mode 100644 contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+55983.private create mode 100644 contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+59870.key create mode 100644 contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+59870.private create mode 100644 contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+010+07987.key create mode 100644 contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+010+07987.private create mode 100644 contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+010+33176.key create mode 100644 contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+010+33176.private create mode 100644 contrib/zkt-1.1.2/examples/flat/sub.example.net/dlvset-sub.example.net. create mode 100644 contrib/zkt-1.1.2/examples/flat/sub.example.net/dnskey.db create mode 100644 contrib/zkt-1.1.2/examples/flat/sub.example.net/dnssec.conf create mode 100644 contrib/zkt-1.1.2/examples/flat/sub.example.net/maxhexsalt create mode 100644 contrib/zkt-1.1.2/examples/flat/sub.example.net/maxhexsalt+1 create mode 100644 contrib/zkt-1.1.2/examples/flat/sub.example.net/zktlog-sub.example.net. create mode 100644 contrib/zkt-1.1.2/examples/flat/sub.example.net/zone.db create mode 100644 contrib/zkt-1.1.2/examples/flat/sub.example.net/zone.db.signed create mode 120000 contrib/zkt-1.1.2/examples/flat/zkt-ls create mode 120000 contrib/zkt-1.1.2/examples/flat/zkt-signer create mode 100644 contrib/zkt-1.1.2/examples/flat/zkt.log create mode 100644 contrib/zkt-1.1.2/examples/flat/zone.conf create mode 100644 contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+25598.key create mode 100644 contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+25598.published create mode 100644 contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+37983.key create mode 100644 contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+37983.published create mode 100644 contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+47280.key create mode 100644 contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+47280.private create mode 100644 contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+60407.key create mode 100644 contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+60407.private create mode 100644 contrib/zkt-1.1.2/examples/hierarchical/de/example.de/dnskey.db create mode 100644 contrib/zkt-1.1.2/examples/hierarchical/de/example.de/dsset-example.de. create mode 100644 contrib/zkt-1.1.2/examples/hierarchical/de/example.de/keyset-example.de. create mode 100644 contrib/zkt-1.1.2/examples/hierarchical/de/example.de/keyset-sub.example.de. create mode 100644 contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+27647.key create mode 100644 contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+27647.private create mode 100644 contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+32679.key create mode 100644 contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+32679.private create mode 100644 contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+38331.key create mode 100644 contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+38331.private create mode 100644 contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+51846.key create mode 100644 contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+51846.private create mode 100644 contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+55550.key create mode 100644 contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+55550.published create mode 100644 contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/dlvset-sub.example.de. create mode 100644 contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/dnskey.db create mode 100644 contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/dnssec.conf create mode 100644 contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/dsset-sub.example.de. create mode 100644 contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/keyset-sub.example.de. rename contrib/{zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+08544.key => zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+08544.key} (100%) rename contrib/{zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+08544.private => zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+08544.private} (100%) rename contrib/{zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+27861.key => zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+27861.key} (100%) rename contrib/{zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+27861.private => zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+27861.private} (100%) rename contrib/{zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+42639.key => zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+42639.key} (100%) rename contrib/{zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+42639.private => zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+42639.private} (100%) create mode 100644 contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/parent-sub.example.de. create mode 100644 contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/zone.db create mode 100644 contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/zone.db.signed create mode 100644 contrib/zkt-1.1.2/examples/hierarchical/de/example.de/zone.db create mode 100644 contrib/zkt-1.1.2/examples/hierarchical/de/example.de/zone.db.signed create mode 100644 contrib/zkt-1.1.2/examples/hierarchical/de/example.de/zone.soa create mode 100644 contrib/zkt-1.1.2/examples/hierarchical/de/keyset-example.de. create mode 100644 contrib/zkt-1.1.2/examples/hierarchical/dnssec.conf rename contrib/{zkt => zkt-1.1.2}/examples/hierarchical/log/zktlog-example.de. (67%) rename contrib/{zkt => zkt-1.1.2}/examples/hierarchical/log/zktlog-sub.example.de. (70%) create mode 100644 contrib/zkt-1.1.2/examples/hierarchical/named.conf create mode 120000 contrib/zkt-1.1.2/examples/hierarchical/zkt-ls create mode 120000 contrib/zkt-1.1.2/examples/hierarchical/zkt-signer create mode 100644 contrib/zkt-1.1.2/examples/hierarchical/zone.conf create mode 100644 contrib/zkt-1.1.2/examples/views/dnssec-extern.conf create mode 100644 contrib/zkt-1.1.2/examples/views/dnssec-intern.conf create mode 100644 contrib/zkt-1.1.2/examples/views/dnssec-signer-extern create mode 100644 contrib/zkt-1.1.2/examples/views/dnssec-signer-intern create mode 100644 contrib/zkt-1.1.2/examples/views/dnssec-zkt-extern create mode 100644 contrib/zkt-1.1.2/examples/views/dnssec-zkt-intern create mode 100644 contrib/zkt-1.1.2/examples/views/extern/example.net/Kexample.net.+005+08885.key create mode 100644 contrib/zkt-1.1.2/examples/views/extern/example.net/Kexample.net.+005+08885.published create mode 100644 contrib/zkt-1.1.2/examples/views/extern/example.net/Kexample.net.+005+23553.key create mode 100644 contrib/zkt-1.1.2/examples/views/extern/example.net/Kexample.net.+005+23553.private create mode 100644 contrib/zkt-1.1.2/examples/views/extern/example.net/Kexample.net.+005+38930.key create mode 100644 contrib/zkt-1.1.2/examples/views/extern/example.net/Kexample.net.+005+38930.private create mode 100644 contrib/zkt-1.1.2/examples/views/extern/example.net/dnskey.db create mode 100644 contrib/zkt-1.1.2/examples/views/extern/example.net/dsset-example.net. create mode 100644 contrib/zkt-1.1.2/examples/views/extern/example.net/keyset-example.net. create mode 100644 contrib/zkt-1.1.2/examples/views/extern/example.net/zone.db create mode 100644 contrib/zkt-1.1.2/examples/views/extern/example.net/zone.db.signed create mode 100644 contrib/zkt-1.1.2/examples/views/extern/keyset-example.net. create mode 100644 contrib/zkt-1.1.2/examples/views/extern/zkt-ext.log create mode 100644 contrib/zkt-1.1.2/examples/views/intern/example.net/Kexample.net.+005+00126.key create mode 100644 contrib/zkt-1.1.2/examples/views/intern/example.net/Kexample.net.+005+00126.private create mode 100644 contrib/zkt-1.1.2/examples/views/intern/example.net/Kexample.net.+005+52235.key create mode 100644 contrib/zkt-1.1.2/examples/views/intern/example.net/Kexample.net.+005+52235.published create mode 100644 contrib/zkt-1.1.2/examples/views/intern/example.net/Kexample.net.+005+57602.key create mode 100644 contrib/zkt-1.1.2/examples/views/intern/example.net/Kexample.net.+005+57602.private create mode 100644 contrib/zkt-1.1.2/examples/views/intern/example.net/dnskey.db create mode 100644 contrib/zkt-1.1.2/examples/views/intern/example.net/dsset-example.net. create mode 100644 contrib/zkt-1.1.2/examples/views/intern/example.net/keyset-example.net. create mode 100644 contrib/zkt-1.1.2/examples/views/intern/example.net/zone.db create mode 100644 contrib/zkt-1.1.2/examples/views/intern/example.net/zone.db.signed create mode 100644 contrib/zkt-1.1.2/examples/views/intern/keyset-example.net. create mode 100644 contrib/zkt-1.1.2/examples/views/intern/zkt-int.log create mode 100644 contrib/zkt-1.1.2/examples/views/named.conf create mode 100644 contrib/zkt-1.1.2/examples/views/named.log create mode 100644 contrib/zkt-1.1.2/examples/views/root.hint create mode 100644 contrib/zkt-1.1.2/examples/views/viewtest.sh rename contrib/{zkt => zkt-1.1.2}/examples/zkt-ls.sh (100%) rename contrib/{zkt => zkt-1.1.2}/examples/zkt-signer.sh (100%) rename contrib/{zkt => zkt-1.1.2}/log.c (100%) rename contrib/{zkt => zkt-1.1.2}/log.h (100%) rename contrib/{zkt => zkt-1.1.2}/man/dnssec-zkt.8 (100%) rename contrib/{zkt => zkt-1.1.2}/man/zkt-conf.8 (100%) rename contrib/{zkt => zkt-1.1.2}/man/zkt-conf.8.html (100%) rename contrib/{zkt => zkt-1.1.2}/man/zkt-conf.8.org (100%) rename contrib/{zkt => zkt-1.1.2}/man/zkt-conf.8.pdf (100%) rename contrib/{zkt => zkt-1.1.2}/man/zkt-keyman.8 (98%) rename contrib/{zkt => zkt-1.1.2}/man/zkt-keyman.8.html (98%) rename contrib/{zkt => zkt-1.1.2}/man/zkt-keyman.8.pdf (58%) rename contrib/{zkt => zkt-1.1.2}/man/zkt-ls.8 (93%) rename contrib/{zkt => zkt-1.1.2}/man/zkt-ls.8.html (93%) create mode 100644 contrib/zkt-1.1.2/man/zkt-ls.8.pdf rename contrib/{zkt => zkt-1.1.2}/man/zkt-signer.8 (94%) rename contrib/{zkt => zkt-1.1.2}/man/zkt-signer.8.html (83%) create mode 100644 contrib/zkt-1.1.2/man/zkt-signer.8.pdf rename contrib/{zkt => zkt-1.1.2}/misc.c (100%) rename contrib/{zkt => zkt-1.1.2}/misc.h (100%) rename contrib/{zkt => zkt-1.1.2}/ncparse.c (100%) rename contrib/{zkt => zkt-1.1.2}/ncparse.h (100%) rename contrib/{zkt => zkt-1.1.2}/nscomm.c (100%) rename contrib/{zkt => zkt-1.1.2}/nscomm.h (100%) rename contrib/{zkt => zkt-1.1.2}/rollover.c (84%) rename contrib/{zkt => zkt-1.1.2}/rollover.h (96%) rename contrib/{zkt => zkt-1.1.2}/soaserial.c (75%) rename contrib/{zkt => zkt-1.1.2}/soaserial.h (100%) rename contrib/{zkt => zkt-1.1.2}/strlist.c (100%) rename contrib/{zkt => zkt-1.1.2}/strlist.h (100%) rename contrib/{zkt => zkt-1.1.2}/tags (94%) rename contrib/{zkt => zkt-1.1.2}/tcap.c (100%) rename contrib/{zkt => zkt-1.1.2}/tcap.h (100%) rename contrib/{zkt => zkt-1.1.2}/zconf.c (85%) rename contrib/{zkt => zkt-1.1.2}/zconf.h (94%) rename contrib/{zkt => zkt-1.1.2}/zfparse.c (96%) rename contrib/{zkt => zkt-1.1.2}/zfparse.h (100%) rename contrib/{zkt => zkt-1.1.2}/zkt-conf.c (91%) rename contrib/{zkt => zkt-1.1.2}/zkt-keyman.c (100%) rename contrib/{zkt => zkt-1.1.2}/zkt-ls.c (94%) rename contrib/{zkt => zkt-1.1.2}/zkt-signer.c (99%) rename contrib/{zkt => zkt-1.1.2}/zkt-soaserial.c (100%) rename contrib/{zkt => zkt-1.1.2}/zkt.c (87%) rename contrib/{zkt => zkt-1.1.2}/zkt.h (97%) rename contrib/{zkt => zkt-1.1.2}/zone.c (100%) rename contrib/{zkt => zkt-1.1.2}/zone.h (100%) delete mode 100644 contrib/zkt/dnssec-zkt.c delete mode 100644 contrib/zkt/examples/flat/example.net/Kexample.net.+008+08406.key delete mode 100644 contrib/zkt/examples/flat/example.net/Kexample.net.+008+08406.private delete mode 100644 contrib/zkt/examples/flat/example.net/Kexample.net.+008+36257.key delete mode 100644 contrib/zkt/examples/flat/example.net/Kexample.net.+008+36257.private delete mode 100644 contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+02048.key delete mode 100644 contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+02048.published delete mode 100644 contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+41747.key delete mode 100644 contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+41747.private delete mode 100644 contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+42834.key delete mode 100644 contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+42834.private delete mode 100644 contrib/zkt/examples/flat/sub.example.net/zktlog-sub.example.net. delete mode 100644 contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+09743.key delete mode 100644 contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+09743.published delete mode 100644 contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+39599.key delete mode 100644 contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+39599.private delete mode 100644 contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+07295.key delete mode 100644 contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+07295.private delete mode 100644 contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+40559.key delete mode 100644 contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+40559.published delete mode 100644 contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+63530.depreciated delete mode 100644 contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+63530.key delete mode 100644 contrib/zkt/man/dnssec-zkt.8.pdf delete mode 100644 contrib/zkt/man/zkt-ls.8.pdf delete mode 100644 contrib/zkt/man/zkt-signer.8.pdf diff --git a/CHANGES b/CHANGES index a4350e8508..cc9a00d594 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,7 @@ +3725. [contrib] Updated zkt and nslint to newest versions, + cleaned up and rearranged the contrib + directory, and added a README. + --- 9.10.0a2 released --- 3724. [bug] win32: Fixed a bug that prevented dig and diff --git a/configure b/configure index 07f0f77f29..d33faf6127 100755 --- a/configure +++ b/configure @@ -20760,7 +20760,7 @@ ac_config_commands="$ac_config_commands chmod" # elsewhere if there's a good reason for doing so. # -ac_config_files="$ac_config_files make/Makefile make/mkdep Makefile bin/Makefile bin/check/Makefile bin/confgen/Makefile bin/confgen/unix/Makefile bin/dig/Makefile bin/dnssec/Makefile bin/named/Makefile bin/named/unix/Makefile bin/nsupdate/Makefile bin/pkcs11/Makefile bin/python/Makefile bin/python/dnssec-checkds.py bin/python/dnssec-coverage.py bin/rndc/Makefile bin/tests/Makefile bin/tests/atomic/Makefile bin/tests/db/Makefile bin/tests/dst/Makefile bin/tests/dst/Kdh.+002+18602.key bin/tests/dst/Kdh.+002+18602.private bin/tests/dst/Kdh.+002+48957.key bin/tests/dst/Kdh.+002+48957.private bin/tests/dst/Ktest.+001+00002.key bin/tests/dst/Ktest.+001+54622.key bin/tests/dst/Ktest.+001+54622.private bin/tests/dst/Ktest.+003+23616.key bin/tests/dst/Ktest.+003+23616.private bin/tests/dst/Ktest.+003+49667.key bin/tests/dst/dst_2_data bin/tests/dst/t2_data_1 bin/tests/dst/t2_data_2 bin/tests/dst/t2_dsasig bin/tests/dst/t2_rsasig bin/tests/hashes/Makefile bin/tests/headerdep_test.sh bin/tests/master/Makefile bin/tests/mem/Makefile bin/tests/names/Makefile bin/tests/net/Makefile bin/tests/pkcs11/Makefile bin/tests/pkcs11/benchmarks/Makefile bin/tests/rbt/Makefile bin/tests/resolver/Makefile bin/tests/sockaddr/Makefile bin/tests/system/Makefile bin/tests/system/conf.sh bin/tests/system/dlz/prereq.sh bin/tests/system/dlzexternal/Makefile bin/tests/system/dlzexternal/ns1/named.conf bin/tests/system/dlzredir/prereq.sh bin/tests/system/filter-aaaa/Makefile bin/tests/system/geoip/Makefile bin/tests/system/inline/checkdsa.sh bin/tests/system/lwresd/Makefile bin/tests/system/rpz/Makefile bin/tests/system/rsabigexponent/Makefile bin/tests/system/tkey/Makefile bin/tests/system/tsiggss/Makefile bin/tests/tasks/Makefile bin/tests/timers/Makefile bin/tests/virtual-time/Makefile bin/tests/virtual-time/conf.sh bin/tools/Makefile contrib/check-secure-delegation.pl contrib/zone-edit.sh doc/Makefile doc/arm/Makefile doc/doxygen/Doxyfile doc/doxygen/Makefile doc/doxygen/doxygen-input-filter doc/misc/Makefile doc/xsl/Makefile doc/xsl/isc-docbook-chunk.xsl doc/xsl/isc-docbook-html.xsl doc/xsl/isc-docbook-latex.xsl doc/xsl/isc-manpage.xsl isc-config.sh lib/Makefile lib/bind9/Makefile lib/bind9/include/Makefile lib/bind9/include/bind9/Makefile lib/dns/Makefile lib/dns/include/Makefile lib/dns/include/dns/Makefile lib/dns/include/dst/Makefile lib/dns/tests/Makefile lib/irs/Makefile lib/irs/include/Makefile lib/irs/include/irs/Makefile lib/irs/include/irs/netdb.h lib/irs/include/irs/platform.h lib/isc/$arch/Makefile lib/isc/$arch/include/Makefile lib/isc/$arch/include/isc/Makefile lib/isc/$thread_dir/Makefile lib/isc/$thread_dir/include/Makefile lib/isc/$thread_dir/include/isc/Makefile lib/isc/Makefile lib/isc/include/Makefile lib/isc/include/isc/Makefile lib/isc/include/isc/platform.h lib/isc/tests/Makefile lib/isc/nls/Makefile lib/isc/unix/Makefile lib/isc/unix/include/Makefile lib/isc/unix/include/isc/Makefile lib/isccc/Makefile lib/isccc/include/Makefile lib/isccc/include/isccc/Makefile lib/isccfg/Makefile lib/isccfg/include/Makefile lib/isccfg/include/isccfg/Makefile lib/iscpk11/Makefile lib/iscpk11/include/Makefile lib/iscpk11/include/iscpk11/Makefile lib/iscpk11/include/pkcs11/Makefile lib/iscpk11/unix/Makefile lib/iscpk11/unix/include/Makefile lib/iscpk11/unix/include/pkcs11/Makefile lib/lwres/Makefile lib/lwres/include/Makefile lib/lwres/include/lwres/Makefile lib/lwres/include/lwres/netdb.h lib/lwres/include/lwres/platform.h lib/lwres/man/Makefile lib/lwres/unix/Makefile lib/lwres/unix/include/Makefile lib/lwres/unix/include/lwres/Makefile lib/tests/Makefile lib/tests/include/Makefile lib/tests/include/tests/Makefile lib/samples/Makefile lib/samples/Makefile-postinstall unit/Makefile unit/unittest.sh" +ac_config_files="$ac_config_files make/Makefile make/mkdep Makefile bin/Makefile bin/check/Makefile bin/confgen/Makefile bin/confgen/unix/Makefile bin/dig/Makefile bin/dnssec/Makefile bin/named/Makefile bin/named/unix/Makefile bin/nsupdate/Makefile bin/pkcs11/Makefile bin/python/Makefile bin/python/dnssec-checkds.py bin/python/dnssec-coverage.py bin/rndc/Makefile bin/tests/Makefile bin/tests/atomic/Makefile bin/tests/db/Makefile bin/tests/dst/Makefile bin/tests/dst/Kdh.+002+18602.key bin/tests/dst/Kdh.+002+18602.private bin/tests/dst/Kdh.+002+48957.key bin/tests/dst/Kdh.+002+48957.private bin/tests/dst/Ktest.+001+00002.key bin/tests/dst/Ktest.+001+54622.key bin/tests/dst/Ktest.+001+54622.private bin/tests/dst/Ktest.+003+23616.key bin/tests/dst/Ktest.+003+23616.private bin/tests/dst/Ktest.+003+49667.key bin/tests/dst/dst_2_data bin/tests/dst/t2_data_1 bin/tests/dst/t2_data_2 bin/tests/dst/t2_dsasig bin/tests/dst/t2_rsasig bin/tests/hashes/Makefile bin/tests/headerdep_test.sh bin/tests/master/Makefile bin/tests/mem/Makefile bin/tests/names/Makefile bin/tests/net/Makefile bin/tests/pkcs11/Makefile bin/tests/pkcs11/benchmarks/Makefile bin/tests/rbt/Makefile bin/tests/resolver/Makefile bin/tests/sockaddr/Makefile bin/tests/system/Makefile bin/tests/system/conf.sh bin/tests/system/dlz/prereq.sh bin/tests/system/dlzexternal/Makefile bin/tests/system/dlzexternal/ns1/named.conf bin/tests/system/dlzredir/prereq.sh bin/tests/system/filter-aaaa/Makefile bin/tests/system/geoip/Makefile bin/tests/system/inline/checkdsa.sh bin/tests/system/lwresd/Makefile bin/tests/system/rpz/Makefile bin/tests/system/rsabigexponent/Makefile bin/tests/system/tkey/Makefile bin/tests/system/tsiggss/Makefile bin/tests/tasks/Makefile bin/tests/timers/Makefile bin/tests/virtual-time/Makefile bin/tests/virtual-time/conf.sh bin/tools/Makefile contrib/scripts/check-secure-delegation.pl contrib/scripts/zone-edit.sh doc/Makefile doc/arm/Makefile doc/doxygen/Doxyfile doc/doxygen/Makefile doc/doxygen/doxygen-input-filter doc/misc/Makefile doc/xsl/Makefile doc/xsl/isc-docbook-chunk.xsl doc/xsl/isc-docbook-html.xsl doc/xsl/isc-docbook-latex.xsl doc/xsl/isc-manpage.xsl isc-config.sh lib/Makefile lib/bind9/Makefile lib/bind9/include/Makefile lib/bind9/include/bind9/Makefile lib/dns/Makefile lib/dns/include/Makefile lib/dns/include/dns/Makefile lib/dns/include/dst/Makefile lib/dns/tests/Makefile lib/irs/Makefile lib/irs/include/Makefile lib/irs/include/irs/Makefile lib/irs/include/irs/netdb.h lib/irs/include/irs/platform.h lib/isc/$arch/Makefile lib/isc/$arch/include/Makefile lib/isc/$arch/include/isc/Makefile lib/isc/$thread_dir/Makefile lib/isc/$thread_dir/include/Makefile lib/isc/$thread_dir/include/isc/Makefile lib/isc/Makefile lib/isc/include/Makefile lib/isc/include/isc/Makefile lib/isc/include/isc/platform.h lib/isc/tests/Makefile lib/isc/nls/Makefile lib/isc/unix/Makefile lib/isc/unix/include/Makefile lib/isc/unix/include/isc/Makefile lib/isccc/Makefile lib/isccc/include/Makefile lib/isccc/include/isccc/Makefile lib/isccfg/Makefile lib/isccfg/include/Makefile lib/isccfg/include/isccfg/Makefile lib/iscpk11/Makefile lib/iscpk11/include/Makefile lib/iscpk11/include/iscpk11/Makefile lib/iscpk11/include/pkcs11/Makefile lib/iscpk11/unix/Makefile lib/iscpk11/unix/include/Makefile lib/iscpk11/unix/include/pkcs11/Makefile lib/lwres/Makefile lib/lwres/include/Makefile lib/lwres/include/lwres/Makefile lib/lwres/include/lwres/netdb.h lib/lwres/include/lwres/platform.h lib/lwres/man/Makefile lib/lwres/unix/Makefile lib/lwres/unix/include/Makefile lib/lwres/unix/include/lwres/Makefile lib/tests/Makefile lib/tests/include/Makefile lib/tests/include/tests/Makefile lib/samples/Makefile lib/samples/Makefile-postinstall unit/Makefile unit/unittest.sh" # @@ -21819,8 +21819,8 @@ do "bin/tests/virtual-time/Makefile") CONFIG_FILES="$CONFIG_FILES bin/tests/virtual-time/Makefile" ;; "bin/tests/virtual-time/conf.sh") CONFIG_FILES="$CONFIG_FILES bin/tests/virtual-time/conf.sh" ;; "bin/tools/Makefile") CONFIG_FILES="$CONFIG_FILES bin/tools/Makefile" ;; - "contrib/check-secure-delegation.pl") CONFIG_FILES="$CONFIG_FILES contrib/check-secure-delegation.pl" ;; - "contrib/zone-edit.sh") CONFIG_FILES="$CONFIG_FILES contrib/zone-edit.sh" ;; + "contrib/scripts/check-secure-delegation.pl") CONFIG_FILES="$CONFIG_FILES contrib/scripts/check-secure-delegation.pl" ;; + "contrib/scripts/zone-edit.sh") CONFIG_FILES="$CONFIG_FILES contrib/scripts/zone-edit.sh" ;; "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;; "doc/arm/Makefile") CONFIG_FILES="$CONFIG_FILES doc/arm/Makefile" ;; "doc/doxygen/Doxyfile") CONFIG_FILES="$CONFIG_FILES doc/doxygen/Doxyfile" ;; diff --git a/configure.in b/configure.in index ed69c6a8aa..3f878cbd17 100644 --- a/configure.in +++ b/configure.in @@ -4030,8 +4030,8 @@ AC_CONFIG_FILES([ bin/tests/virtual-time/Makefile bin/tests/virtual-time/conf.sh bin/tools/Makefile - contrib/check-secure-delegation.pl - contrib/zone-edit.sh + contrib/scripts/check-secure-delegation.pl + contrib/scripts/zone-edit.sh doc/Makefile doc/arm/Makefile doc/doxygen/Doxyfile diff --git a/contrib/README b/contrib/README new file mode 100644 index 0000000000..b6f1b3e21b --- /dev/null +++ b/contrib/README @@ -0,0 +1,53 @@ +This directory contains contributed scripts, tools, libraries, +and other useful additions to BIND 9. It includes: + + - scripts/ + + Assorted useful scripts, including 'nanny' which monitors + named and restarts it in the event of a crash, 'zone-edit' + which enables editing of a dynamic zone, and others + + - queryperf/ + + A DNS query performance testing tool + + - dane/ + + mkdane.sh generates TLSA records for use with DNS-based + Authentication of Named Entities (DANE) + + - dlz/modules + + Dynamically linkable DLZ modules that can be configured into + named at runtime, enabling access to external data sources including + LDAP, MySQL, Berkeley DB, perl scripts, etc + + - dlz/drivers + + Old-style DLZ drivers that can be linked into named at compile + time. (These are no longer actively maintained and are expected + to be deprecated eventually.) + + - sdb/ + + SDB drivers: another mechanism for accessing external data + sources + + - idn/ + + Contains source for 'idnkit', which provides support for + Internationalized Domain Name processing. + + - nslint-3.0a2 + + A lint-like tool for checking DNS files + + - query-loc-0.4.0 + + A tool for retrieving location information stored in the DNS + + - zkt-1.1.2 + + DNSSEC Zone Key Tools, an alternate method for managing keys + and signatures + diff --git a/contrib/linux/coredump-patch b/contrib/linux/coredump-patch deleted file mode 100644 index d1792901ad..0000000000 --- a/contrib/linux/coredump-patch +++ /dev/null @@ -1,12 +0,0 @@ ---- binfmt_elf.c.old Mon Dec 11 10:49:57 2000 -+++ binfmt_elf.c Wed Nov 1 13:05:23 2000 -@@ -1091,7 +1091,8 @@ - - if (!current->dumpable || - limit < ELF_EXEC_PAGESIZE || -- atomic_read(¤t->mm->count) != 1) -+/* atomic_read(¤t->mm->count) != 1) */ -+ test_and_set_bit(31, ¤t->mm->def_flags) != 0) - return 0; - current->dumpable = 0; - diff --git a/contrib/nslint-2.1a3/VERSION b/contrib/nslint-2.1a3/VERSION deleted file mode 100644 index 375279c6d6..0000000000 --- a/contrib/nslint-2.1a3/VERSION +++ /dev/null @@ -1 +0,0 @@ -2.1a3 diff --git a/contrib/nslint-2.1a3/config.guess b/contrib/nslint-2.1a3/config.guess deleted file mode 100644 index e9e44559f8..0000000000 --- a/contrib/nslint-2.1a3/config.guess +++ /dev/null @@ -1,693 +0,0 @@ -#! /bin/sh -# Attempt to guess a canonical system name. -# Copyright (C) 1992, 93, 94, 95, 1996 Free Software Foundation, Inc. -# -# This file is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -# -# As a special exception to the GNU General Public License, if you -# distribute this file as part of a program that contains a -# configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that program. - -# Written by Per Bothner . -# The master version of this file is at the FSF in /home/gd/gnu/lib. -# -# This script attempts to guess a canonical system name similar to -# config.sub. If it succeeds, it prints the system name on stdout, and -# exits with 0. Otherwise, it exits with 1. -# -# The plan is that this can be called by configure scripts if you -# don't specify an explicit system type (host/target name). -# -# Only a few systems have been added to this list; please add others -# (but try to keep the structure clean). -# - -# This is needed to find uname on a Pyramid OSx when run in the BSD universe. -# (ghazi@noc.rutgers.edu 8/24/94.) -if (test -f /.attbin/uname) >/dev/null 2>&1 ; then - PATH=$PATH:/.attbin ; export PATH -fi - -UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown -UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown -UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown -UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown - -trap 'rm -f dummy.c dummy.o dummy; exit 1' 1 2 15 - -# Note: order is significant - the case branches are not exclusive. - -case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in - alpha:OSF1:*:*) - # A Vn.n version is a released version. - # A Tn.n version is a released field test version. - # A Xn.n version is an unreleased experimental baselevel. - # 1.2 uses "1.2" for uname -r. - echo alpha-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//'` - exit 0 ;; - 21064:Windows_NT:50:3) - echo alpha-dec-winnt3.5 - exit 0 ;; - Amiga*:UNIX_System_V:4.0:*) - echo m68k-cbm-sysv4 - exit 0;; - amiga:NetBSD:*:*) - echo m68k-cbm-netbsd${UNAME_RELEASE} - exit 0 ;; - amiga:OpenBSD:*:*) - echo m68k-cbm-openbsd${UNAME_RELEASE} - exit 0 ;; - arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) - echo arm-acorn-riscix${UNAME_RELEASE} - exit 0;; - Pyramid*:OSx*:*:*|MIS*:OSx*:*:*) - # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. - if test "`(/bin/universe) 2>/dev/null`" = att ; then - echo pyramid-pyramid-sysv3 - else - echo pyramid-pyramid-bsd - fi - exit 0 ;; - NILE:*:*:dcosx) - echo pyramid-pyramid-svr4 - exit 0 ;; - sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) - echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit 0 ;; - i86pc:SunOS:5.*:*) - echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit 0 ;; - sun4*:SunOS:6*:*) - # According to config.sub, this is the proper way to canonicalize - # SunOS6. Hard to guess exactly what SunOS6 will be like, but - # it's likely to be more like Solaris than SunOS4. - echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit 0 ;; - sun4*:SunOS:*:*) - case "`/usr/bin/arch -k`" in - Series*|S4*) - UNAME_RELEASE=`uname -v` - ;; - esac - # Japanese Language versions have a version number like `4.1.3-JL'. - echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` - exit 0 ;; - sun3*:SunOS:*:*) - echo m68k-sun-sunos${UNAME_RELEASE} - exit 0 ;; - aushp:SunOS:*:*) - echo sparc-auspex-sunos${UNAME_RELEASE} - exit 0 ;; - atari*:NetBSD:*:*) - echo m68k-atari-netbsd${UNAME_RELEASE} - exit 0 ;; - atari*:OpenBSD:*:*) - echo m68k-atari-openbsd${UNAME_RELEASE} - exit 0 ;; - sun3*:NetBSD:*:*) - echo m68k-sun-netbsd${UNAME_RELEASE} - exit 0 ;; - sun3*:OpenBSD:*:*) - echo m68k-sun-openbsd${UNAME_RELEASE} - exit 0 ;; - mac68k:NetBSD:*:*) - echo m68k-apple-netbsd${UNAME_RELEASE} - exit 0 ;; - mac68k:OpenBSD:*:*) - echo m68k-apple-openbsd${UNAME_RELEASE} - exit 0 ;; - powerpc:machten:*:*) - echo powerpc-apple-machten${UNAME_RELEASE} - exit 0 ;; - RISC*:Mach:*:*) - echo mips-dec-mach_bsd4.3 - exit 0 ;; - RISC*:ULTRIX:*:*) - echo mips-dec-ultrix${UNAME_RELEASE} - exit 0 ;; - VAX*:ULTRIX*:*:*) - echo vax-dec-ultrix${UNAME_RELEASE} - exit 0 ;; - mips:*:*:UMIPS | mips:*:*:RISCos) - sed 's/^ //' << EOF >dummy.c - int main (argc, argv) int argc; char **argv; { - #if defined (host_mips) && defined (MIPSEB) - #if defined (SYSTYPE_SYSV) - printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); - #endif - #if defined (SYSTYPE_SVR4) - printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); - #endif - #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) - printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); - #endif - #endif - exit (-1); - } -EOF - ${CC-cc} dummy.c -o dummy \ - && ./dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \ - && rm dummy.c dummy && exit 0 - rm -f dummy.c dummy - echo mips-mips-riscos${UNAME_RELEASE} - exit 0 ;; - Night_Hawk:Power_UNIX:*:*) - echo powerpc-harris-powerunix - exit 0 ;; - m88k:CX/UX:7*:*) - echo m88k-harris-cxux7 - exit 0 ;; - m88k:*:4*:R4*) - echo m88k-motorola-sysv4 - exit 0 ;; - m88k:*:3*:R3*) - echo m88k-motorola-sysv3 - exit 0 ;; - AViiON:dgux:*:*) - # DG/UX returns AViiON for all architectures - UNAME_PROCESSOR=`/usr/bin/uname -p` - if [ $UNAME_PROCESSOR = mc88100 -o $UNAME_PROCESSOR = mc88110 ] ; then - if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx \ - -o ${TARGET_BINARY_INTERFACE}x = x ] ; then - echo m88k-dg-dgux${UNAME_RELEASE} - else - echo m88k-dg-dguxbcs${UNAME_RELEASE} - fi - else echo i586-dg-dgux${UNAME_RELEASE} - fi - exit 0 ;; - M88*:DolphinOS:*:*) # DolphinOS (SVR3) - echo m88k-dolphin-sysv3 - exit 0 ;; - M88*:*:R3*:*) - # Delta 88k system running SVR3 - echo m88k-motorola-sysv3 - exit 0 ;; - XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) - echo m88k-tektronix-sysv3 - exit 0 ;; - Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) - echo m68k-tektronix-bsd - exit 0 ;; - *:IRIX*:*:*) - echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` - exit 0 ;; - ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. - echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id - exit 0 ;; # Note that: echo "'`uname -s`'" gives 'AIX ' - i?86:AIX:*:*) - echo i386-ibm-aix - exit 0 ;; - *:AIX:2:3) - if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then - sed 's/^ //' << EOF >dummy.c - #include - - main() - { - if (!__power_pc()) - exit(1); - puts("powerpc-ibm-aix3.2.5"); - exit(0); - } -EOF - ${CC-cc} dummy.c -o dummy && ./dummy && rm dummy.c dummy && exit 0 - rm -f dummy.c dummy - echo rs6000-ibm-aix3.2.5 - elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then - echo rs6000-ibm-aix3.2.4 - else - echo rs6000-ibm-aix3.2 - fi - exit 0 ;; - *:AIX:*:4) - if /usr/sbin/lsattr -EHl proc0 | grep POWER >/dev/null 2>&1; then - IBM_ARCH=rs6000 - else - IBM_ARCH=powerpc - fi - if [ -x /usr/bin/oslevel ] ; then - IBM_REV=`/usr/bin/oslevel` - else - IBM_REV=4.${UNAME_RELEASE} - fi - echo ${IBM_ARCH}-ibm-aix${IBM_REV} - exit 0 ;; - *:AIX:*:*) - echo rs6000-ibm-aix - exit 0 ;; - ibmrt:4.4BSD:*|romp-ibm:BSD:*) - echo romp-ibm-bsd4.4 - exit 0 ;; - ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC NetBSD and - echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to - exit 0 ;; # report: romp-ibm BSD 4.3 - *:BOSX:*:*) - echo rs6000-bull-bosx - exit 0 ;; - DPX/2?00:B.O.S.:*:*) - echo m68k-bull-sysv3 - exit 0 ;; - 9000/[34]??:4.3bsd:1.*:*) - echo m68k-hp-bsd - exit 0 ;; - hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) - echo m68k-hp-bsd4.4 - exit 0 ;; - 9000/[3478]??:HP-UX:*:*) - case "${UNAME_MACHINE}" in - 9000/31? ) HP_ARCH=m68000 ;; - 9000/[34]?? ) HP_ARCH=m68k ;; - 9000/7?? | 9000/8?[1679] ) HP_ARCH=hppa1.1 ;; - 9000/8?? ) HP_ARCH=hppa1.0 ;; - esac - HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` - echo ${HP_ARCH}-hp-hpux${HPUX_REV} - exit 0 ;; - 3050*:HI-UX:*:*) - sed 's/^ //' << EOF >dummy.c - #include - int - main () - { - long cpu = sysconf (_SC_CPU_VERSION); - /* The order matters, because CPU_IS_HP_MC68K erroneously returns - true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct - results, however. */ - if (CPU_IS_PA_RISC (cpu)) - { - switch (cpu) - { - case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; - case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; - case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; - default: puts ("hppa-hitachi-hiuxwe2"); break; - } - } - else if (CPU_IS_HP_MC68K (cpu)) - puts ("m68k-hitachi-hiuxwe2"); - else puts ("unknown-hitachi-hiuxwe2"); - exit (0); - } -EOF - ${CC-cc} dummy.c -o dummy && ./dummy && rm dummy.c dummy && exit 0 - rm -f dummy.c dummy - echo unknown-hitachi-hiuxwe2 - exit 0 ;; - 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) - echo hppa1.1-hp-bsd - exit 0 ;; - 9000/8??:4.3bsd:*:*) - echo hppa1.0-hp-bsd - exit 0 ;; - hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) - echo hppa1.1-hp-osf - exit 0 ;; - hp8??:OSF1:*:*) - echo hppa1.0-hp-osf - exit 0 ;; - i?86:OSF1:*:*) - if [ -x /usr/sbin/sysversion ] ; then - echo ${UNAME_MACHINE}-unknown-osf1mk - else - echo ${UNAME_MACHINE}-unknown-osf1 - fi - exit 0 ;; - parisc*:Lites*:*:*) - echo hppa1.1-hp-lites - exit 0 ;; - C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) - echo c1-convex-bsd - exit 0 ;; - C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) - if getsysinfo -f scalar_acc - then echo c32-convex-bsd - else echo c2-convex-bsd - fi - exit 0 ;; - C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) - echo c34-convex-bsd - exit 0 ;; - C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) - echo c38-convex-bsd - exit 0 ;; - C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) - echo c4-convex-bsd - exit 0 ;; - CRAY*X-MP:*:*:*) - echo xmp-cray-unicos - exit 0 ;; - CRAY*Y-MP:*:*:*) - echo ymp-cray-unicos${UNAME_RELEASE} - exit 0 ;; - CRAY*[A-Z]90:*:*:*) - echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ - | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ - -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ - exit 0 ;; - CRAY*TS:*:*:*) - echo t90-cray-unicos${UNAME_RELEASE} - exit 0 ;; - CRAY-2:*:*:*) - echo cray2-cray-unicos - exit 0 ;; - F300:UNIX_System_V:*:*) - FUJITSU_SYS=`uname -p | tr [A-Z] [a-z] | sed -e 's/\///'` - FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` - echo "f300-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" - exit 0 ;; - F301:UNIX_System_V:*:*) - echo f301-fujitsu-uxpv`echo $UNAME_RELEASE | sed 's/ .*//'` - exit 0 ;; - hp3[0-9][05]:NetBSD:*:*) - echo m68k-hp-netbsd${UNAME_RELEASE} - exit 0 ;; - hp3[0-9][05]:OpenBSD:*:*) - echo m68k-hp-openbsd${UNAME_RELEASE} - exit 0 ;; - i?86:BSD/386:*:* | *:BSD/OS:*:*) - echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} - exit 0 ;; - *:FreeBSD:*:*) - echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` - exit 0 ;; - *:NetBSD:*:*) - echo ${UNAME_MACHINE}-unknown-netbsd`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` - exit 0 ;; - *:OpenBSD:*:*) - echo ${UNAME_MACHINE}-unknown-openbsd`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` - exit 0 ;; - i*:CYGWIN*:*) - echo i386-pc-cygwin32 - exit 0 ;; - p*:CYGWIN*:*) - echo powerpcle-unknown-cygwin32 - exit 0 ;; - prep*:SunOS:5.*:*) - echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit 0 ;; - *:GNU:*:*) - echo `echo ${UNAME_MACHINE}|sed -e 's,/.*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` - exit 0 ;; - *:Linux:*:*) - # The BFD linker knows what the default object file format is, so - # first see if it will tell us. - ld_help_string=`ld --help 2>&1` - if echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: elf_i.86"; then - echo "${UNAME_MACHINE}-pc-linux-gnu" ; exit 0 - elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: i.86linux"; then - echo "${UNAME_MACHINE}-pc-linux-gnuaout" ; exit 0 - elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: i.86coff"; then - echo "${UNAME_MACHINE}-pc-linux-gnucoff" ; exit 0 - elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: m68kelf"; then - echo "${UNAME_MACHINE}-unknown-linux-gnu" ; exit 0 - elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: m68klinux"; then - echo "${UNAME_MACHINE}-unknown-linux-gnuaout" ; exit 0 - elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: elf32ppc"; then - echo "powerpc-unknown-linux-gnu" ; exit 0 - elif test "${UNAME_MACHINE}" = "alpha" ; then - echo alpha-unknown-linux-gnu ; exit 0 - elif test "${UNAME_MACHINE}" = "sparc" ; then - echo sparc-unknown-linux-gnu ; exit 0 - else - # Either a pre-BFD a.out linker (linux-gnuoldld) or one that does not give us - # useful --help. Gcc wants to distinguish between linux-gnuoldld and linux-gnuaout. - test ! -d /usr/lib/ldscripts/. \ - && echo "${UNAME_MACHINE}-pc-linux-gnuoldld" && exit 0 - # Determine whether the default compiler is a.out or elf - cat >dummy.c </dev/null && ./dummy "${UNAME_MACHINE}" && rm dummy.c dummy && exit 0 - rm -f dummy.c dummy - fi ;; -# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. earlier versions -# are messed up and put the nodename in both sysname and nodename. - i?86:DYNIX/ptx:4*:*) - echo i386-sequent-sysv4 - exit 0 ;; - i?86:*:4.*:* | i?86:SYSTEM_V:4.*:*) - if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then - echo ${UNAME_MACHINE}-univel-sysv${UNAME_RELEASE} - else - echo ${UNAME_MACHINE}-pc-sysv${UNAME_RELEASE} - fi - exit 0 ;; - i?86:*:3.2:*) - if test -f /usr/options/cb.name; then - UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then - UNAME_REL=`(/bin/uname -X|egrep Release|sed -e 's/.*= //')` - (/bin/uname -X|egrep i80486 >/dev/null) && UNAME_MACHINE=i486 - (/bin/uname -X|egrep '^Machine.*Pentium' >/dev/null) \ - && UNAME_MACHINE=i586 - echo ${UNAME_MACHINE}-pc-sco$UNAME_REL - else - echo ${UNAME_MACHINE}-pc-sysv32 - fi - exit 0 ;; - Intel:Mach:3*:*) - echo i386-pc-mach3 - exit 0 ;; - paragon:*:*:*) - echo i860-intel-osf1 - exit 0 ;; - i860:*:4.*:*) # i860-SVR4 - if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then - echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 - else # Add other i860-SVR4 vendors below as they are discovered. - echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 - fi - exit 0 ;; - mini*:CTIX:SYS*5:*) - # "miniframe" - echo m68010-convergent-sysv - exit 0 ;; - M68*:*:R3V[567]*:*) - test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;; - 3[34]??:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 4850:*:4.0:3.0) - OS_REL='' - test -r /etc/.relid \ - && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` - /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ - && echo i486-ncr-sysv4.3${OS_REL} && exit 0 - /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ - && echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;; - 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) - /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ - && echo i486-ncr-sysv4 && exit 0 ;; - m68*:LynxOS:2.*:*) - echo m68k-unknown-lynxos${UNAME_RELEASE} - exit 0 ;; - mc68030:UNIX_System_V:4.*:*) - echo m68k-atari-sysv4 - exit 0 ;; - i?86:LynxOS:2.*:*) - echo i386-unknown-lynxos${UNAME_RELEASE} - exit 0 ;; - TSUNAMI:LynxOS:2.*:*) - echo sparc-unknown-lynxos${UNAME_RELEASE} - exit 0 ;; - rs6000:LynxOS:2.*:* | PowerPC:LynxOS:2.*:*) - echo rs6000-unknown-lynxos${UNAME_RELEASE} - exit 0 ;; - SM[BE]S:UNIX_SV:*:*) - echo mips-dde-sysv${UNAME_RELEASE} - exit 0 ;; - RM*:SINIX-*:*:*) - echo mips-sni-sysv4 - exit 0 ;; - *:SINIX-*:*:*) - if uname -p 2>/dev/null >/dev/null ; then - UNAME_MACHINE=`(uname -p) 2>/dev/null` - echo ${UNAME_MACHINE}-sni-sysv4 - else - echo ns32k-sni-sysv - fi - exit 0 ;; - *:UNIX_System_V:4*:FTX*) - # From Gerald Hewes . - # How about differentiating between stratus architectures? -djm - echo hppa1.1-stratus-sysv4 - exit 0 ;; - *:*:*:FTX*) - # From seanf@swdc.stratus.com. - echo i860-stratus-sysv4 - exit 0 ;; - mc68*:A/UX:*:*) - echo m68k-apple-aux${UNAME_RELEASE} - exit 0 ;; - R3000:*System_V*:*:* | R4000:UNIX_SYSV:*:*) - if [ -d /usr/nec ]; then - echo mips-nec-sysv${UNAME_RELEASE} - else - echo mips-unknown-sysv${UNAME_RELEASE} - fi - exit 0 ;; - PENTIUM:CPunix:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort - # says - echo i586-unisys-sysv4 - exit 0 ;; -esac - -#echo '(No uname command or uname output not recognized.)' 1>&2 -#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 - -cat >dummy.c < -# include -#endif -main () -{ -#if defined (sony) -#if defined (MIPSEB) - /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, - I don't know.... */ - printf ("mips-sony-bsd\n"); exit (0); -#else -#include - printf ("m68k-sony-newsos%s\n", -#ifdef NEWSOS4 - "4" -#else - "" -#endif - ); exit (0); -#endif -#endif - -#if defined (__arm) && defined (__acorn) && defined (__unix) - printf ("arm-acorn-riscix"); exit (0); -#endif - -#if defined (hp300) && !defined (hpux) - printf ("m68k-hp-bsd\n"); exit (0); -#endif - -#if defined (NeXT) -#if !defined (__ARCHITECTURE__) -#define __ARCHITECTURE__ "m68k" -#endif - int version; - version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; - printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); - exit (0); -#endif - -#if defined (MULTIMAX) || defined (n16) -#if defined (UMAXV) - printf ("ns32k-encore-sysv\n"); exit (0); -#else -#if defined (CMU) - printf ("ns32k-encore-mach\n"); exit (0); -#else - printf ("ns32k-encore-bsd\n"); exit (0); -#endif -#endif -#endif - -#if defined (__386BSD__) - printf ("i386-pc-bsd\n"); exit (0); -#endif - -#if defined (sequent) -#if defined (i386) - printf ("i386-sequent-dynix\n"); exit (0); -#endif -#if defined (ns32000) - printf ("ns32k-sequent-dynix\n"); exit (0); -#endif -#endif - -#if defined (_SEQUENT_) - struct utsname un; - - uname(&un); - - if (strncmp(un.version, "V2", 2) == 0) { - printf ("i386-sequent-ptx2\n"); exit (0); - } - if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ - printf ("i386-sequent-ptx1\n"); exit (0); - } - printf ("i386-sequent-ptx\n"); exit (0); - -#endif - -#if defined (vax) -#if !defined (ultrix) - printf ("vax-dec-bsd\n"); exit (0); -#else - printf ("vax-dec-ultrix\n"); exit (0); -#endif -#endif - -#if defined (alliant) && defined (i860) - printf ("i860-alliant-bsd\n"); exit (0); -#endif - - exit (1); -} -EOF - -${CC-cc} dummy.c -o dummy 2>/dev/null && ./dummy && rm dummy.c dummy && exit 0 -rm -f dummy.c dummy - -# Apollos put the system type in the environment. - -test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; } - -# Convex versions that predate uname can use getsysinfo(1) - -if [ -x /usr/convex/getsysinfo ] -then - case `getsysinfo -f cpu_type` in - c1*) - echo c1-convex-bsd - exit 0 ;; - c2*) - if getsysinfo -f scalar_acc - then echo c32-convex-bsd - else echo c2-convex-bsd - fi - exit 0 ;; - c34*) - echo c34-convex-bsd - exit 0 ;; - c38*) - echo c38-convex-bsd - exit 0 ;; - c4*) - echo c4-convex-bsd - exit 0 ;; - esac -fi - -#echo '(Unable to guess system type)' 1>&2 - -exit 1 diff --git a/contrib/nslint-2.1a3/configure b/contrib/nslint-2.1a3/configure deleted file mode 100644 index db5c53e8df..0000000000 --- a/contrib/nslint-2.1a3/configure +++ /dev/null @@ -1,1905 +0,0 @@ -#! /bin/sh - -# Guess values for system-dependent variables and create Makefiles. -# Generated automatically using autoconf version 2.13 -# Copyright (C) 1992, 93, 94, 95, 96 Free Software Foundation, Inc. -# -# This configure script is free software; the Free Software Foundation -# gives unlimited permission to copy, distribute and modify it. - -# Defaults: -ac_help= -ac_default_prefix=/usr/local -# Any additions from configure.in: -ac_help="$ac_help - --without-gcc don't use gcc" - -# Initialize some variables set by options. -# The variables have the same names as the options, with -# dashes changed to underlines. -build=NONE -cache_file=./config.cache -exec_prefix=NONE -host=NONE -no_create= -nonopt=NONE -no_recursion= -prefix=NONE -program_prefix=NONE -program_suffix=NONE -program_transform_name=s,x,x, -silent= -site= -srcdir= -target=NONE -verbose= -x_includes=NONE -x_libraries=NONE -bindir='${exec_prefix}/bin' -sbindir='${exec_prefix}/sbin' -libexecdir='${exec_prefix}/libexec' -datadir='${prefix}/share' -sysconfdir='${prefix}/etc' -sharedstatedir='${prefix}/com' -localstatedir='${prefix}/var' -libdir='${exec_prefix}/lib' -includedir='${prefix}/include' -oldincludedir='/usr/include' -infodir='${prefix}/info' -mandir='${prefix}/man' - -# Initialize some other variables. -subdirs= -MFLAGS= MAKEFLAGS= -SHELL=${CONFIG_SHELL-/bin/sh} -# Maximum number of lines to put in a shell here document. -ac_max_here_lines=12 - -ac_prev= -for ac_option -do - - # If the previous option needs an argument, assign it. - if test -n "$ac_prev"; then - eval "$ac_prev=\$ac_option" - ac_prev= - continue - fi - - case "$ac_option" in - -*=*) ac_optarg=`echo "$ac_option" | sed 's/[-_a-zA-Z0-9]*=//'` ;; - *) ac_optarg= ;; - esac - - # Accept the important Cygnus configure options, so we can diagnose typos. - - case "$ac_option" in - - -bindir | --bindir | --bindi | --bind | --bin | --bi) - ac_prev=bindir ;; - -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) - bindir="$ac_optarg" ;; - - -build | --build | --buil | --bui | --bu) - ac_prev=build ;; - -build=* | --build=* | --buil=* | --bui=* | --bu=*) - build="$ac_optarg" ;; - - -cache-file | --cache-file | --cache-fil | --cache-fi \ - | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) - ac_prev=cache_file ;; - -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ - | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) - cache_file="$ac_optarg" ;; - - -datadir | --datadir | --datadi | --datad | --data | --dat | --da) - ac_prev=datadir ;; - -datadir=* | --datadir=* | --datadi=* | --datad=* | --data=* | --dat=* \ - | --da=*) - datadir="$ac_optarg" ;; - - -disable-* | --disable-*) - ac_feature=`echo $ac_option|sed -e 's/-*disable-//'` - # Reject names that are not valid shell variable names. - if test -n "`echo $ac_feature| sed 's/[-a-zA-Z0-9_]//g'`"; then - { echo "configure: error: $ac_feature: invalid feature name" 1>&2; exit 1; } - fi - ac_feature=`echo $ac_feature| sed 's/-/_/g'` - eval "enable_${ac_feature}=no" ;; - - -enable-* | --enable-*) - ac_feature=`echo $ac_option|sed -e 's/-*enable-//' -e 's/=.*//'` - # Reject names that are not valid shell variable names. - if test -n "`echo $ac_feature| sed 's/[-_a-zA-Z0-9]//g'`"; then - { echo "configure: error: $ac_feature: invalid feature name" 1>&2; exit 1; } - fi - ac_feature=`echo $ac_feature| sed 's/-/_/g'` - case "$ac_option" in - *=*) ;; - *) ac_optarg=yes ;; - esac - eval "enable_${ac_feature}='$ac_optarg'" ;; - - -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ - | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ - | --exec | --exe | --ex) - ac_prev=exec_prefix ;; - -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ - | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ - | --exec=* | --exe=* | --ex=*) - exec_prefix="$ac_optarg" ;; - - -gas | --gas | --ga | --g) - # Obsolete; use --with-gas. - with_gas=yes ;; - - -help | --help | --hel | --he) - # Omit some internal or obsolete options to make the list less imposing. - # This message is too long to be a string in the A/UX 3.1 sh. - cat << EOF -Usage: configure [options] [host] -Options: [defaults in brackets after descriptions] -Configuration: - --cache-file=FILE cache test results in FILE - --help print this message - --no-create do not create output files - --quiet, --silent do not print \`checking...' messages - --version print the version of autoconf that created configure -Directory and file names: - --prefix=PREFIX install architecture-independent files in PREFIX - [$ac_default_prefix] - --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX - [same as prefix] - --bindir=DIR user executables in DIR [EPREFIX/bin] - --sbindir=DIR system admin executables in DIR [EPREFIX/sbin] - --libexecdir=DIR program executables in DIR [EPREFIX/libexec] - --datadir=DIR read-only architecture-independent data in DIR - [PREFIX/share] - --sysconfdir=DIR read-only single-machine data in DIR [PREFIX/etc] - --sharedstatedir=DIR modifiable architecture-independent data in DIR - [PREFIX/com] - --localstatedir=DIR modifiable single-machine data in DIR [PREFIX/var] - --libdir=DIR object code libraries in DIR [EPREFIX/lib] - --includedir=DIR C header files in DIR [PREFIX/include] - --oldincludedir=DIR C header files for non-gcc in DIR [/usr/include] - --infodir=DIR info documentation in DIR [PREFIX/info] - --mandir=DIR man documentation in DIR [PREFIX/man] - --srcdir=DIR find the sources in DIR [configure dir or ..] - --program-prefix=PREFIX prepend PREFIX to installed program names - --program-suffix=SUFFIX append SUFFIX to installed program names - --program-transform-name=PROGRAM - run sed PROGRAM on installed program names -EOF - cat << EOF -Host type: - --build=BUILD configure for building on BUILD [BUILD=HOST] - --host=HOST configure for HOST [guessed] - --target=TARGET configure for TARGET [TARGET=HOST] -Features and packages: - --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) - --enable-FEATURE[=ARG] include FEATURE [ARG=yes] - --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] - --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) - --x-includes=DIR X include files are in DIR - --x-libraries=DIR X library files are in DIR -EOF - if test -n "$ac_help"; then - echo "--enable and --with options recognized:$ac_help" - fi - exit 0 ;; - - -host | --host | --hos | --ho) - ac_prev=host ;; - -host=* | --host=* | --hos=* | --ho=*) - host="$ac_optarg" ;; - - -includedir | --includedir | --includedi | --included | --include \ - | --includ | --inclu | --incl | --inc) - ac_prev=includedir ;; - -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ - | --includ=* | --inclu=* | --incl=* | --inc=*) - includedir="$ac_optarg" ;; - - -infodir | --infodir | --infodi | --infod | --info | --inf) - ac_prev=infodir ;; - -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) - infodir="$ac_optarg" ;; - - -libdir | --libdir | --libdi | --libd) - ac_prev=libdir ;; - -libdir=* | --libdir=* | --libdi=* | --libd=*) - libdir="$ac_optarg" ;; - - -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ - | --libexe | --libex | --libe) - ac_prev=libexecdir ;; - -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ - | --libexe=* | --libex=* | --libe=*) - libexecdir="$ac_optarg" ;; - - -localstatedir | --localstatedir | --localstatedi | --localstated \ - | --localstate | --localstat | --localsta | --localst \ - | --locals | --local | --loca | --loc | --lo) - ac_prev=localstatedir ;; - -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ - | --localstate=* | --localstat=* | --localsta=* | --localst=* \ - | --locals=* | --local=* | --loca=* | --loc=* | --lo=*) - localstatedir="$ac_optarg" ;; - - -mandir | --mandir | --mandi | --mand | --man | --ma | --m) - ac_prev=mandir ;; - -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) - mandir="$ac_optarg" ;; - - -nfp | --nfp | --nf) - # Obsolete; use --without-fp. - with_fp=no ;; - - -no-create | --no-create | --no-creat | --no-crea | --no-cre \ - | --no-cr | --no-c) - no_create=yes ;; - - -no-recursion | --no-recursion | --no-recursio | --no-recursi \ - | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) - no_recursion=yes ;; - - -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ - | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ - | --oldin | --oldi | --old | --ol | --o) - ac_prev=oldincludedir ;; - -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ - | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ - | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) - oldincludedir="$ac_optarg" ;; - - -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) - ac_prev=prefix ;; - -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) - prefix="$ac_optarg" ;; - - -program-prefix | --program-prefix | --program-prefi | --program-pref \ - | --program-pre | --program-pr | --program-p) - ac_prev=program_prefix ;; - -program-prefix=* | --program-prefix=* | --program-prefi=* \ - | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) - program_prefix="$ac_optarg" ;; - - -program-suffix | --program-suffix | --program-suffi | --program-suff \ - | --program-suf | --program-su | --program-s) - ac_prev=program_suffix ;; - -program-suffix=* | --program-suffix=* | --program-suffi=* \ - | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) - program_suffix="$ac_optarg" ;; - - -program-transform-name | --program-transform-name \ - | --program-transform-nam | --program-transform-na \ - | --program-transform-n | --program-transform- \ - | --program-transform | --program-transfor \ - | --program-transfo | --program-transf \ - | --program-trans | --program-tran \ - | --progr-tra | --program-tr | --program-t) - ac_prev=program_transform_name ;; - -program-transform-name=* | --program-transform-name=* \ - | --program-transform-nam=* | --program-transform-na=* \ - | --program-transform-n=* | --program-transform-=* \ - | --program-transform=* | --program-transfor=* \ - | --program-transfo=* | --program-transf=* \ - | --program-trans=* | --program-tran=* \ - | --progr-tra=* | --program-tr=* | --program-t=*) - program_transform_name="$ac_optarg" ;; - - -q | -quiet | --quiet | --quie | --qui | --qu | --q \ - | -silent | --silent | --silen | --sile | --sil) - silent=yes ;; - - -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) - ac_prev=sbindir ;; - -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ - | --sbi=* | --sb=*) - sbindir="$ac_optarg" ;; - - -sharedstatedir | --sharedstatedir | --sharedstatedi \ - | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ - | --sharedst | --shareds | --shared | --share | --shar \ - | --sha | --sh) - ac_prev=sharedstatedir ;; - -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ - | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ - | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ - | --sha=* | --sh=*) - sharedstatedir="$ac_optarg" ;; - - -site | --site | --sit) - ac_prev=site ;; - -site=* | --site=* | --sit=*) - site="$ac_optarg" ;; - - -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) - ac_prev=srcdir ;; - -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) - srcdir="$ac_optarg" ;; - - -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ - | --syscon | --sysco | --sysc | --sys | --sy) - ac_prev=sysconfdir ;; - -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ - | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) - sysconfdir="$ac_optarg" ;; - - -target | --target | --targe | --targ | --tar | --ta | --t) - ac_prev=target ;; - -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) - target="$ac_optarg" ;; - - -v | -verbose | --verbose | --verbos | --verbo | --verb) - verbose=yes ;; - - -version | --version | --versio | --versi | --vers) - echo "configure generated by autoconf version 2.13" - exit 0 ;; - - -with-* | --with-*) - ac_package=`echo $ac_option|sed -e 's/-*with-//' -e 's/=.*//'` - # Reject names that are not valid shell variable names. - if test -n "`echo $ac_package| sed 's/[-_a-zA-Z0-9]//g'`"; then - { echo "configure: error: $ac_package: invalid package name" 1>&2; exit 1; } - fi - ac_package=`echo $ac_package| sed 's/-/_/g'` - case "$ac_option" in - *=*) ;; - *) ac_optarg=yes ;; - esac - eval "with_${ac_package}='$ac_optarg'" ;; - - -without-* | --without-*) - ac_package=`echo $ac_option|sed -e 's/-*without-//'` - # Reject names that are not valid shell variable names. - if test -n "`echo $ac_package| sed 's/[-a-zA-Z0-9_]//g'`"; then - { echo "configure: error: $ac_package: invalid package name" 1>&2; exit 1; } - fi - ac_package=`echo $ac_package| sed 's/-/_/g'` - eval "with_${ac_package}=no" ;; - - --x) - # Obsolete; use --with-x. - with_x=yes ;; - - -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ - | --x-incl | --x-inc | --x-in | --x-i) - ac_prev=x_includes ;; - -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ - | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) - x_includes="$ac_optarg" ;; - - -x-libraries | --x-libraries | --x-librarie | --x-librari \ - | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) - ac_prev=x_libraries ;; - -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ - | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) - x_libraries="$ac_optarg" ;; - - -*) { echo "configure: error: $ac_option: invalid option; use --help to show usage" 1>&2; exit 1; } - ;; - - *) - if test -n "`echo $ac_option| sed 's/[-a-z0-9.]//g'`"; then - echo "configure: warning: $ac_option: invalid host type" 1>&2 - fi - if test "x$nonopt" != xNONE; then - { echo "configure: error: can only configure for one host and one target at a time" 1>&2; exit 1; } - fi - nonopt="$ac_option" - ;; - - esac -done - -if test -n "$ac_prev"; then - { echo "configure: error: missing argument to --`echo $ac_prev | sed 's/_/-/g'`" 1>&2; exit 1; } -fi - -trap 'rm -fr conftest* confdefs* core core.* *.core $ac_clean_files; exit 1' 1 2 15 - -# File descriptor usage: -# 0 standard input -# 1 file creation -# 2 errors and warnings -# 3 some systems may open it to /dev/tty -# 4 used on the Kubota Titan -# 6 checking for... messages and results -# 5 compiler messages saved in config.log -if test "$silent" = yes; then - exec 6>/dev/null -else - exec 6>&1 -fi -exec 5>./config.log - -echo "\ -This file contains any messages produced by compilers while -running configure, to aid debugging if configure makes a mistake. -" 1>&5 - -# Strip out --no-create and --no-recursion so they do not pile up. -# Also quote any args containing shell metacharacters. -ac_configure_args= -for ac_arg -do - case "$ac_arg" in - -no-create | --no-create | --no-creat | --no-crea | --no-cre \ - | --no-cr | --no-c) ;; - -no-recursion | --no-recursion | --no-recursio | --no-recursi \ - | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) ;; - *" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?]*) - ac_configure_args="$ac_configure_args '$ac_arg'" ;; - *) ac_configure_args="$ac_configure_args $ac_arg" ;; - esac -done - -# NLS nuisances. -# Only set these to C if already set. These must not be set unconditionally -# because not all systems understand e.g. LANG=C (notably SCO). -# Fixing LC_MESSAGES prevents Solaris sh from translating var values in `set'! -# Non-C LC_CTYPE values break the ctype check. -if test "${LANG+set}" = set; then LANG=C; export LANG; fi -if test "${LC_ALL+set}" = set; then LC_ALL=C; export LC_ALL; fi -if test "${LC_MESSAGES+set}" = set; then LC_MESSAGES=C; export LC_MESSAGES; fi -if test "${LC_CTYPE+set}" = set; then LC_CTYPE=C; export LC_CTYPE; fi - -# confdefs.h avoids OS command line length limits that DEFS can exceed. -rm -rf conftest* confdefs.h -# AIX cpp loses on an empty file, so make sure it contains at least a newline. -echo > confdefs.h - -# A filename unique to this package, relative to the directory that -# configure is in, which we can look for to find out if srcdir is correct. -ac_unique_file=nslint.c - -# Find the source files, if location was not specified. -if test -z "$srcdir"; then - ac_srcdir_defaulted=yes - # Try the directory containing this script, then its parent. - ac_prog=$0 - ac_confdir=`echo $ac_prog|sed 's%/[^/][^/]*$%%'` - test "x$ac_confdir" = "x$ac_prog" && ac_confdir=. - srcdir=$ac_confdir - if test ! -r $srcdir/$ac_unique_file; then - srcdir=.. - fi -else - ac_srcdir_defaulted=no -fi -if test ! -r $srcdir/$ac_unique_file; then - if test "$ac_srcdir_defaulted" = yes; then - { echo "configure: error: can not find sources in $ac_confdir or .." 1>&2; exit 1; } - else - { echo "configure: error: can not find sources in $srcdir" 1>&2; exit 1; } - fi -fi -srcdir=`echo "${srcdir}" | sed 's%\([^/]\)/*$%\1%'` - -# Prefer explicitly selected file to automatically selected ones. -if test -z "$CONFIG_SITE"; then - if test "x$prefix" != xNONE; then - CONFIG_SITE="$prefix/share/config.site $prefix/etc/config.site" - else - CONFIG_SITE="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site" - fi -fi -for ac_site_file in $CONFIG_SITE; do - if test -r "$ac_site_file"; then - echo "loading site script $ac_site_file" - . "$ac_site_file" - fi -done - -if test -r "$cache_file"; then - echo "loading cache $cache_file" - . $cache_file -else - echo "creating cache $cache_file" - > $cache_file -fi - -ac_ext=c -# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. -ac_cpp='$CPP $CPPFLAGS' -ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' -ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' -cross_compiling=$ac_cv_prog_cc_cross - -ac_exeext= -ac_objext=o -if (echo "testing\c"; echo 1,2,3) | grep c >/dev/null; then - # Stardent Vistra SVR4 grep lacks -e, says ghazi@caip.rutgers.edu. - if (echo -n testing; echo 1,2,3) | sed s/-n/xn/ | grep xn >/dev/null; then - ac_n= ac_c=' -' ac_t=' ' - else - ac_n=-n ac_c= ac_t= - fi -else - ac_n= ac_c='\c' ac_t= -fi - - - -ac_aux_dir= -for ac_dir in $srcdir $srcdir/.. $srcdir/../..; do - if test -f $ac_dir/install-sh; then - ac_aux_dir=$ac_dir - ac_install_sh="$ac_aux_dir/install-sh -c" - break - elif test -f $ac_dir/install.sh; then - ac_aux_dir=$ac_dir - ac_install_sh="$ac_aux_dir/install.sh -c" - break - fi -done -if test -z "$ac_aux_dir"; then - { echo "configure: error: can not find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." 1>&2; exit 1; } -fi -ac_config_guess=$ac_aux_dir/config.guess -ac_config_sub=$ac_aux_dir/config.sub -ac_configure=$ac_aux_dir/configure # This should be Cygnus configure. - - -# Do some error checking and defaulting for the host and target type. -# The inputs are: -# configure --host=HOST --target=TARGET --build=BUILD NONOPT -# -# The rules are: -# 1. You are not allowed to specify --host, --target, and nonopt at the -# same time. -# 2. Host defaults to nonopt. -# 3. If nonopt is not specified, then host defaults to the current host, -# as determined by config.guess. -# 4. Target and build default to nonopt. -# 5. If nonopt is not specified, then target and build default to host. - -# The aliases save the names the user supplied, while $host etc. -# will get canonicalized. -case $host---$target---$nonopt in -NONE---*---* | *---NONE---* | *---*---NONE) ;; -*) { echo "configure: error: can only configure for one host and one target at a time" 1>&2; exit 1; } ;; -esac - - -# Make sure we can run config.sub. -if ${CONFIG_SHELL-/bin/sh} $ac_config_sub sun4 >/dev/null 2>&1; then : -else { echo "configure: error: can not run $ac_config_sub" 1>&2; exit 1; } -fi - -echo $ac_n "checking host system type""... $ac_c" 1>&6 -echo "configure:575: checking host system type" >&5 - -host_alias=$host -case "$host_alias" in -NONE) - case $nonopt in - NONE) - if host_alias=`${CONFIG_SHELL-/bin/sh} $ac_config_guess`; then : - else { echo "configure: error: can not guess host type; you must specify one" 1>&2; exit 1; } - fi ;; - *) host_alias=$nonopt ;; - esac ;; -esac - -host=`${CONFIG_SHELL-/bin/sh} $ac_config_sub $host_alias` -host_cpu=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` -host_vendor=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` -host_os=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` -echo "$ac_t""$host" 1>&6 - -echo $ac_n "checking target system type""... $ac_c" 1>&6 -echo "configure:596: checking target system type" >&5 - -target_alias=$target -case "$target_alias" in -NONE) - case $nonopt in - NONE) target_alias=$host_alias ;; - *) target_alias=$nonopt ;; - esac ;; -esac - -target=`${CONFIG_SHELL-/bin/sh} $ac_config_sub $target_alias` -target_cpu=`echo $target | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` -target_vendor=`echo $target | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` -target_os=`echo $target | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` -echo "$ac_t""$target" 1>&6 - -echo $ac_n "checking build system type""... $ac_c" 1>&6 -echo "configure:614: checking build system type" >&5 - -build_alias=$build -case "$build_alias" in -NONE) - case $nonopt in - NONE) build_alias=$host_alias ;; - *) build_alias=$nonopt ;; - esac ;; -esac - -build=`${CONFIG_SHELL-/bin/sh} $ac_config_sub $build_alias` -build_cpu=`echo $build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` -build_vendor=`echo $build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` -build_os=`echo $build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` -echo "$ac_t""$build" 1>&6 - -test "$host_alias" != "$target_alias" && - test "$program_prefix$program_suffix$program_transform_name" = \ - NONENONEs,x,x, && - program_prefix=${target_alias}- - - -umask 002 - -if test -z "$PWD" ; then - PWD=`pwd` -fi - - - - - - # Check whether --with-gcc or --without-gcc was given. -if test "${with_gcc+set}" = set; then - withval="$with_gcc" - : -fi - - V_CCOPT="-O" - V_INCLS="" - if test "${srcdir}" != "." ; then - V_INCLS="-I\$\(srcdir\)" - fi - if test "${CFLAGS+set}" = set; then - LBL_CFLAGS="$CFLAGS" - fi - if test -z "$CC" ; then - case "$target_os" in - - bsdi*) - # Extract the first word of "shlicc2", so it can be a program name with args. -set dummy shlicc2; ac_word=$2 -echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:668: checking for $ac_word" >&5 -if eval "test \"`echo '$''{'ac_cv_prog_SHLICC2'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - if test -n "$SHLICC2"; then - ac_cv_prog_SHLICC2="$SHLICC2" # Let the user override the test. -else - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" - ac_dummy="$PATH" - for ac_dir in $ac_dummy; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_prog_SHLICC2="yes" - break - fi - done - IFS="$ac_save_ifs" - test -z "$ac_cv_prog_SHLICC2" && ac_cv_prog_SHLICC2="no" -fi -fi -SHLICC2="$ac_cv_prog_SHLICC2" -if test -n "$SHLICC2"; then - echo "$ac_t""$SHLICC2" 1>&6 -else - echo "$ac_t""no" 1>&6 -fi - - if test $SHLICC2 = yes ; then - CC=shlicc2 - export CC - fi - ;; - esac - fi - if test -z "$CC" -a "$with_gcc" = no ; then - CC=cc - export CC - fi - # Extract the first word of "gcc", so it can be a program name with args. -set dummy gcc; ac_word=$2 -echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:709: checking for $ac_word" >&5 -if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. -else - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" - ac_dummy="$PATH" - for ac_dir in $ac_dummy; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_prog_CC="gcc" - break - fi - done - IFS="$ac_save_ifs" -fi -fi -CC="$ac_cv_prog_CC" -if test -n "$CC"; then - echo "$ac_t""$CC" 1>&6 -else - echo "$ac_t""no" 1>&6 -fi - -if test -z "$CC"; then - # Extract the first word of "cc", so it can be a program name with args. -set dummy cc; ac_word=$2 -echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:739: checking for $ac_word" >&5 -if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. -else - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" - ac_prog_rejected=no - ac_dummy="$PATH" - for ac_dir in $ac_dummy; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - if test "$ac_dir/$ac_word" = "/usr/ucb/cc"; then - ac_prog_rejected=yes - continue - fi - ac_cv_prog_CC="cc" - break - fi - done - IFS="$ac_save_ifs" -if test $ac_prog_rejected = yes; then - # We found a bogon in the path, so make sure we never use it. - set dummy $ac_cv_prog_CC - shift - if test $# -gt 0; then - # We chose a different compiler from the bogus one. - # However, it has the same basename, so the bogon will be chosen - # first if we set CC to just the basename; use the full file name. - shift - set dummy "$ac_dir/$ac_word" "$@" - shift - ac_cv_prog_CC="$@" - fi -fi -fi -fi -CC="$ac_cv_prog_CC" -if test -n "$CC"; then - echo "$ac_t""$CC" 1>&6 -else - echo "$ac_t""no" 1>&6 -fi - - if test -z "$CC"; then - case "`uname -s`" in - *win32* | *WIN32*) - # Extract the first word of "cl", so it can be a program name with args. -set dummy cl; ac_word=$2 -echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:790: checking for $ac_word" >&5 -if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. -else - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" - ac_dummy="$PATH" - for ac_dir in $ac_dummy; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_prog_CC="cl" - break - fi - done - IFS="$ac_save_ifs" -fi -fi -CC="$ac_cv_prog_CC" -if test -n "$CC"; then - echo "$ac_t""$CC" 1>&6 -else - echo "$ac_t""no" 1>&6 -fi - ;; - esac - fi - test -z "$CC" && { echo "configure: error: no acceptable cc found in \$PATH" 1>&2; exit 1; } -fi - -echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works""... $ac_c" 1>&6 -echo "configure:822: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5 - -ac_ext=c -# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. -ac_cpp='$CPP $CPPFLAGS' -ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' -ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' -cross_compiling=$ac_cv_prog_cc_cross - -cat > conftest.$ac_ext << EOF - -#line 833 "configure" -#include "confdefs.h" - -main(){return(0);} -EOF -if { (eval echo configure:838: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - ac_cv_prog_cc_works=yes - # If we can't run a trivial program, we are probably using a cross compiler. - if (./conftest; exit) 2>/dev/null; then - ac_cv_prog_cc_cross=no - else - ac_cv_prog_cc_cross=yes - fi -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - ac_cv_prog_cc_works=no -fi -rm -fr conftest* -ac_ext=c -# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. -ac_cpp='$CPP $CPPFLAGS' -ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' -ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' -cross_compiling=$ac_cv_prog_cc_cross - -echo "$ac_t""$ac_cv_prog_cc_works" 1>&6 -if test $ac_cv_prog_cc_works = no; then - { echo "configure: error: installation or configuration problem: C compiler cannot create executables." 1>&2; exit 1; } -fi -echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler""... $ac_c" 1>&6 -echo "configure:864: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5 -echo "$ac_t""$ac_cv_prog_cc_cross" 1>&6 -cross_compiling=$ac_cv_prog_cc_cross - -echo $ac_n "checking whether we are using GNU C""... $ac_c" 1>&6 -echo "configure:869: checking whether we are using GNU C" >&5 -if eval "test \"`echo '$''{'ac_cv_prog_gcc'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.c <&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then - ac_cv_prog_gcc=yes -else - ac_cv_prog_gcc=no -fi -fi - -echo "$ac_t""$ac_cv_prog_gcc" 1>&6 - -if test $ac_cv_prog_gcc = yes; then - GCC=yes -else - GCC= -fi - -ac_test_CFLAGS="${CFLAGS+set}" -ac_save_CFLAGS="$CFLAGS" -CFLAGS= -echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6 -echo "configure:897: checking whether ${CC-cc} accepts -g" >&5 -if eval "test \"`echo '$''{'ac_cv_prog_cc_g'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - echo 'void f(){}' > conftest.c -if test -z "`${CC-cc} -g -c conftest.c 2>&1`"; then - ac_cv_prog_cc_g=yes -else - ac_cv_prog_cc_g=no -fi -rm -f conftest* - -fi - -echo "$ac_t""$ac_cv_prog_cc_g" 1>&6 -if test "$ac_test_CFLAGS" = set; then - CFLAGS="$ac_save_CFLAGS" -elif test $ac_cv_prog_cc_g = yes; then - if test "$GCC" = yes; then - CFLAGS="-g -O2" - else - CFLAGS="-g" - fi -else - if test "$GCC" = yes; then - CFLAGS="-O2" - else - CFLAGS= - fi -fi - - if test "$GCC" != yes ; then - echo $ac_n "checking that $CC handles ansi prototypes""... $ac_c" 1>&6 -echo "configure:930: checking that $CC handles ansi prototypes" >&5 - if eval "test \"`echo '$''{'ac_cv_lbl_cc_ansi_prototypes'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext < -int main() { -int frob(int, char *) -; return 0; } -EOF -if { (eval echo configure:942: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then - rm -rf conftest* - ac_cv_lbl_cc_ansi_prototypes=yes -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - ac_cv_lbl_cc_ansi_prototypes=no -fi -rm -f conftest* -fi - - echo "$ac_t""$ac_cv_lbl_cc_ansi_prototypes" 1>&6 - if test $ac_cv_lbl_cc_ansi_prototypes = no ; then - case "$target_os" in - - hpux*) - echo $ac_n "checking for HP-UX ansi compiler ($CC -Aa -D_HPUX_SOURCE)""... $ac_c" 1>&6 -echo "configure:960: checking for HP-UX ansi compiler ($CC -Aa -D_HPUX_SOURCE)" >&5 - savedcflags="$CFLAGS" - CFLAGS="-Aa -D_HPUX_SOURCE $CFLAGS" - if eval "test \"`echo '$''{'ac_cv_lbl_cc_hpux_cc_aa'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext < -int main() { -int frob(int, char *) -; return 0; } -EOF -if { (eval echo configure:974: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then - rm -rf conftest* - ac_cv_lbl_cc_hpux_cc_aa=yes -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - ac_cv_lbl_cc_hpux_cc_aa=no -fi -rm -f conftest* -fi - - echo "$ac_t""$ac_cv_lbl_cc_hpux_cc_aa" 1>&6 - if test $ac_cv_lbl_cc_hpux_cc_aa = no ; then - { echo "configure: error: see the INSTALL doc for more info" 1>&2; exit 1; } - fi - CFLAGS="$savedcflags" - V_CCOPT="-Aa $V_CCOPT" - cat >> confdefs.h <<\EOF -#define _HPUX_SOURCE 1 -EOF - - ;; - - *) - { echo "configure: error: see the INSTALL doc for more info" 1>&2; exit 1; } - ;; - esac - fi - V_INCLS="$V_INCLS -I/usr/local/include" - LDFLAGS="$LDFLAGS -L/usr/local/lib" - - case "$target_os" in - - irix*) - V_CCOPT="$V_CCOPT -xansi -signed -g3" - ;; - - osf*) - V_CCOPT="$V_CCOPT -std1 -g3" - ;; - - ultrix*) - echo $ac_n "checking that Ultrix $CC hacks const in prototypes""... $ac_c" 1>&6 -echo "configure:1018: checking that Ultrix $CC hacks const in prototypes" >&5 - if eval "test \"`echo '$''{'ac_cv_lbl_cc_const_proto'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext < -int main() { -struct a { int b; }; - void c(const struct a *) -; return 0; } -EOF -if { (eval echo configure:1031: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then - rm -rf conftest* - ac_cv_lbl_cc_const_proto=yes -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - ac_cv_lbl_cc_const_proto=no -fi -rm -f conftest* -fi - - echo "$ac_t""$ac_cv_lbl_cc_const_proto" 1>&6 - if test $ac_cv_lbl_cc_const_proto = no ; then - cat >> confdefs.h <<\EOF -#define const -EOF - - fi - ;; - esac - fi - - -echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6 -echo "configure:1056: checking how to run the C preprocessor" >&5 -# On Suns, sometimes $CPP names a directory. -if test -n "$CPP" && test -d "$CPP"; then - CPP= -fi -if test -z "$CPP"; then -if eval "test \"`echo '$''{'ac_cv_prog_CPP'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - # This must be in double quotes, not single quotes, because CPP may get - # substituted into the Makefile and "${CC-cc}" will confuse make. - CPP="${CC-cc} -E" - # On the NeXT, cc -E runs the code through the compiler's parser, - # not just through cpp. - cat > conftest.$ac_ext < -Syntax Error -EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:1077: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` -if test -z "$ac_err"; then - : -else - echo "$ac_err" >&5 - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - CPP="${CC-cc} -E -traditional-cpp" - cat > conftest.$ac_ext < -Syntax Error -EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:1094: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` -if test -z "$ac_err"; then - : -else - echo "$ac_err" >&5 - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - CPP="${CC-cc} -nologo -E" - cat > conftest.$ac_ext < -Syntax Error -EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:1111: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` -if test -z "$ac_err"; then - : -else - echo "$ac_err" >&5 - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - CPP=/lib/cpp -fi -rm -f conftest* -fi -rm -f conftest* -fi -rm -f conftest* - ac_cv_prog_CPP="$CPP" -fi - CPP="$ac_cv_prog_CPP" -else - ac_cv_prog_CPP="$CPP" -fi -echo "$ac_t""$CPP" 1>&6 - -for ac_hdr in fcntl.h malloc.h memory.h -do -ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` -echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:1139: checking for $ac_hdr" >&5 -if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext < -EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:1149: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` -if test -z "$ac_err"; then - rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" -else - echo "$ac_err" >&5 - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_header_$ac_safe=no" -fi -rm -f conftest* -fi -if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` - cat >> confdefs.h <&6 -fi -done - - -for ac_func in strerror -do -echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:1179: checking for $ac_func" >&5 -if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext < -/* Override any gcc2 internal prototype to avoid an error. */ -/* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char $ac_func(); - -int main() { - -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined (__stub_$ac_func) || defined (__stub___$ac_func) -choke me -#else -$ac_func(); -#endif - -; return 0; } -EOF -if { (eval echo configure:1207: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_func_$ac_func=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_func_$ac_func=no" -fi -rm -f conftest* -fi - -if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` - cat >> confdefs.h <&6 -LIBOBJS="$LIBOBJS ${ac_func}.${ac_objext}" -fi -done - - -echo $ac_n "checking for main in -lnsl""... $ac_c" 1>&6 -echo "configure:1234: checking for main in -lnsl" >&5 -ac_lib_var=`echo nsl'_'main | sed 'y%./+-%__p_%'` -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - ac_save_LIBS="$LIBS" -LIBS="-lnsl $LIBS" -cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_lib=HAVE_LIB`echo nsl | sed -e 's/[^a-zA-Z0-9_]/_/g' \ - -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'` - cat >> confdefs.h <&6 -fi - -echo $ac_n "checking for main in -lsocket""... $ac_c" 1>&6 -echo "configure:1277: checking for main in -lsocket" >&5 -ac_lib_var=`echo socket'_'main | sed 'y%./+-%__p_%'` -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - ac_save_LIBS="$LIBS" -LIBS="-lsocket $LIBS" -cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_lib=HAVE_LIB`echo socket | sed -e 's/[^a-zA-Z0-9_]/_/g' \ - -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'` - cat >> confdefs.h <&6 -fi - - -echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6 -echo "configure:1321: checking for ANSI C header files" >&5 -if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext < -#include -#include -#include -EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:1334: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` -if test -z "$ac_err"; then - rm -rf conftest* - ac_cv_header_stdc=yes -else - echo "$ac_err" >&5 - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - ac_cv_header_stdc=no -fi -rm -f conftest* - -if test $ac_cv_header_stdc = yes; then - # SunOS 4.x string.h does not declare mem*, contrary to ANSI. -cat > conftest.$ac_ext < -EOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - egrep "memchr" >/dev/null 2>&1; then - : -else - rm -rf conftest* - ac_cv_header_stdc=no -fi -rm -f conftest* - -fi - -if test $ac_cv_header_stdc = yes; then - # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. -cat > conftest.$ac_ext < -EOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - egrep "free" >/dev/null 2>&1; then - : -else - rm -rf conftest* - ac_cv_header_stdc=no -fi -rm -f conftest* - -fi - -if test $ac_cv_header_stdc = yes; then - # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. -if test "$cross_compiling" = yes; then - : -else - cat > conftest.$ac_ext < -#define ISLOWER(c) ('a' <= (c) && (c) <= 'z') -#define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) -#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) -int main () { int i; for (i = 0; i < 256; i++) -if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) exit(2); -exit (0); } - -EOF -if { (eval echo configure:1401: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null -then - : -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -fr conftest* - ac_cv_header_stdc=no -fi -rm -fr conftest* -fi - -fi -fi - -echo "$ac_t""$ac_cv_header_stdc" 1>&6 -if test $ac_cv_header_stdc = yes; then - cat >> confdefs.h <<\EOF -#define STDC_HEADERS 1 -EOF - -fi - -echo $ac_n "checking for int32_t""... $ac_c" 1>&6 -echo "configure:1425: checking for int32_t" >&5 -if eval "test \"`echo '$''{'ac_cv_type_int32_t'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext < -#if STDC_HEADERS -#include -#include -#endif -EOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - egrep "(^|[^a-zA-Z_0-9])int32_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then - rm -rf conftest* - ac_cv_type_int32_t=yes -else - rm -rf conftest* - ac_cv_type_int32_t=no -fi -rm -f conftest* - -fi -echo "$ac_t""$ac_cv_type_int32_t" 1>&6 -if test $ac_cv_type_int32_t = no; then - cat >> confdefs.h <<\EOF -#define int32_t int -EOF - -fi - -echo $ac_n "checking for u_int32_t""... $ac_c" 1>&6 -echo "configure:1458: checking for u_int32_t" >&5 -if eval "test \"`echo '$''{'ac_cv_type_u_int32_t'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext < -#if STDC_HEADERS -#include -#include -#endif -EOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - egrep "(^|[^a-zA-Z_0-9])u_int32_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then - rm -rf conftest* - ac_cv_type_u_int32_t=yes -else - rm -rf conftest* - ac_cv_type_u_int32_t=no -fi -rm -f conftest* - -fi -echo "$ac_t""$ac_cv_type_u_int32_t" 1>&6 -if test $ac_cv_type_u_int32_t = no; then - cat >> confdefs.h <<\EOF -#define u_int32_t u_int -EOF - -fi - - -rm -f os-proto.h - if test "${LBL_CFLAGS+set}" = set; then - V_CCOPT="$V_CCOPT ${LBL_CFLAGS}" - fi - if test -f .devel ; then - if test "$GCC" = yes ; then - if test "$SHLICC2" = yes ; then - ac_cv_lbl_gcc_vers=2 - V_CCOPT="`echo $V_CCOPT | sed -e 's/-O/-O2/'`" - else - echo $ac_n "checking gcc version""... $ac_c" 1>&6 -echo "configure:1502: checking gcc version" >&5 - if eval "test \"`echo '$''{'ac_cv_lbl_gcc_vers'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - ac_cv_lbl_gcc_vers=`$CC --version 2>&1 | \ - sed -e 's/\..*//'` -fi - - echo "$ac_t""$ac_cv_lbl_gcc_vers" 1>&6 - if test $ac_cv_lbl_gcc_vers -gt 1 ; then - V_CCOPT="`echo $V_CCOPT | sed -e 's/-O/-O2/'`" - fi - fi - if test "${LBL_CFLAGS+set}" != set; then - if test "$ac_cv_prog_cc_g" = yes ; then - V_CCOPT="-g $V_CCOPT" - fi - V_CCOPT="$V_CCOPT -Wall" - if test $ac_cv_lbl_gcc_vers -gt 1 ; then - V_CCOPT="$V_CCOPT -Wmissing-prototypes -Wstrict-prototypes" - fi - fi - else - case "$target_os" in - - irix6*) - V_CCOPT="$V_CCOPT -fullwarn -n32" - ;; - - *) - ;; - esac - fi - os=`echo $target_os | sed -e 's/\([0-9][0-9]*\)[^0-9].*$/\1/'` - name="lbl/os-$os.h" - if test -f $name ; then - ln -s $name os-proto.h - cat >> confdefs.h <<\EOF -#define HAVE_OS_PROTO_H 1 -EOF - - else - echo "configure: warning: can't find $name" 1>&2 - fi - fi - -if test -r lbl/gnuc.h ; then - rm -f gnuc.h - ln -s lbl/gnuc.h gnuc.h -fi - - - - -# Find a good install program. We prefer a C program (faster), -# so one script is as good as another. But avoid the broken or -# incompatible versions: -# SysV /etc/install, /usr/sbin/install -# SunOS /usr/etc/install -# IRIX /sbin/install -# AIX /bin/install -# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag -# AFS /usr/afsws/bin/install, which mishandles nonexistent args -# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" -# ./install, which can be erroneously created by make from ./install.sh. -echo $ac_n "checking for a BSD compatible install""... $ac_c" 1>&6 -echo "configure:1568: checking for a BSD compatible install" >&5 -if test -z "$INSTALL"; then -if eval "test \"`echo '$''{'ac_cv_path_install'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - IFS="${IFS= }"; ac_save_IFS="$IFS"; IFS=":" - for ac_dir in $PATH; do - # Account for people who put trailing slashes in PATH elements. - case "$ac_dir/" in - /|./|.//|/etc/*|/usr/sbin/*|/usr/etc/*|/sbin/*|/usr/afsws/bin/*|/usr/ucb/*) ;; - *) - # OSF1 and SCO ODT 3.0 have their own names for install. - # Don't use installbsd from OSF since it installs stuff as root - # by default. - for ac_prog in ginstall scoinst install; do - if test -f $ac_dir/$ac_prog; then - if test $ac_prog = install && - grep dspmsg $ac_dir/$ac_prog >/dev/null 2>&1; then - # AIX install. It has an incompatible calling convention. - : - else - ac_cv_path_install="$ac_dir/$ac_prog -c" - break 2 - fi - fi - done - ;; - esac - done - IFS="$ac_save_IFS" - -fi - if test "${ac_cv_path_install+set}" = set; then - INSTALL="$ac_cv_path_install" - else - # As a last resort, use the slow shell script. We don't cache a - # path for INSTALL within a source directory, because that will - # break other packages using the cache if that directory is - # removed, or if the path is relative. - INSTALL="$ac_install_sh" - fi -fi -echo "$ac_t""$INSTALL" 1>&6 - -# Use test -z because SunOS4 sh mishandles braces in ${var-val}. -# It thinks the first close brace ends the variable substitution. -test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' - -test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL_PROGRAM}' - -test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' - - -trap '' 1 2 15 -cat > confcache <<\EOF -# This file is a shell script that caches the results of configure -# tests run on this system so they can be shared between configure -# scripts and configure runs. It is not useful on other systems. -# If it contains results you don't want to keep, you may remove or edit it. -# -# By default, configure uses ./config.cache as the cache file, -# creating it if it does not exist already. You can give configure -# the --cache-file=FILE option to use a different cache file; that is -# what configure does when it calls configure scripts in -# subdirectories, so they share the cache. -# Giving --cache-file=/dev/null disables caching, for debugging configure. -# config.status only pays attention to the cache file if you give it the -# --recheck option to rerun configure. -# -EOF -# The following way of writing the cache mishandles newlines in values, -# but we know of no workaround that is simple, portable, and efficient. -# So, don't put newlines in cache variables' values. -# Ultrix sh set writes to stderr and can't be redirected directly, -# and sets the high bit in the cache file unless we assign to the vars. -(set) 2>&1 | - case `(ac_space=' '; set | grep ac_space) 2>&1` in - *ac_space=\ *) - # `set' does not quote correctly, so add quotes (double-quote substitution - # turns \\\\ into \\, and sed turns \\ into \). - sed -n \ - -e "s/'/'\\\\''/g" \ - -e "s/^\\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\\)=\\(.*\\)/\\1=\${\\1='\\2'}/p" - ;; - *) - # `set' quotes correctly as required by POSIX, so do not add quotes. - sed -n -e 's/^\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\)=\(.*\)/\1=${\1=\2}/p' - ;; - esac >> confcache -if cmp -s $cache_file confcache; then - : -else - if test -w $cache_file; then - echo "updating cache $cache_file" - cat confcache > $cache_file - else - echo "not updating unwritable cache $cache_file" - fi -fi -rm -f confcache - -trap 'rm -fr conftest* confdefs* core core.* *.core $ac_clean_files; exit 1' 1 2 15 - -test "x$prefix" = xNONE && prefix=$ac_default_prefix -# Let make expand exec_prefix. -test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' - -# Any assignment to VPATH causes Sun make to only execute -# the first set of double-colon rules, so remove it if not needed. -# If there is a colon in the path, we need to keep it. -if test "x$srcdir" = x.; then - ac_vpsub='/^[ ]*VPATH[ ]*=[^:]*$/d' -fi - -trap 'rm -f $CONFIG_STATUS conftest*; exit 1' 1 2 15 - -# Transform confdefs.h into DEFS. -# Protect against shell expansion while executing Makefile rules. -# Protect against Makefile macro expansion. -cat > conftest.defs <<\EOF -s%#define \([A-Za-z_][A-Za-z0-9_]*\) *\(.*\)%-D\1=\2%g -s%[ `~#$^&*(){}\\|;'"<>?]%\\&%g -s%\[%\\&%g -s%\]%\\&%g -s%\$%$$%g -EOF -DEFS=`sed -f conftest.defs confdefs.h | tr '\012' ' '` -rm -f conftest.defs - - -# Without the "./", some shells look in PATH for config.status. -: ${CONFIG_STATUS=./config.status} - -echo creating $CONFIG_STATUS -rm -f $CONFIG_STATUS -cat > $CONFIG_STATUS </dev/null | sed 1q`: -# -# $0 $ac_configure_args -# -# Compiler output produced by configure, useful for debugging -# configure, is in ./config.log if it exists. - -ac_cs_usage="Usage: $CONFIG_STATUS [--recheck] [--version] [--help]" -for ac_option -do - case "\$ac_option" in - -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) - echo "running \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion" - exec \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion ;; - -version | --version | --versio | --versi | --vers | --ver | --ve | --v) - echo "$CONFIG_STATUS generated by autoconf version 2.13" - exit 0 ;; - -help | --help | --hel | --he | --h) - echo "\$ac_cs_usage"; exit 0 ;; - *) echo "\$ac_cs_usage"; exit 1 ;; - esac -done - -ac_given_srcdir=$srcdir -ac_given_INSTALL="$INSTALL" - -trap 'rm -fr `echo "Makefile" | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15 -EOF -cat >> $CONFIG_STATUS < conftest.subs <<\\CEOF -$ac_vpsub -$extrasub -s%@SHELL@%$SHELL%g -s%@CFLAGS@%$CFLAGS%g -s%@CPPFLAGS@%$CPPFLAGS%g -s%@CXXFLAGS@%$CXXFLAGS%g -s%@FFLAGS@%$FFLAGS%g -s%@DEFS@%$DEFS%g -s%@LDFLAGS@%$LDFLAGS%g -s%@LIBS@%$LIBS%g -s%@exec_prefix@%$exec_prefix%g -s%@prefix@%$prefix%g -s%@program_transform_name@%$program_transform_name%g -s%@bindir@%$bindir%g -s%@sbindir@%$sbindir%g -s%@libexecdir@%$libexecdir%g -s%@datadir@%$datadir%g -s%@sysconfdir@%$sysconfdir%g -s%@sharedstatedir@%$sharedstatedir%g -s%@localstatedir@%$localstatedir%g -s%@libdir@%$libdir%g -s%@includedir@%$includedir%g -s%@oldincludedir@%$oldincludedir%g -s%@infodir@%$infodir%g -s%@mandir@%$mandir%g -s%@host@%$host%g -s%@host_alias@%$host_alias%g -s%@host_cpu@%$host_cpu%g -s%@host_vendor@%$host_vendor%g -s%@host_os@%$host_os%g -s%@target@%$target%g -s%@target_alias@%$target_alias%g -s%@target_cpu@%$target_cpu%g -s%@target_vendor@%$target_vendor%g -s%@target_os@%$target_os%g -s%@build@%$build%g -s%@build_alias@%$build_alias%g -s%@build_cpu@%$build_cpu%g -s%@build_vendor@%$build_vendor%g -s%@build_os@%$build_os%g -s%@SHLICC2@%$SHLICC2%g -s%@CC@%$CC%g -s%@CPP@%$CPP%g -s%@LIBOBJS@%$LIBOBJS%g -s%@V_CCOPT@%$V_CCOPT%g -s%@V_INCLS@%$V_INCLS%g -s%@INSTALL_PROGRAM@%$INSTALL_PROGRAM%g -s%@INSTALL_SCRIPT@%$INSTALL_SCRIPT%g -s%@INSTALL_DATA@%$INSTALL_DATA%g - -CEOF -EOF - -cat >> $CONFIG_STATUS <<\EOF - -# Split the substitutions into bite-sized pieces for seds with -# small command number limits, like on Digital OSF/1 and HP-UX. -ac_max_sed_cmds=90 # Maximum number of lines to put in a sed script. -ac_file=1 # Number of current file. -ac_beg=1 # First line for current file. -ac_end=$ac_max_sed_cmds # Line after last line for current file. -ac_more_lines=: -ac_sed_cmds="" -while $ac_more_lines; do - if test $ac_beg -gt 1; then - sed "1,${ac_beg}d; ${ac_end}q" conftest.subs > conftest.s$ac_file - else - sed "${ac_end}q" conftest.subs > conftest.s$ac_file - fi - if test ! -s conftest.s$ac_file; then - ac_more_lines=false - rm -f conftest.s$ac_file - else - if test -z "$ac_sed_cmds"; then - ac_sed_cmds="sed -f conftest.s$ac_file" - else - ac_sed_cmds="$ac_sed_cmds | sed -f conftest.s$ac_file" - fi - ac_file=`expr $ac_file + 1` - ac_beg=$ac_end - ac_end=`expr $ac_end + $ac_max_sed_cmds` - fi -done -if test -z "$ac_sed_cmds"; then - ac_sed_cmds=cat -fi -EOF - -cat >> $CONFIG_STATUS <> $CONFIG_STATUS <<\EOF -for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then - # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". - case "$ac_file" in - *:*) ac_file_in=`echo "$ac_file"|sed 's%[^:]*:%%'` - ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;; - *) ac_file_in="${ac_file}.in" ;; - esac - - # Adjust a relative srcdir, top_srcdir, and INSTALL for subdirectories. - - # Remove last slash and all that follows it. Not all systems have dirname. - ac_dir=`echo $ac_file|sed 's%/[^/][^/]*$%%'` - if test "$ac_dir" != "$ac_file" && test "$ac_dir" != .; then - # The file is in a subdirectory. - test ! -d "$ac_dir" && mkdir "$ac_dir" - ac_dir_suffix="/`echo $ac_dir|sed 's%^\./%%'`" - # A "../" for each directory in $ac_dir_suffix. - ac_dots=`echo $ac_dir_suffix|sed 's%/[^/]*%../%g'` - else - ac_dir_suffix= ac_dots= - fi - - case "$ac_given_srcdir" in - .) srcdir=. - if test -z "$ac_dots"; then top_srcdir=. - else top_srcdir=`echo $ac_dots|sed 's%/$%%'`; fi ;; - /*) srcdir="$ac_given_srcdir$ac_dir_suffix"; top_srcdir="$ac_given_srcdir" ;; - *) # Relative path. - srcdir="$ac_dots$ac_given_srcdir$ac_dir_suffix" - top_srcdir="$ac_dots$ac_given_srcdir" ;; - esac - - case "$ac_given_INSTALL" in - [/$]*) INSTALL="$ac_given_INSTALL" ;; - *) INSTALL="$ac_dots$ac_given_INSTALL" ;; - esac - - echo creating "$ac_file" - rm -f "$ac_file" - configure_input="Generated automatically from `echo $ac_file_in|sed 's%.*/%%'` by configure." - case "$ac_file" in - *Makefile*) ac_comsub="1i\\ -# $configure_input" ;; - *) ac_comsub= ;; - esac - - ac_file_inputs=`echo $ac_file_in|sed -e "s%^%$ac_given_srcdir/%" -e "s%:% $ac_given_srcdir/%g"` - sed -e "$ac_comsub -s%@configure_input@%$configure_input%g -s%@srcdir@%$srcdir%g -s%@top_srcdir@%$top_srcdir%g -s%@INSTALL@%$INSTALL%g -" $ac_file_inputs | (eval "$ac_sed_cmds") > $ac_file -fi; done -rm -f conftest.s* - -EOF -cat >> $CONFIG_STATUS <> $CONFIG_STATUS <<\EOF - -exit 0 -EOF -chmod +x $CONFIG_STATUS -rm -fr confdefs* $ac_clean_files -test "$no_create" = yes || ${CONFIG_SHELL-/bin/sh} $CONFIG_STATUS || exit 1 - - -if test -f .devel ; then - make depend -fi -exit 0 diff --git a/contrib/nslint-2.1a3/configure.in b/contrib/nslint-2.1a3/configure.in deleted file mode 100644 index 2bbb61450f..0000000000 --- a/contrib/nslint-2.1a3/configure.in +++ /dev/null @@ -1,47 +0,0 @@ -dnl @(#) $Header: /u0/home/explorer/proj/ISC/git-conversion/cvsroot/bind9/contrib/nslint-2.1a3/configure.in,v 1.1 2001/12/21 04:12:03 marka Exp $ (LBL) -dnl -dnl Copyright (c) 1995, 1996, 1997 -dnl The Regents of the University of California. All rights reserved. -dnl -dnl Process this file with autoconf to produce a configure script. -dnl - -AC_INIT(nslint.c) - -AC_CANONICAL_SYSTEM - -umask 002 - -if test -z "$PWD" ; then - PWD=`pwd` -fi - -AC_LBL_C_INIT(V_CCOPT, V_INCLS) - -AC_CHECK_HEADERS(fcntl.h malloc.h memory.h) - -AC_REPLACE_FUNCS(strerror) -AC_CHECK_LIB(nsl, main) -AC_CHECK_LIB(socket, main) - -AC_CHECK_TYPE(int32_t, int) -AC_CHECK_TYPE(u_int32_t, u_int) - -AC_LBL_DEVEL(V_CCOPT) - -if test -r lbl/gnuc.h ; then - rm -f gnuc.h - ln -s lbl/gnuc.h gnuc.h -fi - -AC_SUBST(V_CCOPT) -AC_SUBST(V_INCLS) - -AC_PROG_INSTALL - -AC_OUTPUT(Makefile) - -if test -f .devel ; then - make depend -fi -exit 0 diff --git a/contrib/nslint-2.1a3/install-sh b/contrib/nslint-2.1a3/install-sh deleted file mode 100644 index ebc66913e9..0000000000 --- a/contrib/nslint-2.1a3/install-sh +++ /dev/null @@ -1,250 +0,0 @@ -#! /bin/sh -# -# install - install a program, script, or datafile -# This comes from X11R5 (mit/util/scripts/install.sh). -# -# Copyright 1991 by the Massachusetts Institute of Technology -# -# Permission to use, copy, modify, distribute, and sell this software and its -# documentation for any purpose is hereby granted without fee, provided that -# the above copyright notice appear in all copies and that both that -# copyright notice and this permission notice appear in supporting -# documentation, and that the name of M.I.T. not be used in advertising or -# publicity pertaining to distribution of the software without specific, -# written prior permission. M.I.T. makes no representations about the -# suitability of this software for any purpose. It is provided "as is" -# without express or implied warranty. -# -# Calling this script install-sh is preferred over install.sh, to prevent -# `make' implicit rules from creating a file called install from it -# when there is no Makefile. -# -# This script is compatible with the BSD install script, but was written -# from scratch. It can only install one file at a time, a restriction -# shared with many OS's install programs. - - -# set DOITPROG to echo to test this script - -# Don't use :- since 4.3BSD and earlier shells don't like it. -doit="${DOITPROG-}" - - -# put in absolute paths if you don't have them in your path; or use env. vars. - -mvprog="${MVPROG-mv}" -cpprog="${CPPROG-cp}" -chmodprog="${CHMODPROG-chmod}" -chownprog="${CHOWNPROG-chown}" -chgrpprog="${CHGRPPROG-chgrp}" -stripprog="${STRIPPROG-strip}" -rmprog="${RMPROG-rm}" -mkdirprog="${MKDIRPROG-mkdir}" - -transformbasename="" -transform_arg="" -instcmd="$mvprog" -chmodcmd="$chmodprog 0755" -chowncmd="" -chgrpcmd="" -stripcmd="" -rmcmd="$rmprog -f" -mvcmd="$mvprog" -src="" -dst="" -dir_arg="" - -while [ x"$1" != x ]; do - case $1 in - -c) instcmd="$cpprog" - shift - continue;; - - -d) dir_arg=true - shift - continue;; - - -m) chmodcmd="$chmodprog $2" - shift - shift - continue;; - - -o) chowncmd="$chownprog $2" - shift - shift - continue;; - - -g) chgrpcmd="$chgrpprog $2" - shift - shift - continue;; - - -s) stripcmd="$stripprog" - shift - continue;; - - -t=*) transformarg=`echo $1 | sed 's/-t=//'` - shift - continue;; - - -b=*) transformbasename=`echo $1 | sed 's/-b=//'` - shift - continue;; - - *) if [ x"$src" = x ] - then - src=$1 - else - # this colon is to work around a 386BSD /bin/sh bug - : - dst=$1 - fi - shift - continue;; - esac -done - -if [ x"$src" = x ] -then - echo "install: no input file specified" - exit 1 -else - true -fi - -if [ x"$dir_arg" != x ]; then - dst=$src - src="" - - if [ -d $dst ]; then - instcmd=: - else - instcmd=mkdir - fi -else - -# Waiting for this to be detected by the "$instcmd $src $dsttmp" command -# might cause directories to be created, which would be especially bad -# if $src (and thus $dsttmp) contains '*'. - - if [ -f $src -o -d $src ] - then - true - else - echo "install: $src does not exist" - exit 1 - fi - - if [ x"$dst" = x ] - then - echo "install: no destination specified" - exit 1 - else - true - fi - -# If destination is a directory, append the input filename; if your system -# does not like double slashes in filenames, you may need to add some logic - - if [ -d $dst ] - then - dst="$dst"/`basename $src` - else - true - fi -fi - -## this sed command emulates the dirname command -dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'` - -# Make sure that the destination directory exists. -# this part is taken from Noah Friedman's mkinstalldirs script - -# Skip lots of stat calls in the usual case. -if [ ! -d "$dstdir" ]; then -defaultIFS=' -' -IFS="${IFS-${defaultIFS}}" - -oIFS="${IFS}" -# Some sh's can't handle IFS=/ for some reason. -IFS='%' -set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'` -IFS="${oIFS}" - -pathcomp='' - -while [ $# -ne 0 ] ; do - pathcomp="${pathcomp}${1}" - shift - - if [ ! -d "${pathcomp}" ] ; - then - $mkdirprog "${pathcomp}" - else - true - fi - - pathcomp="${pathcomp}/" -done -fi - -if [ x"$dir_arg" != x ] -then - $doit $instcmd $dst && - - if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi && - if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi && - if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi && - if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi -else - -# If we're going to rename the final executable, determine the name now. - - if [ x"$transformarg" = x ] - then - dstfile=`basename $dst` - else - dstfile=`basename $dst $transformbasename | - sed $transformarg`$transformbasename - fi - -# don't allow the sed command to completely eliminate the filename - - if [ x"$dstfile" = x ] - then - dstfile=`basename $dst` - else - true - fi - -# Make a temp file name in the proper directory. - - dsttmp=$dstdir/#inst.$$# - -# Move or copy the file name to the temp name - - $doit $instcmd $src $dsttmp && - - trap "rm -f ${dsttmp}" 0 && - -# and set any options; do chmod last to preserve setuid bits - -# If any of these fail, we abort the whole thing. If we want to -# ignore errors from any of these, just make sure not to ignore -# errors from the above "$doit $instcmd $src $dsttmp" command. - - if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi && - if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi && - if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi && - if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi && - -# Now rename the file to the real destination. - - $doit $rmcmd -f $dstdir/$dstfile && - $doit $mvcmd $dsttmp $dstdir/$dstfile - -fi && - - -exit 0 diff --git a/contrib/nslint-2.1a3/lbl/os-irix5.h b/contrib/nslint-2.1a3/lbl/os-irix5.h deleted file mode 100644 index 238bdd8079..0000000000 --- a/contrib/nslint-2.1a3/lbl/os-irix5.h +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright (c) 1994, 1995, 1996 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that: (1) source code distributions - * retain the above copyright notice and this paragraph in its entirety, (2) - * distributions including binary code include the above copyright notice and - * this paragraph in its entirety in the documentation or other materials - * provided with the distribution, and (3) all advertising materials mentioning - * features or use of this software display the following acknowledgement: - * ``This product includes software developed by the University of California, - * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of - * the University nor the names of its contributors may be used to endorse - * or promote products derived from this software without specific prior - * written permission. - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. - * - * @(#) $Header: /u0/home/explorer/proj/ISC/git-conversion/cvsroot/bind9/contrib/nslint-2.1a3/lbl/os-irix5.h,v 1.1 2001/12/21 04:12:05 marka Exp $ (LBL) - */ - -/* Prototypes missing in IRIX 5 */ -#ifdef __STDC__ -struct ether_addr; -#endif -int ether_hostton(char *, struct ether_addr *); -char *ether_ntoa(struct ether_addr *); -#ifdef __STDC__ -struct utmp; -#endif -void login(struct utmp *); -int setenv(const char *, const char *, int); -int sigblock(int); -int sigsetmask(int); -int snprintf(char *, size_t, const char *, ...); -time_t time(time_t *); diff --git a/contrib/nslint-2.1a3/lbl/os-osf3.h b/contrib/nslint-2.1a3/lbl/os-osf3.h deleted file mode 100644 index b3f19649c1..0000000000 --- a/contrib/nslint-2.1a3/lbl/os-osf3.h +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Copyright (c) 1995, 1996 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that: (1) source code distributions - * retain the above copyright notice and this paragraph in its entirety, (2) - * distributions including binary code include the above copyright notice and - * this paragraph in its entirety in the documentation or other materials - * provided with the distribution, and (3) all advertising materials mentioning - * features or use of this software display the following acknowledgement: - * ``This product includes software developed by the University of California, - * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of - * the University nor the names of its contributors may be used to endorse - * or promote products derived from this software without specific prior - * written permission. - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. - * - * @(#) $Header: /u0/home/explorer/proj/ISC/git-conversion/cvsroot/bind9/contrib/nslint-2.1a3/lbl/os-osf3.h,v 1.1 2001/12/21 04:12:05 marka Exp $ (LBL) - */ - -/* Prototypes missing in osf3 */ -int flock(int, int); -int ioctl(int, int, caddr_t); -int iruserok(u_int, int, char *, char *); -int pfopen(char *, int); -int rcmd(char **, u_short, const char *, const char *, const char *, int *); -int rresvport(int *); -int snprintf(char *, size_t, const char *, ...); -void sync(void); diff --git a/contrib/nslint-2.1a3/lbl/os-solaris2.h b/contrib/nslint-2.1a3/lbl/os-solaris2.h deleted file mode 100644 index ba91e71235..0000000000 --- a/contrib/nslint-2.1a3/lbl/os-solaris2.h +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright (c) 1993, 1994, 1995, 1996, 1997, 2000 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that: (1) source code distributions - * retain the above copyright notice and this paragraph in its entirety, (2) - * distributions including binary code include the above copyright notice and - * this paragraph in its entirety in the documentation or other materials - * provided with the distribution, and (3) all advertising materials mentioning - * features or use of this software display the following acknowledgement: - * ``This product includes software developed by the University of California, - * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of - * the University nor the names of its contributors may be used to endorse - * or promote products derived from this software without specific prior - * written permission. - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. - * - * @(#) $Id: os-solaris2.h,v 1.1 2001/12/21 04:12:05 marka Exp $ (LBL) - */ - -/* Prototypes missing in SunOS 5 */ -int daemon(int, int); -int dn_expand(const u_char *, const u_char *, const u_char *, char *, int); -int dn_skipname(const u_char *, const u_char *); -int flock(int, int); -int getdtablesize(void); -int gethostname(char *, int); -int getpagesize(void); -char *getusershell(void); -char *getwd(char *); -int iruserok(u_int, int, char *, char *); -#ifdef __STDC__ -struct utmp; -void login(struct utmp *); -#endif -int logout(const char *); -int res_query(const char *, int, int, u_char *, int); -int setenv(const char *, const char *, int); -#if defined(_STDIO_H) && defined(HAVE_SETLINEBUF) -int setlinebuf(FILE *); -#endif -int sigblock(int); -int sigsetmask(int); -char *strerror(int); -int snprintf(char *, size_t, const char *, ...); -int strcasecmp(const char *, const char *); -void unsetenv(const char *); diff --git a/contrib/nslint-2.1a3/lbl/os-sunos4.h b/contrib/nslint-2.1a3/lbl/os-sunos4.h deleted file mode 100644 index 47b022a89a..0000000000 --- a/contrib/nslint-2.1a3/lbl/os-sunos4.h +++ /dev/null @@ -1,215 +0,0 @@ -/* - * Copyright (c) 1989, 1990, 1993, 1994, 1995, 1996 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that: (1) source code distributions - * retain the above copyright notice and this paragraph in its entirety, (2) - * distributions including binary code include the above copyright notice and - * this paragraph in its entirety in the documentation or other materials - * provided with the distribution, and (3) all advertising materials mentioning - * features or use of this software display the following acknowledgement: - * ``This product includes software developed by the University of California, - * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of - * the University nor the names of its contributors may be used to endorse - * or promote products derived from this software without specific prior - * written permission. - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. - * - * @(#) $Header: /u0/home/explorer/proj/ISC/git-conversion/cvsroot/bind9/contrib/nslint-2.1a3/lbl/os-sunos4.h,v 1.1 2001/12/21 04:12:05 marka Exp $ (LBL) - */ - -/* Prototypes missing in SunOS 4 */ -#ifdef FILE -int _filbuf(FILE *); -int _flsbuf(u_char, FILE *); -int fclose(FILE *); -int fflush(FILE *); -int fgetc(FILE *); -int fprintf(FILE *, const char *, ...); -int fputc(int, FILE *); -int fputs(const char *, FILE *); -u_int fread(void *, u_int, u_int, FILE *); -int fseek(FILE *, long, int); -u_int fwrite(const void *, u_int, u_int, FILE *); -int pclose(FILE *); -void rewind(FILE *); -void setbuf(FILE *, char *); -int setlinebuf(FILE *); -int ungetc(int, FILE *); -int vfprintf(FILE *, const char *, ...); -int vprintf(const char *, ...); -#endif - -#if __GNUC__ <= 1 -int read(int, char *, u_int); -int write(int, char *, u_int); -#endif - -long a64l(const char *); -#ifdef __STDC__ -struct sockaddr; -#endif -int accept(int, struct sockaddr *, int *); -int bind(int, struct sockaddr *, int); -int bcmp(const void *, const void *, u_int); -void bcopy(const void *, void *, u_int); -void bzero(void *, int); -int chroot(const char *); -int close(int); -void closelog(void); -int connect(int, struct sockaddr *, int); -char *crypt(const char *, const char *); -int daemon(int, int); -int fchmod(int, int); -int fchown(int, int, int); -void endgrent(void); -void endpwent(void); -void endservent(void); -#ifdef __STDC__ -struct ether_addr; -#endif -struct ether_addr *ether_aton(const char *); -int flock(int, int); -#ifdef __STDC__ -struct stat; -#endif -int fstat(int, struct stat *); -#ifdef __STDC__ -struct statfs; -#endif -int fstatfs(int, struct statfs *); -int fsync(int); -#ifdef __STDC__ -struct timeb; -#endif -int ftime(struct timeb *); -int ftruncate(int, off_t); -int getdtablesize(void); -long gethostid(void); -int gethostname(char *, int); -int getopt(int, char * const *, const char *); -int getpagesize(void); -char *getpass(char *); -int getpeername(int, struct sockaddr *, int *); -int getpriority(int, int); -#ifdef __STDC__ -struct rlimit; -#endif -int getrlimit(int, struct rlimit *); -int getsockname(int, struct sockaddr *, int *); -int getsockopt(int, int, int, char *, int *); -#ifdef __STDC__ -struct timeval; -struct timezone; -#endif -int gettimeofday(struct timeval *, struct timezone *); -char *getusershell(void); -char *getwd(char *); -int initgroups(const char *, int); -int ioctl(int, int, caddr_t); -int iruserok(u_long, int, char *, char *); -int isatty(int); -int killpg(int, int); -int listen(int, int); -#ifdef __STDC__ -struct utmp; -#endif -void login(struct utmp *); -int logout(const char *); -off_t lseek(int, off_t, int); -int lstat(const char *, struct stat *); -int mkstemp(char *); -char *mktemp(char *); -int munmap(caddr_t, int); -void openlog(const char *, int, int); -void perror(const char *); -int printf(const char *, ...); -int puts(const char *); -long random(void); -int readlink(const char *, char *, int); -#ifdef __STDC__ -struct iovec; -#endif -int readv(int, struct iovec *, int); -int recv(int, char *, u_int, int); -int recvfrom(int, char *, u_int, int, struct sockaddr *, int *); -int rename(const char *, const char *); -int rcmd(char **, u_short, char *, char *, char *, int *); -int rresvport(int *); -int send(int, char *, u_int, int); -int sendto(int, char *, u_int, int, struct sockaddr *, int); -int setenv(const char *, const char *, int); -int seteuid(int); -int setpriority(int, int, int); -int select(int, fd_set *, fd_set *, fd_set *, struct timeval *); -int setpgrp(int, int); -void setpwent(void); -int setrlimit(int, struct rlimit *); -void setservent(int); -int setsockopt(int, int, int, char *, int); -int shutdown(int, int); -int sigblock(int); -void (*signal (int, void (*) (int))) (int); -int sigpause(int); -int sigsetmask(int); -#ifdef __STDC__ -struct sigvec; -#endif -int sigvec(int, struct sigvec *, struct sigvec*); -int snprintf(char *, size_t, const char *, ...); -int socket(int, int, int); -int socketpair(int, int, int, int *); -int symlink(const char *, const char *); -void srandom(int); -int sscanf(char *, const char *, ...); -int stat(const char *, struct stat *); -int statfs(char *, struct statfs *); -char *strerror(int); -int strcasecmp(const char *, const char *); -#ifdef __STDC__ -struct tm; -#endif -int strftime(char *, int, char *, struct tm *); -int strncasecmp(const char *, const char *, int); -long strtol(const char *, char **, int); -void sync(void); -void syslog(int, const char *, ...); -int system(const char *); -long tell(int); -time_t time(time_t *); -char *timezone(int, int); -int tolower(int); -int toupper(int); -int truncate(char *, off_t); -void unsetenv(const char *); -int vfork(void); -int vsprintf(char *, const char *, ...); -int writev(int, struct iovec *, int); -#ifdef __STDC__ -struct rusage; -#endif -int utimes(const char *, struct timeval *); -#if __GNUC__ <= 1 -int wait(int *); -pid_t wait3(int *, int, struct rusage *); -#endif - -/* Ugly signal hacking */ -#ifdef SIG_ERR -#undef SIG_ERR -#define SIG_ERR (void (*)(int))-1 -#undef SIG_DFL -#define SIG_DFL (void (*)(int))0 -#undef SIG_IGN -#define SIG_IGN (void (*)(int))1 - -#ifdef KERNEL -#undef SIG_CATCH -#define SIG_CATCH (void (*)(int))2 -#endif -#undef SIG_HOLD -#define SIG_HOLD (void (*)(int))3 -#endif diff --git a/contrib/nslint-2.1a3/lbl/os-ultrix4.h b/contrib/nslint-2.1a3/lbl/os-ultrix4.h deleted file mode 100644 index f1ad7078bb..0000000000 --- a/contrib/nslint-2.1a3/lbl/os-ultrix4.h +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Copyright (c) 1990, 1993, 1994, 1995, 1996 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that: (1) source code distributions - * retain the above copyright notice and this paragraph in its entirety, (2) - * distributions including binary code include the above copyright notice and - * this paragraph in its entirety in the documentation or other materials - * provided with the distribution, and (3) all advertising materials mentioning - * features or use of this software display the following acknowledgement: - * ``This product includes software developed by the University of California, - * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of - * the University nor the names of its contributors may be used to endorse - * or promote products derived from this software without specific prior - * written permission. - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. - * - * @(#) $Header: /u0/home/explorer/proj/ISC/git-conversion/cvsroot/bind9/contrib/nslint-2.1a3/lbl/os-ultrix4.h,v 1.1 2001/12/21 04:12:05 marka Exp $ (LBL) - */ - -/* Prototypes missing in Ultrix 4 */ -int bcmp(const char *, const char *, u_int); -void bcopy(const void *, void *, u_int); -void bzero(void *, u_int); -void endservent(void); -int getopt(int, char * const *, const char *); -#ifdef __STDC__ -struct timeval; -struct timezone; -#endif -int gettimeofday(struct timeval *, struct timezone *); -int ioctl(int, int, caddr_t); -int pfopen(char *, int); -int setlinebuf(FILE *); -int socket(int, int, int); -int strcasecmp(const char *, const char *); diff --git a/contrib/nslint-2.1a3/CHANGES b/contrib/nslint-3.0a2/CHANGES similarity index 92% rename from contrib/nslint-2.1a3/CHANGES rename to contrib/nslint-3.0a2/CHANGES index c425e0171a..0e47d36f5f 100644 --- a/contrib/nslint-2.1a3/CHANGES +++ b/contrib/nslint-3.0a2/CHANGES @@ -1,6 +1,14 @@ -@(#) $Id: CHANGES,v 1.1 2001/12/21 04:12:02 marka Exp $ (LBL) +@(#) $Id: CHANGES 250 2009-10-16 23:26:47Z leres $ (LBL) -v2.1 Wed Aug 22 18:30:35 PDT 2001 +v3.0 Fri Oct 16 16:26:04 PDT 2009 + +- Add IPv6 support. + +v2.2 Fri Mar 13 22:29:52 PDT 2009 + +- Convert source tree to subversion + +v2.1 Fri Feb 15 20:45:01 PST 2008 - Handle "srv" records. @@ -8,6 +16,12 @@ v2.1 Wed Aug 22 18:30:35 PDT 2001 - Add "ignore" option +- Hack in support for "view" + +- Check for duplicate "cname" records. + +- Upgrade to autoconf 2.61 + v2.0.2 Tue Mar 20 17:49:13 PST 2001 - Allow missing trailing dot in certain special cases. @@ -16,6 +30,9 @@ v2.0.2 Tue Mar 20 17:49:13 PST 2001 - Document nslint.conf network keyword. +- Sort the network list so that we always pick the right network/mask + when the overlap. + v2.0.1 Tue Dec 14 11:24:31 PST 1999 - Handle $ttl. diff --git a/contrib/nslint-2.1a3/FILES b/contrib/nslint-3.0a2/FILES similarity index 69% rename from contrib/nslint-2.1a3/FILES rename to contrib/nslint-3.0a2/FILES index ddb8d44a68..376bdd39af 100644 --- a/contrib/nslint-2.1a3/FILES +++ b/contrib/nslint-3.0a2/FILES @@ -11,14 +11,10 @@ configure configure.in install-sh lbl/gnuc.h -lbl/os-irix5.h -lbl/os-osf3.h -lbl/os-solaris2.h -lbl/os-sunos4.h -lbl/os-ultrix4.h mkdep nslint.8 nslint.c savestr.c savestr.h strerror.c +version.h diff --git a/contrib/nslint-2.1a3/INSTALL b/contrib/nslint-3.0a2/INSTALL similarity index 88% rename from contrib/nslint-2.1a3/INSTALL rename to contrib/nslint-3.0a2/INSTALL index d451a976c2..d07822939f 100644 --- a/contrib/nslint-2.1a3/INSTALL +++ b/contrib/nslint-3.0a2/INSTALL @@ -1,4 +1,4 @@ -@(#) $Header: /u0/home/explorer/proj/ISC/git-conversion/cvsroot/bind9/contrib/nslint-2.1a3/INSTALL,v 1.1 2001/12/21 04:12:02 marka Exp $ (LBL) +@(#) $Id: INSTALL 238 2009-03-14 05:43:37Z leres $ (LBL) You will need an ANSI C compiler to build nslint. The configure script will abort if your compiler is not ANSI compliant. If this @@ -33,10 +33,10 @@ configure - configure script (run this first) configure.in - configure script source install-sh - BSD style install script lbl/gnuc.h - gcc macros and defines -lbl/os-*.h - os dependent defines and prototypes mkdep - construct Makefile dependency list nslint.8 - manual entry nslint.c - main program savestr.c - strdup() replacement savestr.h - savestr prototypes strerror.c - missing routine +version.h - prototypes, defines and struct definitions diff --git a/contrib/nslint-2.1a3/Makefile.in b/contrib/nslint-3.0a2/Makefile.in similarity index 74% rename from contrib/nslint-2.1a3/Makefile.in rename to contrib/nslint-3.0a2/Makefile.in index 60ed0173a4..0c265c75af 100644 --- a/contrib/nslint-2.1a3/Makefile.in +++ b/contrib/nslint-3.0a2/Makefile.in @@ -1,4 +1,4 @@ -# Copyright (c) 1992, 1993, 1994, 1995, 1996, 1997, 2000 +# Copyright (c) 1992, 1993, 1994, 1995, 1996, 1997, 2000, 2008, 2009 # The Regents of the University of California. All rights reserved. # # Redistribution and use in source and binary forms, with or without @@ -17,7 +17,7 @@ # WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. # -# @(#) $Id: Makefile.in,v 1.2 2004/07/20 07:13:40 marka Exp $ (LBL) +# @(#) $Id: Makefile.in 242 2009-10-14 08:30:03Z leres $ (LBL) # # Various configurable paths (remember to edit Makefile.in, not Makefile) @@ -29,7 +29,9 @@ exec_prefix = @exec_prefix@ # Pathname of directory to install the binary BINDEST = @bindir@ # Pathname of directory to install the man page -MANDEST = @mandir@ +MANDEST = @prefix@/man +# The root of the directory tree for read-only +datarootdir = @datarootdir@ # VPATH srcdir = @srcdir@ @@ -48,6 +50,9 @@ DEFS = @DEFS@ # Standard CFLAGS CFLAGS = $(CCOPT) $(DEFS) $(INCLS) +# Standard LDFLAGS +LDFLAGS = @LDFLAGS@ + # Standard LIBS LIBS = @LIBS@ @@ -65,9 +70,9 @@ GENSRC = version.c SRC = $(CSRC) $(GENSRC) -# We would like to say "OBJ = $(SRC:.c=.o)" but Ultrix's make cannot +# We would like to say "OBJS = $(SRC:.c=.o)" but Ultrix's make cannot # hack the extra indirection -OBJ = $(CSRC:.c=.o) $(GENSRC:.c=.o) @LIBOBJS@ +OBJS = $(CSRC:.c=.o) $(GENSRC:.c=.o) @LIBOBJS@ TAGHDR = \ /usr/include/sys/types.h \ @@ -75,11 +80,15 @@ TAGHDR = \ TAGFILES = $(SRC) $(TAGHDR) -CLEANFILES = $(PROG) $(OBJ) $(GENSRC) +CLEANFILES = $(PROG) $(OBJS) $(GENSRC) purify $(OBJS:.o=_pure_*.o) -$(PROG): $(OBJ) +$(PROG): $(OBJS) @rm -f $@ - $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(OBJ) $(LIBS) + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) + +purify: $(OBJS) + @rm -f $@ + purify $(CC) $(CFLAGS) $(LDFLAGS) -static -o purify $(OBJS) $(LIBS) version.o: version.c version.c: $(srcdir)/VERSION @@ -88,17 +97,15 @@ version.c: $(srcdir)/VERSION install: force $(INSTALL) -m 555 -o bin -g bin $(PROG) $(DESTDIR)$(BINDEST)/$(PROG) - -install-man: force - $(INSTALL) -m 444 -o bin -g bin $(srcdir)/$(PROG).8 \ - $(DESTDIR)$(MANDEST)/man8/$(PROG).8 + @diff $(srcdir)/$(PROG).8 $(DESTDIR)$(MANDEST)/man8 >/dev/null 2>&1 || \ + $(INSTALL) -m 444 -o bin -g bin $(srcdir)/$(PROG).8 $(DESTDIR)$(MANDEST)/man8/ clean: force rm -f $(CLEANFILES) distclean: force - rm -f $(CLEANFILES) Makefile config.cache config.log config.status \ - gnuc.h os-proto.h + rm -rf $(CLEANFILES) Makefile config.cache config.log config.status \ + gnuc.h os-proto.h autom4te.cache tags: $(TAGFILES) ctags -wtd $(TAGFILES) @@ -117,6 +124,12 @@ tar: force "rm -f $$name" ; \ rm -f $$name +sign: + @name=${PROG}-`cat VERSION`.tar.gz; \ + set -x; \ + rm -f $${name}.asc; \ + gpg --armor --detach-sign $${name} + force: /tmp depend: $(GENSRC) force ./mkdep -c $(CC) $(DEFS) $(INCLS) $(SRC) diff --git a/contrib/nslint-2.1a3/README b/contrib/nslint-3.0a2/README similarity index 81% rename from contrib/nslint-2.1a3/README rename to contrib/nslint-3.0a2/README index 39f0202a31..d1c9177fa9 100644 --- a/contrib/nslint-2.1a3/README +++ b/contrib/nslint-3.0a2/README @@ -1,4 +1,4 @@ -@(#) $Id: README,v 1.1 2001/12/21 04:12:02 marka Exp $ (LBL) +@(#) $Id: README 237 2009-03-14 05:38:15Z leres $ (LBL) NSLINT 2.0 Lawrence Berkeley National Laboratory diff --git a/contrib/nslint-3.0a2/VERSION b/contrib/nslint-3.0a2/VERSION new file mode 100644 index 0000000000..57af7a33a3 --- /dev/null +++ b/contrib/nslint-3.0a2/VERSION @@ -0,0 +1 @@ +3.0a2 diff --git a/contrib/nslint-2.1a3/aclocal.m4 b/contrib/nslint-3.0a2/aclocal.m4 similarity index 71% rename from contrib/nslint-2.1a3/aclocal.m4 rename to contrib/nslint-3.0a2/aclocal.m4 index a5e3035bfa..ceff7c4054 100644 --- a/contrib/nslint-2.1a3/aclocal.m4 +++ b/contrib/nslint-3.0a2/aclocal.m4 @@ -1,6 +1,6 @@ -dnl @(#) $Header: /u0/home/explorer/proj/ISC/git-conversion/cvsroot/bind9/contrib/nslint-2.1a3/aclocal.m4,v 1.1 2001/12/21 04:12:03 marka Exp $ (LBL) +dnl @(#) $Id: aclocal.m4 616 2009-10-10 00:08:08Z leres $ (LBL) dnl -dnl Copyright (c) 1995, 1996, 1997, 1998, 1999 +dnl Copyright (c) 2008, 2009 dnl The Regents of the University of California. All rights reserved. dnl dnl Redistribution and use in source and binary forms, with or without @@ -26,7 +26,7 @@ dnl dnl Determine which compiler we're using (cc or gcc) dnl If using gcc, determine the version number dnl If using cc, require that it support ansi prototypes -dnl If using gcc, use -O2 (otherwise use -O) +dnl If using gcc, use -O3 (otherwise use -O) dnl If using cc, explicitly specify /usr/local/include dnl dnl usage: @@ -38,23 +38,27 @@ dnl dnl $1 (copt set) dnl $2 (incls set) dnl CC -dnl LDFLAGS -dnl LBL_CFLAGS +dnl LDFLAGS set dnl AC_DEFUN(AC_LBL_C_INIT, [AC_PREREQ(2.12) + AC_ARG_ENABLE([optimization], + [AS_HELP_STRING([--disable-optimization], + [turn off gcc optimization])], + ac_cv_without_optimization=${withval}) AC_BEFORE([$0], [AC_PROG_CC]) AC_BEFORE([$0], [AC_LBL_FIXINCLUDES]) AC_BEFORE([$0], [AC_LBL_DEVEL]) AC_ARG_WITH(gcc, [ --without-gcc don't use gcc]) - $1="-O" + AC_USE_SYSTEM_EXTENSIONS + $1="" + if test "${ac_cv_without_optimization+set}" != set; then + $1="-O" + fi $2="" if test "${srcdir}" != "." ; then $2="-I\$\(srcdir\)" fi - if test "${CFLAGS+set}" = set; then - LBL_CFLAGS="$CFLAGS" - fi if test -z "$CC" ; then case "$target_os" in @@ -72,6 +76,7 @@ AC_DEFUN(AC_LBL_C_INIT, export CC fi AC_PROG_CC + AC_SYS_LARGEFILE if test "$GCC" != yes ; then AC_MSG_CHECKING(that $CC handles ansi prototypes) AC_CACHE_VAL(ac_cv_lbl_cc_ansi_prototypes, @@ -100,7 +105,7 @@ AC_DEFUN(AC_LBL_C_INIT, fi CFLAGS="$savedcflags" $1="-Aa $$1" - AC_DEFINE(_HPUX_SOURCE) + AC_DEFINE(_HPUX_SOURCE,,[HP-UX ansi compiler]) ;; *) @@ -132,13 +137,43 @@ AC_DEFUN(AC_LBL_C_INIT, ac_cv_lbl_cc_const_proto=no)) AC_MSG_RESULT($ac_cv_lbl_cc_const_proto) if test $ac_cv_lbl_cc_const_proto = no ; then - AC_DEFINE(const,) + AC_DEFINE(const,,[ultrix can't hack const]) fi ;; esac fi ]) +AC_LBL_ENABLE_CHECK(brov6 activemapping expire-dfa-states) +dnl +dnl This allows us to check for bogus configure enable/disable +dnl command line options +dnl +dnl usage: +dnl +dnl AC_LBL_ENABLE_CHECK(opt ...) +dnl +AC_DEFUN(AC_LBL_ENABLE_CHECK, + [set | + sed -n -e 's/^enable_\([[^=]]*\)=[[^=]]*$/\1/p' | + while read var; do + ok=0 + for o in $1; do + if test "${o}" = "${var}" ; then + ok=1 + break + fi + done + if test ${ok} -eq 0 ; then + # It's hard to kill configure script from subshell! + AC_MSG_ERROR(unknown enable option: ${var}) + exit 1 + fi + done + if test $? -ne 0 ; then + exit 1 + fi]) + dnl dnl Use pfopen.c if available and pfopen() not in standard libraries dnl Require libpcap @@ -191,13 +226,13 @@ AC_DEFUN(AC_LBL_LIBPCAP, done if test "x$libpcap" = xFAIL ; then AC_MSG_RESULT(not found) - unset ac_cv_lbl_lib_pcap_pcap_open_live_ - AC_LBL_CHECK_LIB(pcap, pcap_open_live, libpcap="-lpcap") + AC_CHECK_LIB(pcap, pcap_open_live, libpcap="-lpcap") + unset ac_cv_lib_pcap_pcap_open_live if test "x$libpcap" = xFAIL ; then - unset ac_cv_lbl_lib_pcap_pcap_open_live_ CFLAGS="$CFLAGS -I/usr/local/include" LIBS="$LIBS -L/usr/local/lib" - AC_LBL_CHECK_LIB(pcap, pcap_open_live, libpcap="-lpcap") + AC_CHECK_LIB(pcap, pcap_open_live, libpcap="-lpcap") + unset ac_cv_lib_pcap_pcap_open_live if test "x$libpcap" = xFAIL ; then AC_MSG_ERROR(see the INSTALL doc for more info) fi @@ -240,21 +275,21 @@ AC_DEFUN(AC_LBL_TYPE_SIGNAL, [AC_BEFORE([$0], [AC_LBL_LIBPCAP]) AC_TYPE_SIGNAL if test "$ac_cv_type_signal" = void ; then - AC_DEFINE(RETSIGVAL,) + AC_DEFINE(RETSIGVAL,,[signal function return value]) else AC_DEFINE(RETSIGVAL,(0)) fi case "$target_os" in irix*) - AC_DEFINE(_BSD_SIGNALS) + AC_DEFINE(_BSD_SIGNALS,,[irix's BSD style signals]) ;; *) dnl prefer sigset() to sigaction() AC_CHECK_FUNCS(sigset) if test $ac_cv_func_sigset = yes ; then - AC_DEFINE(signal,sigset) + AC_DEFINE(signal,sigset,[use sigset() instead of signal()]) else AC_CHECK_FUNCS(sigaction) fi @@ -397,17 +432,38 @@ dnl dnl HAVE_SOCKADDR_SA_LEN (defined) dnl AC_DEFUN(AC_LBL_SOCKADDR_SA_LEN, - [AC_MSG_CHECKING(if sockaddr struct has sa_len member) - AC_CACHE_VAL(ac_cv_lbl_sockaddr_has_sa_len, - AC_TRY_COMPILE([ + [AC_CHECK_MEMBERS(struct sockaddr.sa_len,,,[ # include -# include ], - [u_int i = sizeof(((struct sockaddr *)0)->sa_len)], - ac_cv_lbl_sockaddr_has_sa_len=yes, - ac_cv_lbl_sockaddr_has_sa_len=no)) - AC_MSG_RESULT($ac_cv_lbl_sockaddr_has_sa_len) - if test $ac_cv_lbl_sockaddr_has_sa_len = yes ; then - AC_DEFINE(HAVE_SOCKADDR_SA_LEN) +# include ])]) + +dnl +dnl Makes sure socklen_t is defined +dnl +dnl usage: +dnl +dnl AC_LBL_SOCKLEN_T +dnl +dnl results: +dnl +dnl socklen_t (defined if missing) +dnl +AC_DEFUN(AC_LBL_SOCKLEN_T, + [AC_MSG_CHECKING(for socklen_t in sys/socket.h using $CC) + AC_CACHE_VAL(ac_cv_lbl_socklen_t, + AC_TRY_COMPILE([ +# include "confdefs.h" +# include +# include +# if STDC_HEADERS +# include +# include +# endif], + [socklen_t i], + ac_cv_lbl_socklen_t=yes, + ac_cv_lbl_socklen_t=no)) + AC_MSG_RESULT($ac_cv_lbl_socklen_t) + if test $ac_cv_lbl_socklen_t = no ; then + AC_DEFINE(socklen_t, int, [Define socklen_t if missing]) fi]) dnl @@ -442,34 +498,9 @@ AC_DEFUN(AC_LBL_IFF_LOOPBACK, ac_cv_lbl_have_iff_loopback=no)) AC_MSG_RESULT($ac_cv_lbl_have_iff_loopback) if test $ac_cv_lbl_have_iff_loopback = yes ; then - AC_DEFINE(HAVE_IFF_LOOPBACK) + AC_DEFINE(HAVE_IFF_LOOPBACK,, [Have IFF_LOOPBACK define/enum]) fi]) -dnl -dnl Checks to see if -R is used -dnl -dnl usage: -dnl -dnl AC_LBL_HAVE_RUN_PATH -dnl -dnl results: -dnl -dnl ac_cv_lbl_have_run_path (yes or no) -dnl -AC_DEFUN(AC_LBL_HAVE_RUN_PATH, - [AC_MSG_CHECKING(for ${CC-cc} -R) - AC_CACHE_VAL(ac_cv_lbl_have_run_path, - [echo 'main(){}' > conftest.c - ${CC-cc} -o conftest conftest.c -R/a1/b2/c3 >conftest.out 2>&1 - if test ! -s conftest.out ; then - ac_cv_lbl_have_run_path=yes - else - ac_cv_lbl_have_run_path=no - fi - rm -f conftest*]) - AC_MSG_RESULT($ac_cv_lbl_have_run_path) - ]) - dnl dnl Due to the stupid way it's implemented, AC_CHECK_TYPE is nearly useless. dnl @@ -497,7 +528,7 @@ AC_DEFUN(AC_LBL_CHECK_TYPE, ac_cv_lbl_have_$1=no)) AC_MSG_RESULT($ac_cv_lbl_have_$1) if test $ac_cv_lbl_have_$1 = no ; then - AC_DEFINE($1, $2) + AC_DEFINE($1, $2, Define $1) fi]) dnl @@ -584,24 +615,27 @@ AC_DEFUN(AC_LBL_CHECK_WALL, [ if test "$GCC" = yes ; then if test "$SHLICC2" = yes ; then ac_cv_lbl_gcc_vers=2 - $1="`echo $$1 | sed -e 's/-O/-O2/'`" + $1="`echo $$1 | sed -e 's/-O/-O3/'`" else AC_MSG_CHECKING(gcc version) AC_CACHE_VAL(ac_cv_lbl_gcc_vers, - ac_cv_lbl_gcc_vers=`$CC --version 2>&1 | \ - sed -e 's/\..*//'`) + # Gag, the gcc folks keep changing the output... + # try to grab N.N.N + ac_cv_lbl_gcc_vers=`$CC --version 2>&1 | + sed -e '1!d' -e 's/[[[^0-9]]]*\([[[0-9]]][[[0-9]]]*\)\.[[[0-9\]]][[[0-9]]]*\.[[[0-9]]][[[0-9]]]*.*/\1/'`) AC_MSG_RESULT($ac_cv_lbl_gcc_vers) - if test $ac_cv_lbl_gcc_vers -gt 1 ; then - $1="`echo $$1 | sed -e 's/-O/-O2/'`" + if test "$ac_cv_lbl_gcc_vers" -gt 1 ; then + $1="`echo $$1 | sed -e 's/-O/-O3/'`" fi fi - if test "${LBL_CFLAGS+set}" != set; then - if test "$ac_cv_prog_cc_g" = yes ; then - $1="-g $$1" - fi - $1="$$1 -Wall" - if test $ac_cv_lbl_gcc_vers -gt 1 ; then - $1="$$1 -Wmissing-prototypes -Wstrict-prototypes" + if test "$ac_cv_prog_cc_g" = yes ; then + $1="-g $$1" + fi + $1="$$1 -Wall" + if test "$ac_cv_lbl_gcc_vers" -gt 1 ; then + $1="$$1 -Wmissing-prototypes -Wstrict-prototypes" + if [[ "`uname -s`" = "FreeBSD" ]]; then + $1="$$1 -Werror" fi fi else @@ -632,18 +666,16 @@ dnl $1 (copt appended) dnl HAVE_OS_PROTO_H (defined) dnl os-proto.h (symlinked) dnl -AC_DEFUN(AC_LBL_DEVEL, - [rm -f os-proto.h - if test "${LBL_CFLAGS+set}" = set; then - $1="$$1 ${LBL_CFLAGS}" - fi +AC_DEFUN(AC_LBL_DEVEL,[ + AC_BEFORE([$0], [AC_LBL_LD_RUN_PATH]) + rm -f os-proto.h if test -f .devel ; then AC_LBL_CHECK_WALL($1) os=`echo $target_os | sed -e 's/\([[0-9]][[0-9]]*\)[[^0-9]].*$/\1/'` name="lbl/os-$os.h" if test -f $name ; then ln -s $name os-proto.h - AC_DEFINE(HAVE_OS_PROTO_H) + AC_DEFINE(HAVE_OS_PROTO_H,,[have os-proto.h]) else AC_MSG_WARN(can't find $name) fi @@ -747,19 +779,200 @@ AC_DEFUN(AC_LBL_LIBRARY_NET, [ # libraries (i.e. libc): AC_CHECK_FUNC(gethostbyname, , # Some OSes (eg. Solaris) place it in libnsl: - AC_LBL_CHECK_LIB(nsl, gethostbyname, , + AC_CHECK_LIB(nsl, gethostbyname, , # Some strange OSes (SINIX) have it in libsocket: - AC_LBL_CHECK_LIB(socket, gethostbyname, , + AC_CHECK_LIB(socket, gethostbyname, , # Unfortunately libsocket sometimes depends on libnsl. # AC_CHECK_LIB's API is essentially broken so the # following ugliness is necessary: - AC_LBL_CHECK_LIB(socket, gethostbyname, + AC_CHECK_LIB(socket, gethostbyname, LIBS="-lsocket -lnsl $LIBS", AC_CHECK_LIB(resolv, gethostbyname), -lnsl)))) AC_CHECK_FUNC(socket, , AC_CHECK_LIB(socket, socket, , - AC_LBL_CHECK_LIB(socket, socket, LIBS="-lsocket -lnsl $LIBS", , + AC_CHECK_LIB(socket, socket, LIBS="-lsocket -lnsl $LIBS", , -lnsl))) # DLPI needs putmsg under HPUX so test for -lstr while we're at it AC_CHECK_LIB(str, putmsg) ]) + +dnl +dnl AC_LBL_RUN_PATH +dnl +dnl Extracts -L directories from LIBS; if any are found they are +dnl converted to a LD_RUN_PATH and put in V_ENVIRONMENT +dnl +dnl usage: +dnl +dnl AC_LBL_RUN_PATH +dnl +dnl results: +dnl +dnl V_ENVIRONMENT +dnl +AC_DEFUN(AC_LBL_LD_RUN_PATH, [ + AC_MSG_CHECKING(LD_RUN_PATH) + AC_SUBST(V_ENVIRONMENT) + dnl + dnl Split out -L directories + dnl + ldirs="" + for x in ${LIBS}; do + case x${x} in + + x-L*) + ldirs="${ldirs} ${x}" + ;; + + *) + ;; + esac + done + + dnl + dnl Build LD_RUN_PATH + dnl + if test -n "${ldirs}"; then + V_ENVIRONMENT="LD_RUN_PATH=\"`echo \"${ldirs}\" | sed -e 's,-L,,g' -e 's,^ *,,' -e 's, ,:,g'`\"" + AC_MSG_RESULT(${V_ENVIRONMENT}) + else + AC_MSG_RESULT(empty) + fi]) + +dnl +dnl AC_LBL_BROCCOLI +dnl +dnl Include Broccoli support +dnl +dnl usage: +dnl +dnl AC_LBL_BROCCOLI(copt, incls, [min-vers]) +dnl +dnl results: +dnl +dnl $1 (copt variable appended) +dnl $2 (incls variable appended) +dnl $3 minimum version (optional) +dnl +AC_DEFUN(AC_LBL_BROCCOLI, [ + AC_BEFORE([$0], [AC_LBL_LD_RUN_PATH]) + dnl + dnl configure flags + dnl + AC_ARG_WITH([broccoli], + [AS_HELP_STRING([--without-broccoli], + [disable Broccoli support @<:@default=check@:>@])], + ac_cv_with_broccoli=${withval}) + dnl + dnl Network application libraries + dnl + AC_LBL_LIBRARY_NET + + AC_MSG_CHECKING(for broccoli) + if test "${ac_cv_with_broccoli}" = "" -o \ + "${ac_cv_with_broccoli}" = yes ; then + cflags="" + libs="" + dnl + dnl Our entire path + dnl + dirs="`echo ${PATH} | sed -e 's/:/ /g'`" + dnl + dnl Add in default Bro install bin directory + dnl + dirs="${dirs} /usr/local/bro/bin" + for d in ${dirs}; do + if test -x ${d}/broccoli-config ; then + broccoli_config_path="${d}/broccoli-config" + cflags="`${broccoli_config_path} --cflags`" + libs="`${broccoli_config_path} --libs`" + break + fi + done + if test -n "${cflags}" ; then + ac_cv_have_broccoli=yes + else + ac_cv_have_broccoli=no + fi + AC_MSG_RESULT($ac_cv_have_broccoli) + if test "${ac_cv_with_broccoli}" = yes -a \ + ${ac_cv_have_broccoli} = "no" ; then + AC_MSG_ERROR(Broccoli explicitly enabled but not supported) + fi + else + AC_MSG_RESULT([disabled]) + fi + + dnl + dnl Optionally check for minimum Broccoli version + dnl + if test "$ac_cv_have_broccoli" = yes -a -n "$3"; then + AC_MSG_CHECKING(Broccoli >= $3) + BROCCOLI_VERSION="`${broccoli_config_path} --version`" + AC_MSG_RESULT(${BROCCOLI_VERSION}) + dnl + dnl Sort the two versions; the desired version should + dnl appear first (or perhaps 1st and 2nd) + dnl + tvers="`(echo "$3" ; echo ${BROCCOLI_VERSION}) | + sort -t. +0 -1n +1 -2n +2 -3n +3 -4n | + head -1`" + if test "${tvers}" != "$3"; then + if test "${ac_cv_with_broccoli}" = yes; then + AC_MSG_ERROR(Broccoli $3 or higher is required) + fi + AC_MSG_NOTICE(Broccoli support disabled) + ac_cv_have_broccoli="no" + fi + fi + + dnl + dnl Broccoli ho! + dnl + if test "$ac_cv_have_broccoli" = yes ; then + AC_DEFINE(HAVE_BROCCOLI) + dnl + dnl Split out -I directories + dnl + for x in ${cflags}; do + case x${x} in + + x-I*) + eval "$2=\"\$$2 ${x}\"" + ;; + + *) + eval "$1=\"\$$1 ${x}\"" + ;; + esac + done + + dnl + dnl Add in Broccoli libs + dnl + LIBS="$LIBS ${libs}" + + dnl + dnl Look for the libs in DIR or DIR/lib + dnl + AC_ARG_WITH([openssl], + [AS_HELP_STRING([--with-openssl=DIR], + [Use OpenSSL installation in DIR])], + [eval "$2=\"-I${withval}/include \$$2\"" + for x in ${withval}/lib ${withval}; do + if test -r ${x}/libssl.a; then + LIBS="-L${x} ${LIBS}" + break + fi + done]) + + dnl + dnl -lssl needs to come first on some systems! + dnl + AC_CHECK_LIB(ssl, OPENSSL_add_all_algorithms_conf, + [LIBS="${LIBS} -lssl -lcrypto"],,-lcrypto) + dnl + dnl Newer versions of 1.4.0 and anything higher needs bro_init() + dnl + AC_CHECK_LIB(broccoli, bro_init, [AC_DEFINE(HAVE_BRO_INIT)]) + fi]) diff --git a/contrib/nslint-3.0a2/config.guess b/contrib/nslint-3.0a2/config.guess new file mode 100755 index 0000000000..0e30d56e94 --- /dev/null +++ b/contrib/nslint-3.0a2/config.guess @@ -0,0 +1,1407 @@ +#! /bin/sh +# Attempt to guess a canonical system name. +# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, +# 2000, 2001, 2002, 2003 Free Software Foundation, Inc. + +timestamp='2003-07-02' + +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# Originally written by Per Bothner . +# Please send patches to . Submit a context +# diff and a properly formatted ChangeLog entry. +# +# This script attempts to guess a canonical system name similar to +# config.sub. If it succeeds, it prints the system name on stdout, and +# exits with 0. Otherwise, it exits with 1. +# +# The plan is that this can be called by configure scripts if you +# don't specify an explicit build system type. + +me=`echo "$0" | sed -e 's,.*/,,'` + +usage="\ +Usage: $0 [OPTION] + +Output the configuration name of the system \`$me' is run on. + +Operation modes: + -h, --help print this help, then exit + -t, --time-stamp print date of last modification, then exit + -v, --version print version number, then exit + +Report bugs and patches to ." + +version="\ +GNU config.guess ($timestamp) + +Originally written by Per Bothner. +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 +Free Software Foundation, Inc. + +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." + +help=" +Try \`$me --help' for more information." + +# Parse command line +while test $# -gt 0 ; do + case $1 in + --time-stamp | --time* | -t ) + echo "$timestamp" ; exit 0 ;; + --version | -v ) + echo "$version" ; exit 0 ;; + --help | --h* | -h ) + echo "$usage"; exit 0 ;; + -- ) # Stop option processing + shift; break ;; + - ) # Use stdin as input. + break ;; + -* ) + echo "$me: invalid option $1$help" >&2 + exit 1 ;; + * ) + break ;; + esac +done + +if test $# != 0; then + echo "$me: too many arguments$help" >&2 + exit 1 +fi + +trap 'exit 1' 1 2 15 + +# CC_FOR_BUILD -- compiler used by this script. Note that the use of a +# compiler to aid in system detection is discouraged as it requires +# temporary files to be created and, as you can see below, it is a +# headache to deal with in a portable fashion. + +# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still +# use `HOST_CC' if defined, but it is deprecated. + +# Portable tmp directory creation inspired by the Autoconf team. + +set_cc_for_build=' +trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; +trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; +: ${TMPDIR=/tmp} ; + { tmp=`(umask 077 && mktemp -d -q "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || + { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || + { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } || + { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ; +dummy=$tmp/dummy ; +tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ; +case $CC_FOR_BUILD,$HOST_CC,$CC in + ,,) echo "int x;" > $dummy.c ; + for c in cc gcc c89 c99 ; do + if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then + CC_FOR_BUILD="$c"; break ; + fi ; + done ; + if test x"$CC_FOR_BUILD" = x ; then + CC_FOR_BUILD=no_compiler_found ; + fi + ;; + ,,*) CC_FOR_BUILD=$CC ;; + ,*,*) CC_FOR_BUILD=$HOST_CC ;; +esac ;' + +# This is needed to find uname on a Pyramid OSx when run in the BSD universe. +# (ghazi@noc.rutgers.edu 1994-08-24) +if (test -f /.attbin/uname) >/dev/null 2>&1 ; then + PATH=$PATH:/.attbin ; export PATH +fi + +UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown +UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown +UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown +UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown + +# Note: order is significant - the case branches are not exclusive. + +case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in + *:NetBSD:*:*) + # NetBSD (nbsd) targets should (where applicable) match one or + # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*, + # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently + # switched to ELF, *-*-netbsd* would select the old + # object file format. This provides both forward + # compatibility and a consistent mechanism for selecting the + # object file format. + # + # Note: NetBSD doesn't particularly care about the vendor + # portion of the name. We always set it to "unknown". + sysctl="sysctl -n hw.machine_arch" + UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \ + /usr/sbin/$sysctl 2>/dev/null || echo unknown)` + case "${UNAME_MACHINE_ARCH}" in + armeb) machine=armeb-unknown ;; + arm*) machine=arm-unknown ;; + sh3el) machine=shl-unknown ;; + sh3eb) machine=sh-unknown ;; + *) machine=${UNAME_MACHINE_ARCH}-unknown ;; + esac + # The Operating System including object format, if it has switched + # to ELF recently, or will in the future. + case "${UNAME_MACHINE_ARCH}" in + arm*|i386|m68k|ns32k|sh3*|sparc|vax) + eval $set_cc_for_build + if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep __ELF__ >/dev/null + then + # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). + # Return netbsd for either. FIX? + os=netbsd + else + os=netbsdelf + fi + ;; + *) + os=netbsd + ;; + esac + # The OS release + # Debian GNU/NetBSD machines have a different userland, and + # thus, need a distinct triplet. However, they do not need + # kernel version information, so it can be replaced with a + # suitable tag, in the style of linux-gnu. + case "${UNAME_VERSION}" in + Debian*) + release='-gnu' + ;; + *) + release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` + ;; + esac + # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: + # contains redundant information, the shorter form: + # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. + echo "${machine}-${os}${release}" + exit 0 ;; + amiga:OpenBSD:*:*) + echo m68k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + arc:OpenBSD:*:*) + echo mipsel-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + hp300:OpenBSD:*:*) + echo m68k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + mac68k:OpenBSD:*:*) + echo m68k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + macppc:OpenBSD:*:*) + echo powerpc-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + mvme68k:OpenBSD:*:*) + echo m68k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + mvme88k:OpenBSD:*:*) + echo m88k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + mvmeppc:OpenBSD:*:*) + echo powerpc-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + pmax:OpenBSD:*:*) + echo mipsel-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + sgi:OpenBSD:*:*) + echo mipseb-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + sun3:OpenBSD:*:*) + echo m68k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + wgrisc:OpenBSD:*:*) + echo mipsel-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + *:OpenBSD:*:*) + echo ${UNAME_MACHINE}-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + alpha:OSF1:*:*) + if test $UNAME_RELEASE = "V4.0"; then + UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` + fi + # According to Compaq, /usr/sbin/psrinfo has been available on + # OSF/1 and Tru64 systems produced since 1995. I hope that + # covers most systems running today. This code pipes the CPU + # types through head -n 1, so we only detect the type of CPU 0. + ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` + case "$ALPHA_CPU_TYPE" in + "EV4 (21064)") + UNAME_MACHINE="alpha" ;; + "EV4.5 (21064)") + UNAME_MACHINE="alpha" ;; + "LCA4 (21066/21068)") + UNAME_MACHINE="alpha" ;; + "EV5 (21164)") + UNAME_MACHINE="alphaev5" ;; + "EV5.6 (21164A)") + UNAME_MACHINE="alphaev56" ;; + "EV5.6 (21164PC)") + UNAME_MACHINE="alphapca56" ;; + "EV5.7 (21164PC)") + UNAME_MACHINE="alphapca57" ;; + "EV6 (21264)") + UNAME_MACHINE="alphaev6" ;; + "EV6.7 (21264A)") + UNAME_MACHINE="alphaev67" ;; + "EV6.8CB (21264C)") + UNAME_MACHINE="alphaev68" ;; + "EV6.8AL (21264B)") + UNAME_MACHINE="alphaev68" ;; + "EV6.8CX (21264D)") + UNAME_MACHINE="alphaev68" ;; + "EV6.9A (21264/EV69A)") + UNAME_MACHINE="alphaev69" ;; + "EV7 (21364)") + UNAME_MACHINE="alphaev7" ;; + "EV7.9 (21364A)") + UNAME_MACHINE="alphaev79" ;; + esac + # A Vn.n version is a released version. + # A Tn.n version is a released field test version. + # A Xn.n version is an unreleased experimental baselevel. + # 1.2 uses "1.2" for uname -r. + echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + exit 0 ;; + Alpha*:OpenVMS:*:*) + echo alpha-hp-vms + exit 0 ;; + Alpha\ *:Windows_NT*:*) + # How do we know it's Interix rather than the generic POSIX subsystem? + # Should we change UNAME_MACHINE based on the output of uname instead + # of the specific Alpha model? + echo alpha-pc-interix + exit 0 ;; + 21064:Windows_NT:50:3) + echo alpha-dec-winnt3.5 + exit 0 ;; + Amiga*:UNIX_System_V:4.0:*) + echo m68k-unknown-sysv4 + exit 0;; + *:[Aa]miga[Oo][Ss]:*:*) + echo ${UNAME_MACHINE}-unknown-amigaos + exit 0 ;; + *:[Mm]orph[Oo][Ss]:*:*) + echo ${UNAME_MACHINE}-unknown-morphos + exit 0 ;; + *:OS/390:*:*) + echo i370-ibm-openedition + exit 0 ;; + arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) + echo arm-acorn-riscix${UNAME_RELEASE} + exit 0;; + SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) + echo hppa1.1-hitachi-hiuxmpp + exit 0;; + Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) + # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. + if test "`(/bin/universe) 2>/dev/null`" = att ; then + echo pyramid-pyramid-sysv3 + else + echo pyramid-pyramid-bsd + fi + exit 0 ;; + NILE*:*:*:dcosx) + echo pyramid-pyramid-svr4 + exit 0 ;; + DRS?6000:unix:4.0:6*) + echo sparc-icl-nx6 + exit 0 ;; + DRS?6000:UNIX_SV:4.2*:7*) + case `/usr/bin/uname -p` in + sparc) echo sparc-icl-nx7 && exit 0 ;; + esac ;; + sun4H:SunOS:5.*:*) + echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) + echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + i86pc:SunOS:5.*:*) + echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + sun4*:SunOS:6*:*) + # According to config.sub, this is the proper way to canonicalize + # SunOS6. Hard to guess exactly what SunOS6 will be like, but + # it's likely to be more like Solaris than SunOS4. + echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + sun4*:SunOS:*:*) + case "`/usr/bin/arch -k`" in + Series*|S4*) + UNAME_RELEASE=`uname -v` + ;; + esac + # Japanese Language versions have a version number like `4.1.3-JL'. + echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` + exit 0 ;; + sun3*:SunOS:*:*) + echo m68k-sun-sunos${UNAME_RELEASE} + exit 0 ;; + sun*:*:4.2BSD:*) + UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` + test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 + case "`/bin/arch`" in + sun3) + echo m68k-sun-sunos${UNAME_RELEASE} + ;; + sun4) + echo sparc-sun-sunos${UNAME_RELEASE} + ;; + esac + exit 0 ;; + aushp:SunOS:*:*) + echo sparc-auspex-sunos${UNAME_RELEASE} + exit 0 ;; + # The situation for MiNT is a little confusing. The machine name + # can be virtually everything (everything which is not + # "atarist" or "atariste" at least should have a processor + # > m68000). The system name ranges from "MiNT" over "FreeMiNT" + # to the lowercase version "mint" (or "freemint"). Finally + # the system name "TOS" denotes a system which is actually not + # MiNT. But MiNT is downward compatible to TOS, so this should + # be no problem. + atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} + exit 0 ;; + atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} + exit 0 ;; + *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} + exit 0 ;; + milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) + echo m68k-milan-mint${UNAME_RELEASE} + exit 0 ;; + hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) + echo m68k-hades-mint${UNAME_RELEASE} + exit 0 ;; + *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) + echo m68k-unknown-mint${UNAME_RELEASE} + exit 0 ;; + powerpc:machten:*:*) + echo powerpc-apple-machten${UNAME_RELEASE} + exit 0 ;; + RISC*:Mach:*:*) + echo mips-dec-mach_bsd4.3 + exit 0 ;; + RISC*:ULTRIX:*:*) + echo mips-dec-ultrix${UNAME_RELEASE} + exit 0 ;; + VAX*:ULTRIX*:*:*) + echo vax-dec-ultrix${UNAME_RELEASE} + exit 0 ;; + 2020:CLIX:*:* | 2430:CLIX:*:*) + echo clipper-intergraph-clix${UNAME_RELEASE} + exit 0 ;; + mips:*:*:UMIPS | mips:*:*:RISCos) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c +#ifdef __cplusplus +#include /* for printf() prototype */ + int main (int argc, char *argv[]) { +#else + int main (argc, argv) int argc; char *argv[]; { +#endif + #if defined (host_mips) && defined (MIPSEB) + #if defined (SYSTYPE_SYSV) + printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_SVR4) + printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) + printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); + #endif + #endif + exit (-1); + } +EOF + $CC_FOR_BUILD -o $dummy $dummy.c \ + && $dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \ + && exit 0 + echo mips-mips-riscos${UNAME_RELEASE} + exit 0 ;; + Motorola:PowerMAX_OS:*:*) + echo powerpc-motorola-powermax + exit 0 ;; + Motorola:*:4.3:PL8-*) + echo powerpc-harris-powermax + exit 0 ;; + Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) + echo powerpc-harris-powermax + exit 0 ;; + Night_Hawk:Power_UNIX:*:*) + echo powerpc-harris-powerunix + exit 0 ;; + m88k:CX/UX:7*:*) + echo m88k-harris-cxux7 + exit 0 ;; + m88k:*:4*:R4*) + echo m88k-motorola-sysv4 + exit 0 ;; + m88k:*:3*:R3*) + echo m88k-motorola-sysv3 + exit 0 ;; + AViiON:dgux:*:*) + # DG/UX returns AViiON for all architectures + UNAME_PROCESSOR=`/usr/bin/uname -p` + if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] + then + if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ + [ ${TARGET_BINARY_INTERFACE}x = x ] + then + echo m88k-dg-dgux${UNAME_RELEASE} + else + echo m88k-dg-dguxbcs${UNAME_RELEASE} + fi + else + echo i586-dg-dgux${UNAME_RELEASE} + fi + exit 0 ;; + M88*:DolphinOS:*:*) # DolphinOS (SVR3) + echo m88k-dolphin-sysv3 + exit 0 ;; + M88*:*:R3*:*) + # Delta 88k system running SVR3 + echo m88k-motorola-sysv3 + exit 0 ;; + XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) + echo m88k-tektronix-sysv3 + exit 0 ;; + Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) + echo m68k-tektronix-bsd + exit 0 ;; + *:IRIX*:*:*) + echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` + exit 0 ;; + ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. + echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id + exit 0 ;; # Note that: echo "'`uname -s`'" gives 'AIX ' + i*86:AIX:*:*) + echo i386-ibm-aix + exit 0 ;; + ia64:AIX:*:*) + if [ -x /usr/bin/oslevel ] ; then + IBM_REV=`/usr/bin/oslevel` + else + IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} + fi + echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} + exit 0 ;; + *:AIX:2:3) + if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #include + + main() + { + if (!__power_pc()) + exit(1); + puts("powerpc-ibm-aix3.2.5"); + exit(0); + } +EOF + $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && exit 0 + echo rs6000-ibm-aix3.2.5 + elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then + echo rs6000-ibm-aix3.2.4 + else + echo rs6000-ibm-aix3.2 + fi + exit 0 ;; + *:AIX:*:[45]) + IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` + if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then + IBM_ARCH=rs6000 + else + IBM_ARCH=powerpc + fi + if [ -x /usr/bin/oslevel ] ; then + IBM_REV=`/usr/bin/oslevel` + else + IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} + fi + echo ${IBM_ARCH}-ibm-aix${IBM_REV} + exit 0 ;; + *:AIX:*:*) + echo rs6000-ibm-aix + exit 0 ;; + ibmrt:4.4BSD:*|romp-ibm:BSD:*) + echo romp-ibm-bsd4.4 + exit 0 ;; + ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and + echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to + exit 0 ;; # report: romp-ibm BSD 4.3 + *:BOSX:*:*) + echo rs6000-bull-bosx + exit 0 ;; + DPX/2?00:B.O.S.:*:*) + echo m68k-bull-sysv3 + exit 0 ;; + 9000/[34]??:4.3bsd:1.*:*) + echo m68k-hp-bsd + exit 0 ;; + hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) + echo m68k-hp-bsd4.4 + exit 0 ;; + 9000/[34678]??:HP-UX:*:*) + HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` + case "${UNAME_MACHINE}" in + 9000/31? ) HP_ARCH=m68000 ;; + 9000/[34]?? ) HP_ARCH=m68k ;; + 9000/[678][0-9][0-9]) + if [ -x /usr/bin/getconf ]; then + sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` + sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` + case "${sc_cpu_version}" in + 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 + 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 + 532) # CPU_PA_RISC2_0 + case "${sc_kernel_bits}" in + 32) HP_ARCH="hppa2.0n" ;; + 64) HP_ARCH="hppa2.0w" ;; + '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 + esac ;; + esac + fi + if [ "${HP_ARCH}" = "" ]; then + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + + #define _HPUX_SOURCE + #include + #include + + int main () + { + #if defined(_SC_KERNEL_BITS) + long bits = sysconf(_SC_KERNEL_BITS); + #endif + long cpu = sysconf (_SC_CPU_VERSION); + + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1"); break; + case CPU_PA_RISC2_0: + #if defined(_SC_KERNEL_BITS) + switch (bits) + { + case 64: puts ("hppa2.0w"); break; + case 32: puts ("hppa2.0n"); break; + default: puts ("hppa2.0"); break; + } break; + #else /* !defined(_SC_KERNEL_BITS) */ + puts ("hppa2.0"); break; + #endif + default: puts ("hppa1.0"); break; + } + exit (0); + } +EOF + (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` + test -z "$HP_ARCH" && HP_ARCH=hppa + fi ;; + esac + if [ ${HP_ARCH} = "hppa2.0w" ] + then + # avoid double evaluation of $set_cc_for_build + test -n "$CC_FOR_BUILD" || eval $set_cc_for_build + if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E -) | grep __LP64__ >/dev/null + then + HP_ARCH="hppa2.0w" + else + HP_ARCH="hppa64" + fi + fi + echo ${HP_ARCH}-hp-hpux${HPUX_REV} + exit 0 ;; + ia64:HP-UX:*:*) + HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` + echo ia64-hp-hpux${HPUX_REV} + exit 0 ;; + 3050*:HI-UX:*:*) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #include + int + main () + { + long cpu = sysconf (_SC_CPU_VERSION); + /* The order matters, because CPU_IS_HP_MC68K erroneously returns + true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct + results, however. */ + if (CPU_IS_PA_RISC (cpu)) + { + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; + case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; + default: puts ("hppa-hitachi-hiuxwe2"); break; + } + } + else if (CPU_IS_HP_MC68K (cpu)) + puts ("m68k-hitachi-hiuxwe2"); + else puts ("unknown-hitachi-hiuxwe2"); + exit (0); + } +EOF + $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && exit 0 + echo unknown-hitachi-hiuxwe2 + exit 0 ;; + 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) + echo hppa1.1-hp-bsd + exit 0 ;; + 9000/8??:4.3bsd:*:*) + echo hppa1.0-hp-bsd + exit 0 ;; + *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) + echo hppa1.0-hp-mpeix + exit 0 ;; + hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) + echo hppa1.1-hp-osf + exit 0 ;; + hp8??:OSF1:*:*) + echo hppa1.0-hp-osf + exit 0 ;; + i*86:OSF1:*:*) + if [ -x /usr/sbin/sysversion ] ; then + echo ${UNAME_MACHINE}-unknown-osf1mk + else + echo ${UNAME_MACHINE}-unknown-osf1 + fi + exit 0 ;; + parisc*:Lites*:*:*) + echo hppa1.1-hp-lites + exit 0 ;; + C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) + echo c1-convex-bsd + exit 0 ;; + C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) + if getsysinfo -f scalar_acc + then echo c32-convex-bsd + else echo c2-convex-bsd + fi + exit 0 ;; + C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) + echo c34-convex-bsd + exit 0 ;; + C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) + echo c38-convex-bsd + exit 0 ;; + C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) + echo c4-convex-bsd + exit 0 ;; + CRAY*Y-MP:*:*:*) + echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit 0 ;; + CRAY*[A-Z]90:*:*:*) + echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ + | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ + -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ + -e 's/\.[^.]*$/.X/' + exit 0 ;; + CRAY*TS:*:*:*) + echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit 0 ;; + CRAY*T3E:*:*:*) + echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit 0 ;; + CRAY*SV1:*:*:*) + echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit 0 ;; + *:UNICOS/mp:*:*) + echo nv1-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit 0 ;; + F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) + FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` + FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` + echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + exit 0 ;; + i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) + echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} + exit 0 ;; + sparc*:BSD/OS:*:*) + echo sparc-unknown-bsdi${UNAME_RELEASE} + exit 0 ;; + *:BSD/OS:*:*) + echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} + exit 0 ;; + *:FreeBSD:*:*|*:GNU/FreeBSD:*:*) + # Determine whether the default compiler uses glibc. + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #include + #if __GLIBC__ >= 2 + LIBC=gnu + #else + LIBC= + #endif +EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=` + # GNU/FreeBSD systems have a "k" prefix to indicate we are using + # FreeBSD's kernel, but not the complete OS. + case ${LIBC} in gnu) kernel_only='k' ;; esac + echo ${UNAME_MACHINE}-unknown-${kernel_only}freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`${LIBC:+-$LIBC} + exit 0 ;; + i*:CYGWIN*:*) + echo ${UNAME_MACHINE}-pc-cygwin + exit 0 ;; + i*:MINGW*:*) + echo ${UNAME_MACHINE}-pc-mingw32 + exit 0 ;; + i*:PW*:*) + echo ${UNAME_MACHINE}-pc-pw32 + exit 0 ;; + x86:Interix*:[34]*) + echo i586-pc-interix${UNAME_RELEASE}|sed -e 's/\..*//' + exit 0 ;; + [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) + echo i${UNAME_MACHINE}-pc-mks + exit 0 ;; + i*:Windows_NT*:* | Pentium*:Windows_NT*:*) + # How do we know it's Interix rather than the generic POSIX subsystem? + # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we + # UNAME_MACHINE based on the output of uname instead of i386? + echo i586-pc-interix + exit 0 ;; + i*:UWIN*:*) + echo ${UNAME_MACHINE}-pc-uwin + exit 0 ;; + p*:CYGWIN*:*) + echo powerpcle-unknown-cygwin + exit 0 ;; + prep*:SunOS:5.*:*) + echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + *:GNU:*:*) + echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` + exit 0 ;; + i*86:Minix:*:*) + echo ${UNAME_MACHINE}-pc-minix + exit 0 ;; + arm*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit 0 ;; + cris:Linux:*:*) + echo cris-axis-linux-gnu + exit 0 ;; + ia64:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit 0 ;; + m68*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit 0 ;; + mips:Linux:*:*) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #undef CPU + #undef mips + #undef mipsel + #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) + CPU=mipsel + #else + #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) + CPU=mips + #else + CPU= + #endif + #endif +EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=` + test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0 + ;; + mips64:Linux:*:*) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #undef CPU + #undef mips64 + #undef mips64el + #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) + CPU=mips64el + #else + #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) + CPU=mips64 + #else + CPU= + #endif + #endif +EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=` + test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0 + ;; + ppc:Linux:*:*) + echo powerpc-unknown-linux-gnu + exit 0 ;; + ppc64:Linux:*:*) + echo powerpc64-unknown-linux-gnu + exit 0 ;; + alpha:Linux:*:*) + case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in + EV5) UNAME_MACHINE=alphaev5 ;; + EV56) UNAME_MACHINE=alphaev56 ;; + PCA56) UNAME_MACHINE=alphapca56 ;; + PCA57) UNAME_MACHINE=alphapca56 ;; + EV6) UNAME_MACHINE=alphaev6 ;; + EV67) UNAME_MACHINE=alphaev67 ;; + EV68*) UNAME_MACHINE=alphaev68 ;; + esac + objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null + if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi + echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} + exit 0 ;; + parisc:Linux:*:* | hppa:Linux:*:*) + # Look for CPU level + case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in + PA7*) echo hppa1.1-unknown-linux-gnu ;; + PA8*) echo hppa2.0-unknown-linux-gnu ;; + *) echo hppa-unknown-linux-gnu ;; + esac + exit 0 ;; + parisc64:Linux:*:* | hppa64:Linux:*:*) + echo hppa64-unknown-linux-gnu + exit 0 ;; + s390:Linux:*:* | s390x:Linux:*:*) + echo ${UNAME_MACHINE}-ibm-linux + exit 0 ;; + sh64*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit 0 ;; + sh*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit 0 ;; + sparc:Linux:*:* | sparc64:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit 0 ;; + x86_64:Linux:*:*) + echo x86_64-unknown-linux-gnu + exit 0 ;; + i*86:Linux:*:*) + # The BFD linker knows what the default object file format is, so + # first see if it will tell us. cd to the root directory to prevent + # problems with other programs or directories called `ld' in the path. + # Set LC_ALL=C to ensure ld outputs messages in English. + ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \ + | sed -ne '/supported targets:/!d + s/[ ][ ]*/ /g + s/.*supported targets: *// + s/ .*// + p'` + case "$ld_supported_targets" in + elf32-i386) + TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu" + ;; + a.out-i386-linux) + echo "${UNAME_MACHINE}-pc-linux-gnuaout" + exit 0 ;; + coff-i386) + echo "${UNAME_MACHINE}-pc-linux-gnucoff" + exit 0 ;; + "") + # Either a pre-BFD a.out linker (linux-gnuoldld) or + # one that does not give us useful --help. + echo "${UNAME_MACHINE}-pc-linux-gnuoldld" + exit 0 ;; + esac + # Determine whether the default compiler is a.out or elf + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #include + #ifdef __ELF__ + # ifdef __GLIBC__ + # if __GLIBC__ >= 2 + LIBC=gnu + # else + LIBC=gnulibc1 + # endif + # else + LIBC=gnulibc1 + # endif + #else + #ifdef __INTEL_COMPILER + LIBC=gnu + #else + LIBC=gnuaout + #endif + #endif +EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=` + test x"${LIBC}" != x && echo "${UNAME_MACHINE}-pc-linux-${LIBC}" && exit 0 + test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0 + ;; + i*86:DYNIX/ptx:4*:*) + # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. + # earlier versions are messed up and put the nodename in both + # sysname and nodename. + echo i386-sequent-sysv4 + exit 0 ;; + i*86:UNIX_SV:4.2MP:2.*) + # Unixware is an offshoot of SVR4, but it has its own version + # number series starting with 2... + # I am not positive that other SVR4 systems won't match this, + # I just have to hope. -- rms. + # Use sysv4.2uw... so that sysv4* matches it. + echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} + exit 0 ;; + i*86:OS/2:*:*) + # If we were able to find `uname', then EMX Unix compatibility + # is probably installed. + echo ${UNAME_MACHINE}-pc-os2-emx + exit 0 ;; + i*86:XTS-300:*:STOP) + echo ${UNAME_MACHINE}-unknown-stop + exit 0 ;; + i*86:atheos:*:*) + echo ${UNAME_MACHINE}-unknown-atheos + exit 0 ;; + i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*) + echo i386-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + i*86:*DOS:*:*) + echo ${UNAME_MACHINE}-pc-msdosdjgpp + exit 0 ;; + i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) + UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` + if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then + echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL} + else + echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} + fi + exit 0 ;; + i*86:*:5:[78]*) + case `/bin/uname -X | grep "^Machine"` in + *486*) UNAME_MACHINE=i486 ;; + *Pentium) UNAME_MACHINE=i586 ;; + *Pent*|*Celeron) UNAME_MACHINE=i686 ;; + esac + echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} + exit 0 ;; + i*86:*:3.2:*) + if test -f /usr/options/cb.name; then + UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then + UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` + (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 + (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \ + && UNAME_MACHINE=i586 + (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \ + && UNAME_MACHINE=i686 + (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ + && UNAME_MACHINE=i686 + echo ${UNAME_MACHINE}-pc-sco$UNAME_REL + else + echo ${UNAME_MACHINE}-pc-sysv32 + fi + exit 0 ;; + pc:*:*:*) + # Left here for compatibility: + # uname -m prints for DJGPP always 'pc', but it prints nothing about + # the processor, so we play safe by assuming i386. + echo i386-pc-msdosdjgpp + exit 0 ;; + Intel:Mach:3*:*) + echo i386-pc-mach3 + exit 0 ;; + paragon:*:*:*) + echo i860-intel-osf1 + exit 0 ;; + i860:*:4.*:*) # i860-SVR4 + if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then + echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 + else # Add other i860-SVR4 vendors below as they are discovered. + echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 + fi + exit 0 ;; + mini*:CTIX:SYS*5:*) + # "miniframe" + echo m68010-convergent-sysv + exit 0 ;; + mc68k:UNIX:SYSTEM5:3.51m) + echo m68k-convergent-sysv + exit 0 ;; + M680?0:D-NIX:5.3:*) + echo m68k-diab-dnix + exit 0 ;; + M68*:*:R3V[567]*:*) + test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;; + 3[34]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0) + OS_REL='' + test -r /etc/.relid \ + && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && echo i486-ncr-sysv4.3${OS_REL} && exit 0 + /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ + && echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;; + 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && echo i486-ncr-sysv4 && exit 0 ;; + m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) + echo m68k-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + mc68030:UNIX_System_V:4.*:*) + echo m68k-atari-sysv4 + exit 0 ;; + TSUNAMI:LynxOS:2.*:*) + echo sparc-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + rs6000:LynxOS:2.*:*) + echo rs6000-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*) + echo powerpc-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + SM[BE]S:UNIX_SV:*:*) + echo mips-dde-sysv${UNAME_RELEASE} + exit 0 ;; + RM*:ReliantUNIX-*:*:*) + echo mips-sni-sysv4 + exit 0 ;; + RM*:SINIX-*:*:*) + echo mips-sni-sysv4 + exit 0 ;; + *:SINIX-*:*:*) + if uname -p 2>/dev/null >/dev/null ; then + UNAME_MACHINE=`(uname -p) 2>/dev/null` + echo ${UNAME_MACHINE}-sni-sysv4 + else + echo ns32k-sni-sysv + fi + exit 0 ;; + PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort + # says + echo i586-unisys-sysv4 + exit 0 ;; + *:UNIX_System_V:4*:FTX*) + # From Gerald Hewes . + # How about differentiating between stratus architectures? -djm + echo hppa1.1-stratus-sysv4 + exit 0 ;; + *:*:*:FTX*) + # From seanf@swdc.stratus.com. + echo i860-stratus-sysv4 + exit 0 ;; + *:VOS:*:*) + # From Paul.Green@stratus.com. + echo hppa1.1-stratus-vos + exit 0 ;; + mc68*:A/UX:*:*) + echo m68k-apple-aux${UNAME_RELEASE} + exit 0 ;; + news*:NEWS-OS:6*:*) + echo mips-sony-newsos6 + exit 0 ;; + R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) + if [ -d /usr/nec ]; then + echo mips-nec-sysv${UNAME_RELEASE} + else + echo mips-unknown-sysv${UNAME_RELEASE} + fi + exit 0 ;; + BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. + echo powerpc-be-beos + exit 0 ;; + BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. + echo powerpc-apple-beos + exit 0 ;; + BePC:BeOS:*:*) # BeOS running on Intel PC compatible. + echo i586-pc-beos + exit 0 ;; + SX-4:SUPER-UX:*:*) + echo sx4-nec-superux${UNAME_RELEASE} + exit 0 ;; + SX-5:SUPER-UX:*:*) + echo sx5-nec-superux${UNAME_RELEASE} + exit 0 ;; + SX-6:SUPER-UX:*:*) + echo sx6-nec-superux${UNAME_RELEASE} + exit 0 ;; + Power*:Rhapsody:*:*) + echo powerpc-apple-rhapsody${UNAME_RELEASE} + exit 0 ;; + *:Rhapsody:*:*) + echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} + exit 0 ;; + *:Darwin:*:*) + case `uname -p` in + *86) UNAME_PROCESSOR=i686 ;; + powerpc) UNAME_PROCESSOR=powerpc ;; + esac + echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} + exit 0 ;; + *:procnto*:*:* | *:QNX:[0123456789]*:*) + UNAME_PROCESSOR=`uname -p` + if test "$UNAME_PROCESSOR" = "x86"; then + UNAME_PROCESSOR=i386 + UNAME_MACHINE=pc + fi + echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} + exit 0 ;; + *:QNX:*:4*) + echo i386-pc-qnx + exit 0 ;; + NSR-[DGKLNPTVW]:NONSTOP_KERNEL:*:*) + echo nsr-tandem-nsk${UNAME_RELEASE} + exit 0 ;; + *:NonStop-UX:*:*) + echo mips-compaq-nonstopux + exit 0 ;; + BS2000:POSIX*:*:*) + echo bs2000-siemens-sysv + exit 0 ;; + DS/*:UNIX_System_V:*:*) + echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} + exit 0 ;; + *:Plan9:*:*) + # "uname -m" is not consistent, so use $cputype instead. 386 + # is converted to i386 for consistency with other x86 + # operating systems. + if test "$cputype" = "386"; then + UNAME_MACHINE=i386 + else + UNAME_MACHINE="$cputype" + fi + echo ${UNAME_MACHINE}-unknown-plan9 + exit 0 ;; + *:TOPS-10:*:*) + echo pdp10-unknown-tops10 + exit 0 ;; + *:TENEX:*:*) + echo pdp10-unknown-tenex + exit 0 ;; + KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) + echo pdp10-dec-tops20 + exit 0 ;; + XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) + echo pdp10-xkl-tops20 + exit 0 ;; + *:TOPS-20:*:*) + echo pdp10-unknown-tops20 + exit 0 ;; + *:ITS:*:*) + echo pdp10-unknown-its + exit 0 ;; + SEI:*:*:SEIUX) + echo mips-sei-seiux${UNAME_RELEASE} + exit 0 ;; +esac + +#echo '(No uname command or uname output not recognized.)' 1>&2 +#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 + +eval $set_cc_for_build +cat >$dummy.c < +# include +#endif +main () +{ +#if defined (sony) +#if defined (MIPSEB) + /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, + I don't know.... */ + printf ("mips-sony-bsd\n"); exit (0); +#else +#include + printf ("m68k-sony-newsos%s\n", +#ifdef NEWSOS4 + "4" +#else + "" +#endif + ); exit (0); +#endif +#endif + +#if defined (__arm) && defined (__acorn) && defined (__unix) + printf ("arm-acorn-riscix"); exit (0); +#endif + +#if defined (hp300) && !defined (hpux) + printf ("m68k-hp-bsd\n"); exit (0); +#endif + +#if defined (NeXT) +#if !defined (__ARCHITECTURE__) +#define __ARCHITECTURE__ "m68k" +#endif + int version; + version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; + if (version < 4) + printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); + else + printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); + exit (0); +#endif + +#if defined (MULTIMAX) || defined (n16) +#if defined (UMAXV) + printf ("ns32k-encore-sysv\n"); exit (0); +#else +#if defined (CMU) + printf ("ns32k-encore-mach\n"); exit (0); +#else + printf ("ns32k-encore-bsd\n"); exit (0); +#endif +#endif +#endif + +#if defined (__386BSD__) + printf ("i386-pc-bsd\n"); exit (0); +#endif + +#if defined (sequent) +#if defined (i386) + printf ("i386-sequent-dynix\n"); exit (0); +#endif +#if defined (ns32000) + printf ("ns32k-sequent-dynix\n"); exit (0); +#endif +#endif + +#if defined (_SEQUENT_) + struct utsname un; + + uname(&un); + + if (strncmp(un.version, "V2", 2) == 0) { + printf ("i386-sequent-ptx2\n"); exit (0); + } + if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ + printf ("i386-sequent-ptx1\n"); exit (0); + } + printf ("i386-sequent-ptx\n"); exit (0); + +#endif + +#if defined (vax) +# if !defined (ultrix) +# include +# if defined (BSD) +# if BSD == 43 + printf ("vax-dec-bsd4.3\n"); exit (0); +# else +# if BSD == 199006 + printf ("vax-dec-bsd4.3reno\n"); exit (0); +# else + printf ("vax-dec-bsd\n"); exit (0); +# endif +# endif +# else + printf ("vax-dec-bsd\n"); exit (0); +# endif +# else + printf ("vax-dec-ultrix\n"); exit (0); +# endif +#endif + +#if defined (alliant) && defined (i860) + printf ("i860-alliant-bsd\n"); exit (0); +#endif + + exit (1); +} +EOF + +$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && $dummy && exit 0 + +# Apollos put the system type in the environment. + +test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; } + +# Convex versions that predate uname can use getsysinfo(1) + +if [ -x /usr/convex/getsysinfo ] +then + case `getsysinfo -f cpu_type` in + c1*) + echo c1-convex-bsd + exit 0 ;; + c2*) + if getsysinfo -f scalar_acc + then echo c32-convex-bsd + else echo c2-convex-bsd + fi + exit 0 ;; + c34*) + echo c34-convex-bsd + exit 0 ;; + c38*) + echo c38-convex-bsd + exit 0 ;; + c4*) + echo c4-convex-bsd + exit 0 ;; + esac +fi + +cat >&2 < in order to provide the needed +information to handle your system. + +config.guess timestamp = $timestamp + +uname -m = `(uname -m) 2>/dev/null || echo unknown` +uname -r = `(uname -r) 2>/dev/null || echo unknown` +uname -s = `(uname -s) 2>/dev/null || echo unknown` +uname -v = `(uname -v) 2>/dev/null || echo unknown` + +/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null` +/bin/uname -X = `(/bin/uname -X) 2>/dev/null` + +hostinfo = `(hostinfo) 2>/dev/null` +/bin/universe = `(/bin/universe) 2>/dev/null` +/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null` +/bin/arch = `(/bin/arch) 2>/dev/null` +/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null` +/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null` + +UNAME_MACHINE = ${UNAME_MACHINE} +UNAME_RELEASE = ${UNAME_RELEASE} +UNAME_SYSTEM = ${UNAME_SYSTEM} +UNAME_VERSION = ${UNAME_VERSION} +EOF + +exit 1 + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "timestamp='" +# time-stamp-format: "%:y-%02m-%02d" +# time-stamp-end: "'" +# End: diff --git a/contrib/nslint-2.1a3/config.sub b/contrib/nslint-3.0a2/config.sub old mode 100644 new mode 100755 similarity index 54% rename from contrib/nslint-2.1a3/config.sub rename to contrib/nslint-3.0a2/config.sub index 0432524944..9d7f733905 --- a/contrib/nslint-2.1a3/config.sub +++ b/contrib/nslint-3.0a2/config.sub @@ -1,6 +1,10 @@ #! /bin/sh -# Configuration validation subroutine script, version 1.1. -# Copyright (C) 1991, 92, 93, 94, 95, 1996 Free Software Foundation, Inc. +# Configuration validation subroutine script. +# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, +# 2000, 2001, 2002, 2003 Free Software Foundation, Inc. + +timestamp='2003-07-04' + # This file is (in principle) common to ALL GNU software. # The presence of a machine in this file suggests that SOME GNU software # can handle that machine. It does not imply ALL GNU software can. @@ -25,6 +29,9 @@ # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. +# Please send patches to . Submit a context +# diff and a properly formatted ChangeLog entry. +# # Configuration subroutine to validate and canonicalize a configuration type. # Supply the specified configuration type as an argument. # If it is invalid, we print an error message on stderr and exit with code 1. @@ -45,30 +52,73 @@ # CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM # It is wrong to echo any other type of specification. -if [ x$1 = x ] -then - echo Configuration name missing. 1>&2 - echo "Usage: $0 CPU-MFR-OPSYS" 1>&2 - echo "or $0 ALIAS" 1>&2 - echo where ALIAS is a recognized configuration type. 1>&2 - exit 1 -fi +me=`echo "$0" | sed -e 's,.*/,,'` -# First pass through any local machine types. -case $1 in - *local*) - echo $1 - exit 0 - ;; - *) - ;; +usage="\ +Usage: $0 [OPTION] CPU-MFR-OPSYS + $0 [OPTION] ALIAS + +Canonicalize a configuration name. + +Operation modes: + -h, --help print this help, then exit + -t, --time-stamp print date of last modification, then exit + -v, --version print version number, then exit + +Report bugs and patches to ." + +version="\ +GNU config.sub ($timestamp) + +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 +Free Software Foundation, Inc. + +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." + +help=" +Try \`$me --help' for more information." + +# Parse command line +while test $# -gt 0 ; do + case $1 in + --time-stamp | --time* | -t ) + echo "$timestamp" ; exit 0 ;; + --version | -v ) + echo "$version" ; exit 0 ;; + --help | --h* | -h ) + echo "$usage"; exit 0 ;; + -- ) # Stop option processing + shift; break ;; + - ) # Use stdin as input. + break ;; + -* ) + echo "$me: invalid option $1$help" + exit 1 ;; + + *local*) + # First pass through any local machine types. + echo $1 + exit 0;; + + * ) + break ;; + esac +done + +case $# in + 0) echo "$me: missing argument$help" >&2 + exit 1;; + 1) ;; + *) echo "$me: too many arguments$help" >&2 + exit 1;; esac # Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). # Here we must recognize all the valid KERNEL-OS combinations. maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` case $maybe_os in - linux-gnu*) + nto-qnx* | linux-gnu* | kfreebsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*) os=-$maybe_os basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` ;; @@ -94,15 +144,33 @@ case $os in -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ - -apple) + -apple | -axis) os= basic_machine=$1 ;; + -sim | -cisco | -oki | -wec | -winbond) + os= + basic_machine=$1 + ;; + -scout) + ;; + -wrs) + os=-vxworks + basic_machine=$1 + ;; + -chorusos*) + os=-chorusos + basic_machine=$1 + ;; + -chorusrdb) + os=-chorusrdb + basic_machine=$1 + ;; -hiux*) os=-hiuxwe2 ;; -sco5) - os=sco3.2v5 + os=-sco3.2v5 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco4) @@ -121,6 +189,9 @@ case $os in os=-sco3.2v2 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; + -udk*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; -isc) os=-isc2.2 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` @@ -143,25 +214,72 @@ case $os in -psos*) os=-psos ;; + -mint | -mint[0-9]*) + basic_machine=m68k-atari + os=-mint + ;; esac # Decode aliases for certain CPU-COMPANY combinations. case $basic_machine in # Recognize the basic CPU types without company name. # Some are omitted here because they have special meanings below. - tahoe | i860 | m68k | m68000 | m88k | ns32k | arm \ - | arme[lb] | pyramid \ - | tron | a29k | 580 | i960 | h8300 | hppa | hppa1.0 | hppa1.1 \ - | alpha | we32k | ns16k | clipper | i370 | sh \ - | powerpc | powerpcle | 1750a | dsp16xx | mips64 | mipsel \ - | pdp11 | mips64el | mips64orion | mips64orionel \ - | sparc | sparclet | sparclite | sparc64) + 1750a | 580 \ + | a29k \ + | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ + | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ + | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \ + | c4x | clipper \ + | d10v | d30v | dlx | dsp16xx \ + | fr30 | frv \ + | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ + | i370 | i860 | i960 | ia64 \ + | ip2k \ + | m32r | m68000 | m68k | m88k | mcore \ + | mips | mipsbe | mipseb | mipsel | mipsle \ + | mips16 \ + | mips64 | mips64el \ + | mips64vr | mips64vrel \ + | mips64orion | mips64orionel \ + | mips64vr4100 | mips64vr4100el \ + | mips64vr4300 | mips64vr4300el \ + | mips64vr5000 | mips64vr5000el \ + | mipsisa32 | mipsisa32el \ + | mipsisa32r2 | mipsisa32r2el \ + | mipsisa64 | mipsisa64el \ + | mipsisa64sb1 | mipsisa64sb1el \ + | mipsisa64sr71k | mipsisa64sr71kel \ + | mipstx39 | mipstx39el \ + | mn10200 | mn10300 \ + | msp430 \ + | ns16k | ns32k \ + | openrisc | or32 \ + | pdp10 | pdp11 | pj | pjl \ + | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ + | pyramid \ + | sh | sh[1234] | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \ + | sh64 | sh64le \ + | sparc | sparc64 | sparc86x | sparclet | sparclite | sparcv9 | sparcv9b \ + | strongarm \ + | tahoe | thumb | tic4x | tic80 | tron \ + | v850 | v850e \ + | we32k \ + | x86 | xscale | xstormy16 | xtensa \ + | z8k) basic_machine=$basic_machine-unknown ;; + m6811 | m68hc11 | m6812 | m68hc12) + # Motorola 68HC11/12. + basic_machine=$basic_machine-unknown + os=-none + ;; + m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k) + ;; + # We use `pc' rather than `unknown' # because (1) that's what they normally are, and # (2) the word "unknown" tends to confuse beginning users. - i[3456]86) + i*86 | x86_64) basic_machine=$basic_machine-pc ;; # Object if more than one company name word. @@ -170,23 +288,81 @@ case $basic_machine in exit 1 ;; # Recognize the basic CPU types with company name. - vax-* | tahoe-* | i[3456]86-* | i860-* | m68k-* | m68000-* | m88k-* \ - | sparc-* | ns32k-* | fx80-* | arm-* | c[123]* \ - | mips-* | pyramid-* | tron-* | a29k-* | romp-* | rs6000-* | power-* \ - | none-* | 580-* | cray2-* | h8300-* | i960-* | xmp-* | ymp-* \ - | hppa-* | hppa1.0-* | hppa1.1-* | alpha-* | we32k-* | cydra-* | ns16k-* \ - | pn-* | np1-* | xps100-* | clipper-* | orion-* | sparclite-* \ - | pdp11-* | sh-* | powerpc-* | powerpcle-* | sparc64-* | mips64-* | mipsel-* \ - | mips64el-* | mips64orion-* | mips64orionel-* | f301-*) + 580-* \ + | a29k-* \ + | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ + | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ + | alphapca5[67]-* | alpha64pca5[67]-* | amd64-* | arc-* \ + | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ + | avr-* \ + | bs2000-* \ + | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \ + | clipper-* | cydra-* \ + | d10v-* | d30v-* | dlx-* \ + | elxsi-* \ + | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \ + | h8300-* | h8500-* \ + | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ + | i*86-* | i860-* | i960-* | ia64-* \ + | ip2k-* \ + | m32r-* \ + | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ + | m88110-* | m88k-* | mcore-* \ + | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ + | mips16-* \ + | mips64-* | mips64el-* \ + | mips64vr-* | mips64vrel-* \ + | mips64orion-* | mips64orionel-* \ + | mips64vr4100-* | mips64vr4100el-* \ + | mips64vr4300-* | mips64vr4300el-* \ + | mips64vr5000-* | mips64vr5000el-* \ + | mipsisa32-* | mipsisa32el-* \ + | mipsisa32r2-* | mipsisa32r2el-* \ + | mipsisa64-* | mipsisa64el-* \ + | mipsisa64sb1-* | mipsisa64sb1el-* \ + | mipsisa64sr71k-* | mipsisa64sr71kel-* \ + | mipstx39-* | mipstx39el-* \ + | msp430-* \ + | none-* | np1-* | nv1-* | ns16k-* | ns32k-* \ + | orion-* \ + | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ + | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ + | pyramid-* \ + | romp-* | rs6000-* \ + | sh-* | sh[1234]-* | sh[23]e-* | sh[34]eb-* | shbe-* \ + | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ + | sparc-* | sparc64-* | sparc86x-* | sparclet-* | sparclite-* \ + | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \ + | tahoe-* | thumb-* \ + | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ + | tron-* \ + | v850-* | v850e-* | vax-* \ + | we32k-* \ + | x86-* | x86_64-* | xps100-* | xscale-* | xstormy16-* \ + | xtensa-* \ + | ymp-* \ + | z8k-*) ;; # Recognize the various machine names and aliases which stand # for a CPU type and a company and sometimes even an OS. + 386bsd) + basic_machine=i386-unknown + os=-bsd + ;; 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) basic_machine=m68000-att ;; 3b*) basic_machine=we32k-att ;; + a29khif) + basic_machine=a29k-amd + os=-udi + ;; + adobe68k) + basic_machine=m68010-adobe + os=-scout + ;; alliant | fx80) basic_machine=fx80-alliant ;; @@ -197,25 +373,32 @@ case $basic_machine in basic_machine=a29k-none os=-bsd ;; + amd64) + basic_machine=x86_64-pc + ;; amdahl) basic_machine=580-amdahl os=-sysv ;; amiga | amiga-*) - basic_machine=m68k-cbm + basic_machine=m68k-unknown ;; - amigados) - basic_machine=m68k-cbm - os=-amigados + amigaos | amigados) + basic_machine=m68k-unknown + os=-amigaos ;; amigaunix | amix) - basic_machine=m68k-cbm + basic_machine=m68k-unknown os=-sysv4 ;; apollo68) basic_machine=m68k-apollo os=-sysv ;; + apollo68bsd) + basic_machine=m68k-apollo + os=-bsd + ;; aux) basic_machine=m68k-apple os=-aux @@ -224,6 +407,10 @@ case $basic_machine in basic_machine=ns32k-sequent os=-dynix ;; + c90) + basic_machine=c90-cray + os=-unicos + ;; convex-c1) basic_machine=c1-convex os=-bsd @@ -244,27 +431,30 @@ case $basic_machine in basic_machine=c38-convex os=-bsd ;; - cray | ymp) - basic_machine=ymp-cray - os=-unicos - ;; - cray2) - basic_machine=cray2-cray - os=-unicos - ;; - [ctj]90-cray) - basic_machine=c90-cray + cray | j90) + basic_machine=j90-cray os=-unicos ;; crds | unos) basic_machine=m68k-crds ;; + cris | cris-* | etrax*) + basic_machine=cris-axis + ;; da30 | da30-*) basic_machine=m68k-da30 ;; decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) basic_machine=mips-dec ;; + decsystem10* | dec10*) + basic_machine=pdp10-dec + os=-tops10 + ;; + decsystem20* | dec20*) + basic_machine=pdp10-dec + os=-tops20 + ;; delta | 3300 | motorola-3300 | motorola-delta \ | 3300-motorola | delta-motorola) basic_machine=m68k-motorola @@ -292,6 +482,10 @@ case $basic_machine in encore | umax | mmax) basic_machine=ns32k-encore ;; + es1800 | OSE68k | ose68k | ose | OSE) + basic_machine=m68k-ericsson + os=-ose + ;; fx2800) basic_machine=i860-alliant ;; @@ -302,6 +496,10 @@ case $basic_machine in basic_machine=tron-gmicro os=-sysv ;; + go32) + basic_machine=i386-pc + os=-go32 + ;; h3050r* | hiux*) basic_machine=hppa1.1-hitachi os=-hiuxwe2 @@ -310,6 +508,14 @@ case $basic_machine in basic_machine=h8300-hitachi os=-hms ;; + h8300xray) + basic_machine=h8300-hitachi + os=-xray + ;; + h8500hms) + basic_machine=h8500-hitachi + os=-hms + ;; harris) basic_machine=m88k-harris os=-sysv3 @@ -325,13 +531,30 @@ case $basic_machine in basic_machine=m68k-hp os=-hpux ;; + hp3k9[0-9][0-9] | hp9[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; hp9k2[0-9][0-9] | hp9k31[0-9]) basic_machine=m68000-hp ;; hp9k3[2-9][0-9]) basic_machine=m68k-hp ;; - hp9k7[0-9][0-9] | hp7[0-9][0-9] | hp9k8[0-9]7 | hp8[0-9]7) + hp9k6[0-9][0-9] | hp6[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hp9k7[0-79][0-9] | hp7[0-79][0-9]) + basic_machine=hppa1.1-hp + ;; + hp9k78[0-9] | hp78[0-9]) + # FIXME: really hppa2.0-hp + basic_machine=hppa1.1-hp + ;; + hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) + # FIXME: really hppa2.0-hp + basic_machine=hppa1.1-hp + ;; + hp9k8[0-9][13679] | hp8[0-9][13679]) basic_machine=hppa1.1-hp ;; hp9k8[0-9][0-9] | hp8[0-9][0-9]) @@ -340,27 +563,42 @@ case $basic_machine in hppa-next) os=-nextstep3 ;; + hppaosf) + basic_machine=hppa1.1-hp + os=-osf + ;; + hppro) + basic_machine=hppa1.1-hp + os=-proelf + ;; i370-ibm* | ibm*) basic_machine=i370-ibm - os=-mvs ;; # I'm not sure what "Sysv32" means. Should this be sysv3.2? - i[3456]86v32) + i*86v32) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv32 ;; - i[3456]86v4*) + i*86v4*) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv4 ;; - i[3456]86v) + i*86v) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv ;; - i[3456]86sol2) + i*86sol2) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-solaris2 ;; + i386mach) + basic_machine=i386-mach + os=-mach + ;; + i386-vsta | vsta) + basic_machine=i386-unknown + os=-vsta + ;; iris | iris4d) basic_machine=mips-sgi case $os in @@ -386,19 +624,55 @@ case $basic_machine in basic_machine=ns32k-utek os=-sysv ;; + mingw32) + basic_machine=i386-pc + os=-mingw32 + ;; miniframe) basic_machine=m68000-convergent ;; + *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*) + basic_machine=m68k-atari + os=-mint + ;; mips3*-*) basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` ;; mips3*) basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown ;; + mmix*) + basic_machine=mmix-knuth + os=-mmixware + ;; + monitor) + basic_machine=m68k-rom68k + os=-coff + ;; + morphos) + basic_machine=powerpc-unknown + os=-morphos + ;; + msdos) + basic_machine=i386-pc + os=-msdos + ;; + mvs) + basic_machine=i370-ibm + os=-mvs + ;; ncr3000) basic_machine=i486-ncr os=-sysv4 ;; + netbsd386) + basic_machine=i386-unknown + os=-netbsd + ;; + netwinder) + basic_machine=armv4l-rebel + os=-linux + ;; news | news700 | news800 | news900) basic_machine=m68k-sony os=-newsos @@ -411,6 +685,10 @@ case $basic_machine in basic_machine=mips-sony os=-newsos ;; + necv70) + basic_machine=v70-nec + os=-sysv + ;; next | m*-next ) basic_machine=m68k-next case $os in @@ -436,9 +714,40 @@ case $basic_machine in basic_machine=i960-intel os=-nindy ;; + mon960) + basic_machine=i960-intel + os=-mon960 + ;; + nonstopux) + basic_machine=mips-compaq + os=-nonstopux + ;; np1) basic_machine=np1-gould ;; + nv1) + basic_machine=nv1-cray + os=-unicosmp + ;; + nsr-tandem) + basic_machine=nsr-tandem + ;; + op50n-* | op60c-*) + basic_machine=hppa1.1-oki + os=-proelf + ;; + or32 | or32-*) + basic_machine=or32-unknown + os=-coff + ;; + OSE68000 | ose68000) + basic_machine=m68000-ericsson + os=-ose + ;; + os68k) + basic_machine=m68k-none + os=-os68k + ;; pa-hitachi) basic_machine=hppa1.1-hitachi os=-hiuxwe2 @@ -453,53 +762,95 @@ case $basic_machine in pbb) basic_machine=m68k-tti ;; - pc532 | pc532-*) + pc532 | pc532-*) basic_machine=ns32k-pc532 ;; - pentium | p5) - basic_machine=i586-intel + pentium | p5 | k5 | k6 | nexgen | viac3) + basic_machine=i586-pc ;; - pentiumpro | p6) - basic_machine=i686-intel + pentiumpro | p6 | 6x86 | athlon | athlon_*) + basic_machine=i686-pc ;; - pentium-* | p5-*) + pentiumii | pentium2 | pentiumiii | pentium3) + basic_machine=i686-pc + ;; + pentium4) + basic_machine=i786-pc + ;; + pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` ;; - pentiumpro-* | p6-*) + pentiumpro-* | p6-* | 6x86-* | athlon-*) basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` ;; - k5) - # We don't have specific support for AMD's K5 yet, so just call it a Pentium - basic_machine=i586-amd + pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) + basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` ;; - nexen) - # We don't have specific support for Nexgen yet, so just call it a Pentium - basic_machine=i586-nexgen + pentium4-*) + basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pn) basic_machine=pn-gould ;; - power) basic_machine=rs6000-ibm + power) basic_machine=power-ibm ;; ppc) basic_machine=powerpc-unknown - ;; + ;; ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppcle | powerpclittle | ppc-le | powerpc-little) basic_machine=powerpcle-unknown - ;; + ;; ppcle-* | powerpclittle-*) basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` ;; + ppc64) basic_machine=powerpc64-unknown + ;; + ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppc64le | powerpc64little | ppc64-le | powerpc64-little) + basic_machine=powerpc64le-unknown + ;; + ppc64le-* | powerpc64little-*) + basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; ps2) basic_machine=i386-ibm ;; + pw32) + basic_machine=i586-unknown + os=-pw32 + ;; + rom68k) + basic_machine=m68k-rom68k + os=-coff + ;; rm[46]00) basic_machine=mips-siemens ;; rtpc | rtpc-*) basic_machine=romp-ibm ;; + s390 | s390-*) + basic_machine=s390-ibm + ;; + s390x | s390x-*) + basic_machine=s390x-ibm + ;; + sa29200) + basic_machine=a29k-amd + os=-udi + ;; + sb1) + basic_machine=mipsisa64sb1-unknown + ;; + sb1el) + basic_machine=mipsisa64sb1el-unknown + ;; + sei) + basic_machine=mips-sei + os=-seiux + ;; sequent) basic_machine=i386-sequent ;; @@ -507,6 +858,13 @@ case $basic_machine in basic_machine=sh-hitachi os=-hms ;; + sh64) + basic_machine=sh64-unknown + ;; + sparclite-wrs | simso-wrs) + basic_machine=sparclite-wrs + os=-vxworks + ;; sps7) basic_machine=m68k-bull os=-sysv2 @@ -514,6 +872,13 @@ case $basic_machine in spur) basic_machine=spur-unknown ;; + st2000) + basic_machine=m68k-tandem + ;; + stratus) + basic_machine=i860-stratus + os=-sysv4 + ;; sun2) basic_machine=m68000-sun ;; @@ -554,10 +919,44 @@ case $basic_machine in sun386 | sun386i | roadrunner) basic_machine=i386-sun ;; + sv1) + basic_machine=sv1-cray + os=-unicos + ;; symmetry) basic_machine=i386-sequent os=-dynix ;; + t3e) + basic_machine=alphaev5-cray + os=-unicos + ;; + t90) + basic_machine=t90-cray + os=-unicos + ;; + tic54x | c54x*) + basic_machine=tic54x-unknown + os=-coff + ;; + tic55x | c55x*) + basic_machine=tic55x-unknown + os=-coff + ;; + tic6x | c6x*) + basic_machine=tic6x-unknown + os=-coff + ;; + tx39) + basic_machine=mipstx39-unknown + ;; + tx39el) + basic_machine=mipstx39el-unknown + ;; + toad1) + basic_machine=pdp10-xkl + os=-tops20 + ;; tower | tower-32) basic_machine=m68k-ncr ;; @@ -569,6 +968,10 @@ case $basic_machine in basic_machine=a29k-nyu os=-sym1 ;; + v810 | necv810) + basic_machine=v810-nec + os=-none + ;; vaxv) basic_machine=vax-dec os=-sysv @@ -577,9 +980,9 @@ case $basic_machine in basic_machine=vax-dec os=-vms ;; - vpp*|vx|vx-*) - basic_machine=f301-fujitsu - ;; + vpp*|vx|vx-*) + basic_machine=f301-fujitsu + ;; vxworks960) basic_machine=i960-wrs os=-vxworks @@ -592,12 +995,24 @@ case $basic_machine in basic_machine=a29k-wrs os=-vxworks ;; - xmp) - basic_machine=xmp-cray + w65*) + basic_machine=w65-wdc + os=-none + ;; + w89k-*) + basic_machine=hppa1.1-winbond + os=-proelf + ;; + xps | xps100) + basic_machine=xps100-honeywell + ;; + ymp) + basic_machine=ymp-cray os=-unicos ;; - xps | xps100) - basic_machine=xps100-honeywell + z8k-*-coff) + basic_machine=z8k-unknown + os=-sim ;; none) basic_machine=none-none @@ -606,8 +1021,14 @@ case $basic_machine in # Here we handle the default manufacturer of certain CPU types. It is in # some cases the only manufacturer, in others, it is the most popular. - mips) - basic_machine=mips-mips + w89k) + basic_machine=hppa1.1-winbond + ;; + op50n) + basic_machine=hppa1.1-oki + ;; + op60c) + basic_machine=hppa1.1-oki ;; romp) basic_machine=romp-ibm @@ -618,16 +1039,26 @@ case $basic_machine in vax) basic_machine=vax-dec ;; + pdp10) + # there are many clones, so DEC is not a safe bet + basic_machine=pdp10-unknown + ;; pdp11) basic_machine=pdp11-dec ;; we32k) basic_machine=we32k-att ;; - sparc) + sh3 | sh4 | sh[34]eb | sh[1234]le | sh[23]ele) + basic_machine=sh-unknown + ;; + sh64) + basic_machine=sh64-unknown + ;; + sparc | sparcv9 | sparcv9b) basic_machine=sparc-sun ;; - cydra) + cydra) basic_machine=cydra-cydrome ;; orion) @@ -636,6 +1067,15 @@ case $basic_machine in orion105) basic_machine=clipper-highlevel ;; + mac | mpw | mac-mpw) + basic_machine=m68k-apple + ;; + pmac | pmac-mpw) + basic_machine=powerpc-apple + ;; + *-unknown) + # Make sure to match an already-canonicalized machine name. + ;; *) echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 exit 1 @@ -668,9 +1108,12 @@ case $os in -solaris) os=-solaris2 ;; - -unixware* | svr4*) + -svr4*) os=-sysv4 ;; + -unixware*) + os=-sysv4.2uw + ;; -gnu/linux*) os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` ;; @@ -681,17 +1124,46 @@ case $os in -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \ - | -amigados* | -msdos* | -newsos* | -unicos* | -aof* | -aos* \ + | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ + | -aos* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ - | -hiux* | -386bsd* | -netbsd* | -openbsd* | -freebsd* | -riscix* \ - | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* \ + | -hiux* | -386bsd* | -netbsd* | -openbsd* | -kfreebsd* | -freebsd* | -riscix* \ + | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ - | -cygwin32* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ - | -linux-gnu* | -uxpv*) + | -chorusos* | -chorusrdb* \ + | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ + | -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \ + | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ + | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ + | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ + | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ + | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ + | -powermax* | -dnix* | -nx6 | -nx7 | -sei*) # Remember, each alternative MUST END IN *, to match a version number. ;; + -qnx*) + case $basic_machine in + x86-* | i*86-*) + ;; + *) + os=-nto$os + ;; + esac + ;; + -nto-qnx*) + ;; + -nto*) + os=`echo $os | sed -e 's|nto|nto-qnx|'` + ;; + -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ + | -windows* | -osx | -abug | -netware* | -os9* | -beos* \ + | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) + ;; + -mac*) + os=`echo $os | sed -e 's|mac|macos|'` + ;; -linux*) os=`echo $os | sed -e 's|linux|linux-gnu|'` ;; @@ -701,6 +1173,12 @@ case $os in -sunos6*) os=`echo $os | sed -e 's|sunos6|solaris3|'` ;; + -opened*) + os=-openedition + ;; + -wince*) + os=-wince + ;; -osfrose*) os=-osfrose ;; @@ -716,11 +1194,23 @@ case $os in -acis*) os=-aos ;; + -atheos*) + os=-atheos + ;; + -386bsd) + os=-bsd + ;; -ctix* | -uts*) os=-sysv ;; + -nova*) + os=-rtmk-nova + ;; -ns2 ) - os=-nextstep2 + os=-nextstep2 + ;; + -nsk*) + os=-nsk ;; # Preserve the version number of sinix5. -sinix5.*) @@ -747,9 +1237,24 @@ case $os in # This must come after -sysvr4. -sysv*) ;; + -ose*) + os=-ose + ;; + -es1800*) + os=-ose + ;; -xenix) os=-xenix ;; + -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) + os=-mint + ;; + -aros*) + os=-aros + ;; + -kaos*) + os=-kaos + ;; -none) ;; *) @@ -775,10 +1280,20 @@ case $basic_machine in *-acorn) os=-riscix1.2 ;; + arm*-rebel) + os=-linux + ;; arm*-semi) os=-aout ;; - pdp11-*) + c4x-* | tic4x-*) + os=-coff + ;; + # This must come before the *-dec entry. + pdp10-*) + os=-tops20 + ;; + pdp11-*) os=-none ;; *-dec | vax-*) @@ -796,15 +1311,39 @@ case $basic_machine in # default. # os=-sunos4 ;; + m68*-cisco) + os=-aout + ;; + mips*-cisco) + os=-elf + ;; + mips*-*) + os=-elf + ;; + or32-*) + os=-coff + ;; *-tti) # must be before sparc entry or we get the wrong os. os=-sysv3 ;; sparc-* | *-sun) os=-sunos4.1.1 ;; + *-be) + os=-beos + ;; *-ibm) os=-aix ;; + *-wec) + os=-proelf + ;; + *-winbond) + os=-proelf + ;; + *-oki) + os=-proelf + ;; *-hp) os=-hpux ;; @@ -815,7 +1354,7 @@ case $basic_machine in os=-sysv ;; *-cbm) - os=-amigados + os=-amigaos ;; *-dg) os=-dgux @@ -847,27 +1386,39 @@ case $basic_machine in *-next) os=-nextstep3 ;; - *-gould) + *-gould) os=-sysv ;; - *-highlevel) + *-highlevel) os=-bsd ;; *-encore) os=-bsd ;; - *-sgi) + *-sgi) os=-irix ;; - *-siemens) + *-siemens) os=-sysv4 ;; *-masscomp) os=-rtu ;; - f301-fujitsu) + f30[01]-fujitsu | f700-fujitsu) os=-uxpv ;; + *-rom68k) + os=-coff + ;; + *-*bug) + os=-coff + ;; + *-apple) + os=-macos + ;; + *-atari*) + os=-mint + ;; *) os=-none ;; @@ -889,9 +1440,15 @@ case $basic_machine in -aix*) vendor=ibm ;; + -beos*) + vendor=be + ;; -hpux*) vendor=hp ;; + -mpeix*) + vendor=hp + ;; -hiux*) vendor=hitachi ;; @@ -907,21 +1464,41 @@ case $basic_machine in -genix*) vendor=ns ;; - -mvs*) + -mvs* | -opened*) vendor=ibm ;; -ptx*) vendor=sequent ;; - -vxsim* | -vxworks*) + -vxsim* | -vxworks* | -windiss*) vendor=wrs ;; -aux*) vendor=apple ;; + -hms*) + vendor=hitachi + ;; + -mpw* | -macos*) + vendor=apple + ;; + -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) + vendor=atari + ;; + -vos*) + vendor=stratus + ;; esac basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` ;; esac echo $basic_machine$os +exit 0 + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "timestamp='" +# time-stamp-format: "%:y-%02m-%02d" +# time-stamp-end: "'" +# End: diff --git a/contrib/nslint-3.0a2/configure b/contrib/nslint-3.0a2/configure new file mode 100755 index 0000000000..cdaf382285 --- /dev/null +++ b/contrib/nslint-3.0a2/configure @@ -0,0 +1,6885 @@ +#! /bin/sh +# From configure.in @(#) Id (LBL). +# Guess values for system-dependent variables and create Makefiles. +# Generated by GNU Autoconf 2.62. +# +# Copyright (c) 1995, 1996, 1997, 2006, 2009 +# The Regents of the University of California. All rights reserved. +# +# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, +# 2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# This configure script is free software; the Free Software Foundation +# gives unlimited permission to copy, distribute and modify it. +## --------------------- ## +## M4sh Initialization. ## +## --------------------- ## + +# Be more Bourne compatible +DUALCASE=1; export DUALCASE # for MKS sh +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in + *posix*) set -o posix ;; +esac + +fi + + + + +# PATH needs CR +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + +as_nl=' +' +export as_nl +# Printing a long string crashes Solaris 7 /usr/bin/printf. +as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo +if (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='printf %s\n' + as_echo_n='printf %s' +else + if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then + as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' + as_echo_n='/usr/ucb/echo -n' + else + as_echo_body='eval expr "X$1" : "X\\(.*\\)"' + as_echo_n_body='eval + arg=$1; + case $arg in + *"$as_nl"*) + expr "X$arg" : "X\\(.*\\)$as_nl"; + arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; + esac; + expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" + ' + export as_echo_n_body + as_echo_n='sh -c $as_echo_n_body as_echo' + fi + export as_echo_body + as_echo='sh -c $as_echo_body as_echo' +fi + +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { + (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || + PATH_SEPARATOR=';' + } +fi + +# Support unset when possible. +if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then + as_unset=unset +else + as_unset=false +fi + + +# IFS +# We need space, tab and new line, in precisely that order. Quoting is +# there to prevent editors from complaining about space-tab. +# (If _AS_PATH_WALK were called with IFS unset, it would disable word +# splitting by setting IFS to empty value.) +IFS=" "" $as_nl" + +# Find who we are. Look in the path if we contain no directory separator. +case $0 in + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break +done +IFS=$as_save_IFS + + ;; +esac +# We did not find ourselves, most probably we were run as `sh COMMAND' +# in which case we are not to be found in the path. +if test "x$as_myself" = x; then + as_myself=$0 +fi +if test ! -f "$as_myself"; then + $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 + { (exit 1); exit 1; } +fi + +# Work around bugs in pre-3.0 UWIN ksh. +for as_var in ENV MAIL MAILPATH +do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var +done +PS1='$ ' +PS2='> ' +PS4='+ ' + +# NLS nuisances. +LC_ALL=C +export LC_ALL +LANGUAGE=C +export LANGUAGE + +# Required to use basename. +if expr a : '\(a\)' >/dev/null 2>&1 && + test "X`expr 00001 : '.*\(...\)'`" = X001; then + as_expr=expr +else + as_expr=false +fi + +if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi + + +# Name of the executable. +as_me=`$as_basename -- "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ + s//\1/ + q + } + /^X\/\(\/\/\)$/{ + s//\1/ + q + } + /^X\/\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + +# CDPATH. +$as_unset CDPATH + + +if test "x$CONFIG_SHELL" = x; then + if (eval ":") 2>/dev/null; then + as_have_required=yes +else + as_have_required=no +fi + + if test $as_have_required = yes && (eval ": +(as_func_return () { + (exit \$1) +} +as_func_success () { + as_func_return 0 +} +as_func_failure () { + as_func_return 1 +} +as_func_ret_success () { + return 0 +} +as_func_ret_failure () { + return 1 +} + +exitcode=0 +if as_func_success; then + : +else + exitcode=1 + echo as_func_success failed. +fi + +if as_func_failure; then + exitcode=1 + echo as_func_failure succeeded. +fi + +if as_func_ret_success; then + : +else + exitcode=1 + echo as_func_ret_success failed. +fi + +if as_func_ret_failure; then + exitcode=1 + echo as_func_ret_failure succeeded. +fi + +if ( set x; as_func_ret_success y && test x = \"\$1\" ); then + : +else + exitcode=1 + echo positional parameters were not saved. +fi + +test \$exitcode = 0) || { (exit 1); exit 1; } + +( + as_lineno_1=\$LINENO + as_lineno_2=\$LINENO + test \"x\$as_lineno_1\" != \"x\$as_lineno_2\" && + test \"x\`expr \$as_lineno_1 + 1\`\" = \"x\$as_lineno_2\") || { (exit 1); exit 1; } +") 2> /dev/null; then + : +else + as_candidate_shells= + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + case $as_dir in + /*) + for as_base in sh bash ksh sh5; do + as_candidate_shells="$as_candidate_shells $as_dir/$as_base" + done;; + esac +done +IFS=$as_save_IFS + + + for as_shell in $as_candidate_shells $SHELL; do + # Try only shells that exist, to save several forks. + if { test -f "$as_shell" || test -f "$as_shell.exe"; } && + { ("$as_shell") 2> /dev/null <<\_ASEOF +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in + *posix*) set -o posix ;; +esac + +fi + + +: +_ASEOF +}; then + CONFIG_SHELL=$as_shell + as_have_required=yes + if { "$as_shell" 2> /dev/null <<\_ASEOF +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in + *posix*) set -o posix ;; +esac + +fi + + +: +(as_func_return () { + (exit $1) +} +as_func_success () { + as_func_return 0 +} +as_func_failure () { + as_func_return 1 +} +as_func_ret_success () { + return 0 +} +as_func_ret_failure () { + return 1 +} + +exitcode=0 +if as_func_success; then + : +else + exitcode=1 + echo as_func_success failed. +fi + +if as_func_failure; then + exitcode=1 + echo as_func_failure succeeded. +fi + +if as_func_ret_success; then + : +else + exitcode=1 + echo as_func_ret_success failed. +fi + +if as_func_ret_failure; then + exitcode=1 + echo as_func_ret_failure succeeded. +fi + +if ( set x; as_func_ret_success y && test x = "$1" ); then + : +else + exitcode=1 + echo positional parameters were not saved. +fi + +test $exitcode = 0) || { (exit 1); exit 1; } + +( + as_lineno_1=$LINENO + as_lineno_2=$LINENO + test "x$as_lineno_1" != "x$as_lineno_2" && + test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2") || { (exit 1); exit 1; } + +_ASEOF +}; then + break +fi + +fi + + done + + if test "x$CONFIG_SHELL" != x; then + for as_var in BASH_ENV ENV + do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var + done + export CONFIG_SHELL + exec "$CONFIG_SHELL" "$as_myself" ${1+"$@"} +fi + + + if test $as_have_required = no; then + echo This script requires a shell more modern than all the + echo shells that I found on your system. Please install a + echo modern shell, or manually run the script under such a + echo shell if you do have one. + { (exit 1); exit 1; } +fi + + +fi + +fi + + + +(eval "as_func_return () { + (exit \$1) +} +as_func_success () { + as_func_return 0 +} +as_func_failure () { + as_func_return 1 +} +as_func_ret_success () { + return 0 +} +as_func_ret_failure () { + return 1 +} + +exitcode=0 +if as_func_success; then + : +else + exitcode=1 + echo as_func_success failed. +fi + +if as_func_failure; then + exitcode=1 + echo as_func_failure succeeded. +fi + +if as_func_ret_success; then + : +else + exitcode=1 + echo as_func_ret_success failed. +fi + +if as_func_ret_failure; then + exitcode=1 + echo as_func_ret_failure succeeded. +fi + +if ( set x; as_func_ret_success y && test x = \"\$1\" ); then + : +else + exitcode=1 + echo positional parameters were not saved. +fi + +test \$exitcode = 0") || { + echo No shell found that supports shell functions. + echo Please tell bug-autoconf@gnu.org about your system, + echo including any error possibly output before this message. + echo This can help us improve future autoconf versions. + echo Configuration will now proceed without shell functions. +} + + + + as_lineno_1=$LINENO + as_lineno_2=$LINENO + test "x$as_lineno_1" != "x$as_lineno_2" && + test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || { + + # Create $as_me.lineno as a copy of $as_myself, but with $LINENO + # uniformly replaced by the line number. The first 'sed' inserts a + # line-number line after each line using $LINENO; the second 'sed' + # does the real work. The second script uses 'N' to pair each + # line-number line with the line containing $LINENO, and appends + # trailing '-' during substitution so that $LINENO is not a special + # case at line end. + # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the + # scripts with optimization help from Paolo Bonzini. Blame Lee + # E. McMahon (1931-1989) for sed's syntax. :-) + sed -n ' + p + /[$]LINENO/= + ' <$as_myself | + sed ' + s/[$]LINENO.*/&-/ + t lineno + b + :lineno + N + :loop + s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ + t loop + s/-\n.*// + ' >$as_me.lineno && + chmod +x "$as_me.lineno" || + { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2 + { (exit 1); exit 1; }; } + + # Don't try to exec as it changes $[0], causing all sort of problems + # (the dirname of $[0] is not the place where we might find the + # original and so on. Autoconf is especially sensitive to this). + . "./$as_me.lineno" + # Exit status is that of the last command. + exit +} + + +if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then + as_dirname=dirname +else + as_dirname=false +fi + +ECHO_C= ECHO_N= ECHO_T= +case `echo -n x` in +-n*) + case `echo 'x\c'` in + *c*) ECHO_T=' ';; # ECHO_T is single tab character. + *) ECHO_C='\c';; + esac;; +*) + ECHO_N='-n';; +esac +if expr a : '\(a\)' >/dev/null 2>&1 && + test "X`expr 00001 : '.*\(...\)'`" = X001; then + as_expr=expr +else + as_expr=false +fi + +rm -f conf$$ conf$$.exe conf$$.file +if test -d conf$$.dir; then + rm -f conf$$.dir/conf$$.file +else + rm -f conf$$.dir + mkdir conf$$.dir 2>/dev/null +fi +if (echo >conf$$.file) 2>/dev/null; then + if ln -s conf$$.file conf$$ 2>/dev/null; then + as_ln_s='ln -s' + # ... but there are two gotchas: + # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. + # In both cases, we have to default to `cp -p'. + ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || + as_ln_s='cp -p' + elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln + else + as_ln_s='cp -p' + fi +else + as_ln_s='cp -p' +fi +rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file +rmdir conf$$.dir 2>/dev/null + +if mkdir -p . 2>/dev/null; then + as_mkdir_p=: +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + +if test -x / >/dev/null 2>&1; then + as_test_x='test -x' +else + if ls -dL / >/dev/null 2>&1; then + as_ls_L_option=L + else + as_ls_L_option= + fi + as_test_x=' + eval sh -c '\'' + if test -d "$1"; then + test -d "$1/."; + else + case $1 in + -*)set "./$1";; + esac; + case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in + ???[sx]*):;;*)false;;esac;fi + '\'' sh + ' +fi +as_executable_p=$as_test_x + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + + + +exec 7<&0 &1 + +# Name of the host. +# hostname on some systems (SVR3.2, Linux) returns a bogus exit status, +# so uname gets run too. +ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` + +# +# Initializations. +# +ac_default_prefix=/usr/local +ac_clean_files= +ac_config_libobj_dir=. +LIBOBJS= +cross_compiling=no +subdirs= +MFLAGS= +MAKEFLAGS= +SHELL=${CONFIG_SHELL-/bin/sh} + +# Identity of this package. +PACKAGE_NAME= +PACKAGE_TARNAME= +PACKAGE_VERSION= +PACKAGE_STRING= +PACKAGE_BUGREPORT= + +ac_unique_file="nslint.c" +# Factoring default headers for most tests. +ac_includes_default="\ +#include +#ifdef HAVE_SYS_TYPES_H +# include +#endif +#ifdef HAVE_SYS_STAT_H +# include +#endif +#ifdef STDC_HEADERS +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif +#endif +#ifdef HAVE_STRING_H +# if !defined STDC_HEADERS && defined HAVE_MEMORY_H +# include +# endif +# include +#endif +#ifdef HAVE_STRINGS_H +# include +#endif +#ifdef HAVE_INTTYPES_H +# include +#endif +#ifdef HAVE_STDINT_H +# include +#endif +#ifdef HAVE_UNISTD_H +# include +#endif" + +ac_subst_vars='SHELL +PATH_SEPARATOR +PACKAGE_NAME +PACKAGE_TARNAME +PACKAGE_VERSION +PACKAGE_STRING +PACKAGE_BUGREPORT +exec_prefix +prefix +program_transform_name +bindir +sbindir +libexecdir +datarootdir +datadir +sysconfdir +sharedstatedir +localstatedir +includedir +oldincludedir +docdir +infodir +htmldir +dvidir +pdfdir +psdir +libdir +localedir +mandir +DEFS +ECHO_C +ECHO_N +ECHO_T +LIBS +build_alias +host_alias +target_alias +build +build_cpu +build_vendor +build_os +host +host_cpu +host_vendor +host_os +target +target_cpu +target_vendor +target_os +CC +CFLAGS +LDFLAGS +CPPFLAGS +ac_ct_CC +EXEEXT +OBJEXT +CPP +GREP +EGREP +SHLICC2 +INSTALL_PROGRAM +INSTALL_SCRIPT +INSTALL_DATA +LIBOBJS +V_CCOPT +V_INCLS +LTLIBOBJS' +ac_subst_files='' +ac_user_opts=' +enable_option_checking +enable_optimization +with_gcc +enable_largefile +' + ac_precious_vars='build_alias +host_alias +target_alias +CC +CFLAGS +LDFLAGS +LIBS +CPPFLAGS +CPP' + + +# Initialize some variables set by options. +ac_init_help= +ac_init_version=false +ac_unrecognized_opts= +ac_unrecognized_sep= +# The variables have the same names as the options, with +# dashes changed to underlines. +cache_file=/dev/null +exec_prefix=NONE +no_create= +no_recursion= +prefix=NONE +program_prefix=NONE +program_suffix=NONE +program_transform_name=s,x,x, +silent= +site= +srcdir= +verbose= +x_includes=NONE +x_libraries=NONE + +# Installation directory options. +# These are left unexpanded so users can "make install exec_prefix=/foo" +# and all the variables that are supposed to be based on exec_prefix +# by default will actually change. +# Use braces instead of parens because sh, perl, etc. also accept them. +# (The list follows the same order as the GNU Coding Standards.) +bindir='${exec_prefix}/bin' +sbindir='${exec_prefix}/sbin' +libexecdir='${exec_prefix}/libexec' +datarootdir='${prefix}/share' +datadir='${datarootdir}' +sysconfdir='${prefix}/etc' +sharedstatedir='${prefix}/com' +localstatedir='${prefix}/var' +includedir='${prefix}/include' +oldincludedir='/usr/include' +docdir='${datarootdir}/doc/${PACKAGE}' +infodir='${datarootdir}/info' +htmldir='${docdir}' +dvidir='${docdir}' +pdfdir='${docdir}' +psdir='${docdir}' +libdir='${exec_prefix}/lib' +localedir='${datarootdir}/locale' +mandir='${datarootdir}/man' + +ac_prev= +ac_dashdash= +for ac_option +do + # If the previous option needs an argument, assign it. + if test -n "$ac_prev"; then + eval $ac_prev=\$ac_option + ac_prev= + continue + fi + + case $ac_option in + *=*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; + *) ac_optarg=yes ;; + esac + + # Accept the important Cygnus configure options, so we can diagnose typos. + + case $ac_dashdash$ac_option in + --) + ac_dashdash=yes ;; + + -bindir | --bindir | --bindi | --bind | --bin | --bi) + ac_prev=bindir ;; + -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) + bindir=$ac_optarg ;; + + -build | --build | --buil | --bui | --bu) + ac_prev=build_alias ;; + -build=* | --build=* | --buil=* | --bui=* | --bu=*) + build_alias=$ac_optarg ;; + + -cache-file | --cache-file | --cache-fil | --cache-fi \ + | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) + ac_prev=cache_file ;; + -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ + | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) + cache_file=$ac_optarg ;; + + --config-cache | -C) + cache_file=config.cache ;; + + -datadir | --datadir | --datadi | --datad) + ac_prev=datadir ;; + -datadir=* | --datadir=* | --datadi=* | --datad=*) + datadir=$ac_optarg ;; + + -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \ + | --dataroo | --dataro | --datar) + ac_prev=datarootdir ;; + -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \ + | --dataroot=* | --dataroo=* | --dataro=* | --datar=*) + datarootdir=$ac_optarg ;; + + -disable-* | --disable-*) + ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + { $as_echo "$as_me: error: invalid feature name: $ac_useropt" >&2 + { (exit 1); exit 1; }; } + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"enable_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval enable_$ac_useropt=no ;; + + -docdir | --docdir | --docdi | --doc | --do) + ac_prev=docdir ;; + -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*) + docdir=$ac_optarg ;; + + -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv) + ac_prev=dvidir ;; + -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*) + dvidir=$ac_optarg ;; + + -enable-* | --enable-*) + ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + { $as_echo "$as_me: error: invalid feature name: $ac_useropt" >&2 + { (exit 1); exit 1; }; } + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"enable_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval enable_$ac_useropt=\$ac_optarg ;; + + -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ + | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ + | --exec | --exe | --ex) + ac_prev=exec_prefix ;; + -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ + | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ + | --exec=* | --exe=* | --ex=*) + exec_prefix=$ac_optarg ;; + + -gas | --gas | --ga | --g) + # Obsolete; use --with-gas. + with_gas=yes ;; + + -help | --help | --hel | --he | -h) + ac_init_help=long ;; + -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) + ac_init_help=recursive ;; + -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) + ac_init_help=short ;; + + -host | --host | --hos | --ho) + ac_prev=host_alias ;; + -host=* | --host=* | --hos=* | --ho=*) + host_alias=$ac_optarg ;; + + -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht) + ac_prev=htmldir ;; + -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \ + | --ht=*) + htmldir=$ac_optarg ;; + + -includedir | --includedir | --includedi | --included | --include \ + | --includ | --inclu | --incl | --inc) + ac_prev=includedir ;; + -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ + | --includ=* | --inclu=* | --incl=* | --inc=*) + includedir=$ac_optarg ;; + + -infodir | --infodir | --infodi | --infod | --info | --inf) + ac_prev=infodir ;; + -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) + infodir=$ac_optarg ;; + + -libdir | --libdir | --libdi | --libd) + ac_prev=libdir ;; + -libdir=* | --libdir=* | --libdi=* | --libd=*) + libdir=$ac_optarg ;; + + -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ + | --libexe | --libex | --libe) + ac_prev=libexecdir ;; + -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ + | --libexe=* | --libex=* | --libe=*) + libexecdir=$ac_optarg ;; + + -localedir | --localedir | --localedi | --localed | --locale) + ac_prev=localedir ;; + -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*) + localedir=$ac_optarg ;; + + -localstatedir | --localstatedir | --localstatedi | --localstated \ + | --localstate | --localstat | --localsta | --localst | --locals) + ac_prev=localstatedir ;; + -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ + | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*) + localstatedir=$ac_optarg ;; + + -mandir | --mandir | --mandi | --mand | --man | --ma | --m) + ac_prev=mandir ;; + -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) + mandir=$ac_optarg ;; + + -nfp | --nfp | --nf) + # Obsolete; use --without-fp. + with_fp=no ;; + + -no-create | --no-create | --no-creat | --no-crea | --no-cre \ + | --no-cr | --no-c | -n) + no_create=yes ;; + + -no-recursion | --no-recursion | --no-recursio | --no-recursi \ + | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) + no_recursion=yes ;; + + -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ + | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ + | --oldin | --oldi | --old | --ol | --o) + ac_prev=oldincludedir ;; + -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ + | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ + | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) + oldincludedir=$ac_optarg ;; + + -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) + ac_prev=prefix ;; + -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) + prefix=$ac_optarg ;; + + -program-prefix | --program-prefix | --program-prefi | --program-pref \ + | --program-pre | --program-pr | --program-p) + ac_prev=program_prefix ;; + -program-prefix=* | --program-prefix=* | --program-prefi=* \ + | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) + program_prefix=$ac_optarg ;; + + -program-suffix | --program-suffix | --program-suffi | --program-suff \ + | --program-suf | --program-su | --program-s) + ac_prev=program_suffix ;; + -program-suffix=* | --program-suffix=* | --program-suffi=* \ + | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) + program_suffix=$ac_optarg ;; + + -program-transform-name | --program-transform-name \ + | --program-transform-nam | --program-transform-na \ + | --program-transform-n | --program-transform- \ + | --program-transform | --program-transfor \ + | --program-transfo | --program-transf \ + | --program-trans | --program-tran \ + | --progr-tra | --program-tr | --program-t) + ac_prev=program_transform_name ;; + -program-transform-name=* | --program-transform-name=* \ + | --program-transform-nam=* | --program-transform-na=* \ + | --program-transform-n=* | --program-transform-=* \ + | --program-transform=* | --program-transfor=* \ + | --program-transfo=* | --program-transf=* \ + | --program-trans=* | --program-tran=* \ + | --progr-tra=* | --program-tr=* | --program-t=*) + program_transform_name=$ac_optarg ;; + + -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd) + ac_prev=pdfdir ;; + -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*) + pdfdir=$ac_optarg ;; + + -psdir | --psdir | --psdi | --psd | --ps) + ac_prev=psdir ;; + -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*) + psdir=$ac_optarg ;; + + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + silent=yes ;; + + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) + ac_prev=sbindir ;; + -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ + | --sbi=* | --sb=*) + sbindir=$ac_optarg ;; + + -sharedstatedir | --sharedstatedir | --sharedstatedi \ + | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ + | --sharedst | --shareds | --shared | --share | --shar \ + | --sha | --sh) + ac_prev=sharedstatedir ;; + -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ + | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ + | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ + | --sha=* | --sh=*) + sharedstatedir=$ac_optarg ;; + + -site | --site | --sit) + ac_prev=site ;; + -site=* | --site=* | --sit=*) + site=$ac_optarg ;; + + -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) + ac_prev=srcdir ;; + -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) + srcdir=$ac_optarg ;; + + -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ + | --syscon | --sysco | --sysc | --sys | --sy) + ac_prev=sysconfdir ;; + -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ + | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) + sysconfdir=$ac_optarg ;; + + -target | --target | --targe | --targ | --tar | --ta | --t) + ac_prev=target_alias ;; + -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) + target_alias=$ac_optarg ;; + + -v | -verbose | --verbose | --verbos | --verbo | --verb) + verbose=yes ;; + + -version | --version | --versio | --versi | --vers | -V) + ac_init_version=: ;; + + -with-* | --with-*) + ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + { $as_echo "$as_me: error: invalid package name: $ac_useropt" >&2 + { (exit 1); exit 1; }; } + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"with_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval with_$ac_useropt=\$ac_optarg ;; + + -without-* | --without-*) + ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + { $as_echo "$as_me: error: invalid package name: $ac_useropt" >&2 + { (exit 1); exit 1; }; } + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"with_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval with_$ac_useropt=no ;; + + --x) + # Obsolete; use --with-x. + with_x=yes ;; + + -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ + | --x-incl | --x-inc | --x-in | --x-i) + ac_prev=x_includes ;; + -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ + | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) + x_includes=$ac_optarg ;; + + -x-libraries | --x-libraries | --x-librarie | --x-librari \ + | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) + ac_prev=x_libraries ;; + -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ + | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) + x_libraries=$ac_optarg ;; + + -*) { $as_echo "$as_me: error: unrecognized option: $ac_option +Try \`$0 --help' for more information." >&2 + { (exit 1); exit 1; }; } + ;; + + *=*) + ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` + # Reject names that are not valid shell variable names. + expr "x$ac_envvar" : ".*[^_$as_cr_alnum]" >/dev/null && + { $as_echo "$as_me: error: invalid variable name: $ac_envvar" >&2 + { (exit 1); exit 1; }; } + eval $ac_envvar=\$ac_optarg + export $ac_envvar ;; + + *) + # FIXME: should be removed in autoconf 3.0. + $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2 + expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && + $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2 + : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option} + ;; + + esac +done + +if test -n "$ac_prev"; then + ac_option=--`echo $ac_prev | sed 's/_/-/g'` + { $as_echo "$as_me: error: missing argument to $ac_option" >&2 + { (exit 1); exit 1; }; } +fi + +if test -n "$ac_unrecognized_opts"; then + case $enable_option_checking in + no) ;; + fatal) { $as_echo "$as_me: error: Unrecognized options: $ac_unrecognized_opts" >&2 + { (exit 1); exit 1; }; } ;; + *) $as_echo "$as_me: WARNING: Unrecognized options: $ac_unrecognized_opts" >&2 ;; + esac +fi + +# Check all directory arguments for consistency. +for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ + datadir sysconfdir sharedstatedir localstatedir includedir \ + oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ + libdir localedir mandir +do + eval ac_val=\$$ac_var + # Remove trailing slashes. + case $ac_val in + */ ) + ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'` + eval $ac_var=\$ac_val;; + esac + # Be sure to have absolute directory names. + case $ac_val in + [\\/$]* | ?:[\\/]* ) continue;; + NONE | '' ) case $ac_var in *prefix ) continue;; esac;; + esac + { $as_echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2 + { (exit 1); exit 1; }; } +done + +# There might be people who depend on the old broken behavior: `$host' +# used to hold the argument of --host etc. +# FIXME: To remove some day. +build=$build_alias +host=$host_alias +target=$target_alias + +# FIXME: To remove some day. +if test "x$host_alias" != x; then + if test "x$build_alias" = x; then + cross_compiling=maybe + $as_echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host. + If a cross compiler is detected then cross compile mode will be used." >&2 + elif test "x$build_alias" != "x$host_alias"; then + cross_compiling=yes + fi +fi + +ac_tool_prefix= +test -n "$host_alias" && ac_tool_prefix=$host_alias- + +test "$silent" = yes && exec 6>/dev/null + + +ac_pwd=`pwd` && test -n "$ac_pwd" && +ac_ls_di=`ls -di .` && +ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || + { $as_echo "$as_me: error: Working directory cannot be determined" >&2 + { (exit 1); exit 1; }; } +test "X$ac_ls_di" = "X$ac_pwd_ls_di" || + { $as_echo "$as_me: error: pwd does not report name of working directory" >&2 + { (exit 1); exit 1; }; } + + +# Find the source files, if location was not specified. +if test -z "$srcdir"; then + ac_srcdir_defaulted=yes + # Try the directory containing this script, then the parent directory. + ac_confdir=`$as_dirname -- "$as_myself" || +$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_myself" : 'X\(//\)[^/]' \| \ + X"$as_myself" : 'X\(//\)$' \| \ + X"$as_myself" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_myself" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + srcdir=$ac_confdir + if test ! -r "$srcdir/$ac_unique_file"; then + srcdir=.. + fi +else + ac_srcdir_defaulted=no +fi +if test ! -r "$srcdir/$ac_unique_file"; then + test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." + { $as_echo "$as_me: error: cannot find sources ($ac_unique_file) in $srcdir" >&2 + { (exit 1); exit 1; }; } +fi +ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" +ac_abs_confdir=`( + cd "$srcdir" && test -r "./$ac_unique_file" || { $as_echo "$as_me: error: $ac_msg" >&2 + { (exit 1); exit 1; }; } + pwd)` +# When building in place, set srcdir=. +if test "$ac_abs_confdir" = "$ac_pwd"; then + srcdir=. +fi +# Remove unnecessary trailing slashes from srcdir. +# Double slashes in file names in object file debugging info +# mess up M-x gdb in Emacs. +case $srcdir in +*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;; +esac +for ac_var in $ac_precious_vars; do + eval ac_env_${ac_var}_set=\${${ac_var}+set} + eval ac_env_${ac_var}_value=\$${ac_var} + eval ac_cv_env_${ac_var}_set=\${${ac_var}+set} + eval ac_cv_env_${ac_var}_value=\$${ac_var} +done + +# +# Report the --help message. +# +if test "$ac_init_help" = "long"; then + # Omit some internal or obsolete options to make the list less imposing. + # This message is too long to be a string in the A/UX 3.1 sh. + cat <<_ACEOF +\`configure' configures this package to adapt to many kinds of systems. + +Usage: $0 [OPTION]... [VAR=VALUE]... + +To assign environment variables (e.g., CC, CFLAGS...), specify them as +VAR=VALUE. See below for descriptions of some of the useful variables. + +Defaults for the options are specified in brackets. + +Configuration: + -h, --help display this help and exit + --help=short display options specific to this package + --help=recursive display the short help of all the included packages + -V, --version display version information and exit + -q, --quiet, --silent do not print \`checking...' messages + --cache-file=FILE cache test results in FILE [disabled] + -C, --config-cache alias for \`--cache-file=config.cache' + -n, --no-create do not create output files + --srcdir=DIR find the sources in DIR [configure dir or \`..'] + +Installation directories: + --prefix=PREFIX install architecture-independent files in PREFIX + [$ac_default_prefix] + --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX + [PREFIX] + +By default, \`make install' will install all the files in +\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify +an installation prefix other than \`$ac_default_prefix' using \`--prefix', +for instance \`--prefix=\$HOME'. + +For better control, use the options below. + +Fine tuning of the installation directories: + --bindir=DIR user executables [EPREFIX/bin] + --sbindir=DIR system admin executables [EPREFIX/sbin] + --libexecdir=DIR program executables [EPREFIX/libexec] + --sysconfdir=DIR read-only single-machine data [PREFIX/etc] + --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] + --localstatedir=DIR modifiable single-machine data [PREFIX/var] + --libdir=DIR object code libraries [EPREFIX/lib] + --includedir=DIR C header files [PREFIX/include] + --oldincludedir=DIR C header files for non-gcc [/usr/include] + --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] + --datadir=DIR read-only architecture-independent data [DATAROOTDIR] + --infodir=DIR info documentation [DATAROOTDIR/info] + --localedir=DIR locale-dependent data [DATAROOTDIR/locale] + --mandir=DIR man documentation [DATAROOTDIR/man] + --docdir=DIR documentation root [DATAROOTDIR/doc/PACKAGE] + --htmldir=DIR html documentation [DOCDIR] + --dvidir=DIR dvi documentation [DOCDIR] + --pdfdir=DIR pdf documentation [DOCDIR] + --psdir=DIR ps documentation [DOCDIR] +_ACEOF + + cat <<\_ACEOF + +System types: + --build=BUILD configure for building on BUILD [guessed] + --host=HOST cross-compile to build programs to run on HOST [BUILD] + --target=TARGET configure for building compilers for TARGET [HOST] +_ACEOF +fi + +if test -n "$ac_init_help"; then + + cat <<\_ACEOF + +Optional Features: + --disable-option-checking ignore unrecognized --enable/--with options + --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) + --enable-FEATURE[=ARG] include FEATURE [ARG=yes] + --disable-optimization turn off gcc optimization + --disable-largefile omit support for large files + +Optional Packages: + --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] + --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) + --without-gcc don't use gcc + +Some influential environment variables: + CC C compiler command + CFLAGS C compiler flags + LDFLAGS linker flags, e.g. -L if you have libraries in a + nonstandard directory + LIBS libraries to pass to the linker, e.g. -l + CPPFLAGS C/C++/Objective C preprocessor flags, e.g. -I if + you have headers in a nonstandard directory + CPP C preprocessor + +Use these variables to override the choices made by `configure' or to help +it to find libraries and programs with nonstandard names/locations. + +_ACEOF +ac_status=$? +fi + +if test "$ac_init_help" = "recursive"; then + # If there are subdirs, report their specific --help. + for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue + test -d "$ac_dir" || + { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } || + continue + ac_builddir=. + +case "$ac_dir" in +.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; +*) + ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` + # A ".." for each directory in $ac_dir_suffix. + ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` + case $ac_top_builddir_sub in + "") ac_top_builddir_sub=. ac_top_build_prefix= ;; + *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; + esac ;; +esac +ac_abs_top_builddir=$ac_pwd +ac_abs_builddir=$ac_pwd$ac_dir_suffix +# for backward compatibility: +ac_top_builddir=$ac_top_build_prefix + +case $srcdir in + .) # We are building in place. + ac_srcdir=. + ac_top_srcdir=$ac_top_builddir_sub + ac_abs_top_srcdir=$ac_pwd ;; + [\\/]* | ?:[\\/]* ) # Absolute name. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir + ac_abs_top_srcdir=$srcdir ;; + *) # Relative name. + ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_build_prefix$srcdir + ac_abs_top_srcdir=$ac_pwd/$srcdir ;; +esac +ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix + + cd "$ac_dir" || { ac_status=$?; continue; } + # Check for guested configure. + if test -f "$ac_srcdir/configure.gnu"; then + echo && + $SHELL "$ac_srcdir/configure.gnu" --help=recursive + elif test -f "$ac_srcdir/configure"; then + echo && + $SHELL "$ac_srcdir/configure" --help=recursive + else + $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 + fi || ac_status=$? + cd "$ac_pwd" || { ac_status=$?; break; } + done +fi + +test -n "$ac_init_help" && exit $ac_status +if $ac_init_version; then + cat <<\_ACEOF +configure +generated by GNU Autoconf 2.62 + +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, +2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +This configure script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it. + +Copyright (c) 1995, 1996, 1997, 2006, 2009 + The Regents of the University of California. All rights reserved. +_ACEOF + exit +fi +cat >config.log <<_ACEOF +This file contains any messages produced by compilers while +running configure, to aid debugging if configure makes a mistake. + +It was created by $as_me, which was +generated by GNU Autoconf 2.62. Invocation command line was + + $ $0 $@ + +_ACEOF +exec 5>>config.log +{ +cat <<_ASUNAME +## --------- ## +## Platform. ## +## --------- ## + +hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` +uname -m = `(uname -m) 2>/dev/null || echo unknown` +uname -r = `(uname -r) 2>/dev/null || echo unknown` +uname -s = `(uname -s) 2>/dev/null || echo unknown` +uname -v = `(uname -v) 2>/dev/null || echo unknown` + +/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` +/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` + +/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` +/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` +/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` +/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown` +/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` +/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` +/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` + +_ASUNAME + +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + $as_echo "PATH: $as_dir" +done +IFS=$as_save_IFS + +} >&5 + +cat >&5 <<_ACEOF + + +## ----------- ## +## Core tests. ## +## ----------- ## + +_ACEOF + + +# Keep a trace of the command line. +# Strip out --no-create and --no-recursion so they do not pile up. +# Strip out --silent because we don't want to record it for future runs. +# Also quote any args containing shell meta-characters. +# Make two passes to allow for proper duplicate-argument suppression. +ac_configure_args= +ac_configure_args0= +ac_configure_args1= +ac_must_keep_next=false +for ac_pass in 1 2 +do + for ac_arg + do + case $ac_arg in + -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + continue ;; + *\'*) + ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + case $ac_pass in + 1) ac_configure_args0="$ac_configure_args0 '$ac_arg'" ;; + 2) + ac_configure_args1="$ac_configure_args1 '$ac_arg'" + if test $ac_must_keep_next = true; then + ac_must_keep_next=false # Got value, back to normal. + else + case $ac_arg in + *=* | --config-cache | -C | -disable-* | --disable-* \ + | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ + | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ + | -with-* | --with-* | -without-* | --without-* | --x) + case "$ac_configure_args0 " in + "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; + esac + ;; + -* ) ac_must_keep_next=true ;; + esac + fi + ac_configure_args="$ac_configure_args '$ac_arg'" + ;; + esac + done +done +$as_unset ac_configure_args0 || test "${ac_configure_args0+set}" != set || { ac_configure_args0=; export ac_configure_args0; } +$as_unset ac_configure_args1 || test "${ac_configure_args1+set}" != set || { ac_configure_args1=; export ac_configure_args1; } + +# When interrupted or exit'd, cleanup temporary files, and complete +# config.log. We remove comments because anyway the quotes in there +# would cause problems or look ugly. +# WARNING: Use '\'' to represent an apostrophe within the trap. +# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug. +trap 'exit_status=$? + # Save into config.log some information that might help in debugging. + { + echo + + cat <<\_ASBOX +## ---------------- ## +## Cache variables. ## +## ---------------- ## +_ASBOX + echo + # The following way of writing the cache mishandles newlines in values, +( + for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do + eval ac_val=\$$ac_var + case $ac_val in #( + *${as_nl}*) + case $ac_var in #( + *_cv_*) { $as_echo "$as_me:$LINENO: WARNING: Cache variable $ac_var contains a newline." >&5 +$as_echo "$as_me: WARNING: Cache variable $ac_var contains a newline." >&2;} ;; + esac + case $ac_var in #( + _ | IFS | as_nl) ;; #( + BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( + *) $as_unset $ac_var ;; + esac ;; + esac + done + (set) 2>&1 | + case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #( + *${as_nl}ac_space=\ *) + sed -n \ + "s/'\''/'\''\\\\'\'''\''/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p" + ;; #( + *) + sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" + ;; + esac | + sort +) + echo + + cat <<\_ASBOX +## ----------------- ## +## Output variables. ## +## ----------------- ## +_ASBOX + echo + for ac_var in $ac_subst_vars + do + eval ac_val=\$$ac_var + case $ac_val in + *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; + esac + $as_echo "$ac_var='\''$ac_val'\''" + done | sort + echo + + if test -n "$ac_subst_files"; then + cat <<\_ASBOX +## ------------------- ## +## File substitutions. ## +## ------------------- ## +_ASBOX + echo + for ac_var in $ac_subst_files + do + eval ac_val=\$$ac_var + case $ac_val in + *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; + esac + $as_echo "$ac_var='\''$ac_val'\''" + done | sort + echo + fi + + if test -s confdefs.h; then + cat <<\_ASBOX +## ----------- ## +## confdefs.h. ## +## ----------- ## +_ASBOX + echo + cat confdefs.h + echo + fi + test "$ac_signal" != 0 && + $as_echo "$as_me: caught signal $ac_signal" + $as_echo "$as_me: exit $exit_status" + } >&5 + rm -f core *.core core.conftest.* && + rm -f -r conftest* confdefs* conf$$* $ac_clean_files && + exit $exit_status +' 0 +for ac_signal in 1 2 13 15; do + trap 'ac_signal='$ac_signal'; { (exit 1); exit 1; }' $ac_signal +done +ac_signal=0 + +# confdefs.h avoids OS command line length limits that DEFS can exceed. +rm -f -r conftest* confdefs.h + +# Predefined preprocessor variables. + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_NAME "$PACKAGE_NAME" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_TARNAME "$PACKAGE_TARNAME" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_VERSION "$PACKAGE_VERSION" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_STRING "$PACKAGE_STRING" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" +_ACEOF + + +# Let the site file select an alternate cache file if it wants to. +# Prefer an explicitly selected file to automatically selected ones. +ac_site_file1=NONE +ac_site_file2=NONE +if test -n "$CONFIG_SITE"; then + ac_site_file1=$CONFIG_SITE +elif test "x$prefix" != xNONE; then + ac_site_file1=$prefix/share/config.site + ac_site_file2=$prefix/etc/config.site +else + ac_site_file1=$ac_default_prefix/share/config.site + ac_site_file2=$ac_default_prefix/etc/config.site +fi +for ac_site_file in "$ac_site_file1" "$ac_site_file2" +do + test "x$ac_site_file" = xNONE && continue + if test -r "$ac_site_file"; then + { $as_echo "$as_me:$LINENO: loading site script $ac_site_file" >&5 +$as_echo "$as_me: loading site script $ac_site_file" >&6;} + sed 's/^/| /' "$ac_site_file" >&5 + . "$ac_site_file" + fi +done + +if test -r "$cache_file"; then + # Some versions of bash will fail to source /dev/null (special + # files actually), so we avoid doing that. + if test -f "$cache_file"; then + { $as_echo "$as_me:$LINENO: loading cache $cache_file" >&5 +$as_echo "$as_me: loading cache $cache_file" >&6;} + case $cache_file in + [\\/]* | ?:[\\/]* ) . "$cache_file";; + *) . "./$cache_file";; + esac + fi +else + { $as_echo "$as_me:$LINENO: creating cache $cache_file" >&5 +$as_echo "$as_me: creating cache $cache_file" >&6;} + >$cache_file +fi + +# Check that the precious variables saved in the cache have kept the same +# value. +ac_cache_corrupted=false +for ac_var in $ac_precious_vars; do + eval ac_old_set=\$ac_cv_env_${ac_var}_set + eval ac_new_set=\$ac_env_${ac_var}_set + eval ac_old_val=\$ac_cv_env_${ac_var}_value + eval ac_new_val=\$ac_env_${ac_var}_value + case $ac_old_set,$ac_new_set in + set,) + { $as_echo "$as_me:$LINENO: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 +$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,set) + { $as_echo "$as_me:$LINENO: error: \`$ac_var' was not set in the previous run" >&5 +$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,);; + *) + if test "x$ac_old_val" != "x$ac_new_val"; then + # differences in whitespace do not lead to failure. + ac_old_val_w=`echo x $ac_old_val` + ac_new_val_w=`echo x $ac_new_val` + if test "$ac_old_val_w" != "$ac_new_val_w"; then + { $as_echo "$as_me:$LINENO: error: \`$ac_var' has changed since the previous run:" >&5 +$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} + ac_cache_corrupted=: + else + { $as_echo "$as_me:$LINENO: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 +$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} + eval $ac_var=\$ac_old_val + fi + { $as_echo "$as_me:$LINENO: former value: \`$ac_old_val'" >&5 +$as_echo "$as_me: former value: \`$ac_old_val'" >&2;} + { $as_echo "$as_me:$LINENO: current value: \`$ac_new_val'" >&5 +$as_echo "$as_me: current value: \`$ac_new_val'" >&2;} + fi;; + esac + # Pass precious variables to config.status. + if test "$ac_new_set" = set; then + case $ac_new_val in + *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; + *) ac_arg=$ac_var=$ac_new_val ;; + esac + case " $ac_configure_args " in + *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. + *) ac_configure_args="$ac_configure_args '$ac_arg'" ;; + esac + fi +done +if $ac_cache_corrupted; then + { $as_echo "$as_me:$LINENO: error: changes in the environment can compromise the build" >&5 +$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;} + { { $as_echo "$as_me:$LINENO: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&5 +$as_echo "$as_me: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&2;} + { (exit 1); exit 1; }; } +fi + + + + + + + + + + + + + + + + + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + + + +ac_aux_dir= +for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do + if test -f "$ac_dir/install-sh"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install-sh -c" + break + elif test -f "$ac_dir/install.sh"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install.sh -c" + break + elif test -f "$ac_dir/shtool"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/shtool install -c" + break + fi +done +if test -z "$ac_aux_dir"; then + { { $as_echo "$as_me:$LINENO: error: cannot find install-sh or install.sh in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" >&5 +$as_echo "$as_me: error: cannot find install-sh or install.sh in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" >&2;} + { (exit 1); exit 1; }; } +fi + +# These three variables are undocumented and unsupported, +# and are intended to be withdrawn in a future Autoconf release. +# They can cause serious problems if a builder's source tree is in a directory +# whose full name contains unusual characters. +ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var. +ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var. +ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. + + +# Make sure we can run config.sub. +$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 || + { { $as_echo "$as_me:$LINENO: error: cannot run $SHELL $ac_aux_dir/config.sub" >&5 +$as_echo "$as_me: error: cannot run $SHELL $ac_aux_dir/config.sub" >&2;} + { (exit 1); exit 1; }; } + +{ $as_echo "$as_me:$LINENO: checking build system type" >&5 +$as_echo_n "checking build system type... " >&6; } +if test "${ac_cv_build+set}" = set; then + $as_echo_n "(cached) " >&6 +else + ac_build_alias=$build_alias +test "x$ac_build_alias" = x && + ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"` +test "x$ac_build_alias" = x && + { { $as_echo "$as_me:$LINENO: error: cannot guess build type; you must specify one" >&5 +$as_echo "$as_me: error: cannot guess build type; you must specify one" >&2;} + { (exit 1); exit 1; }; } +ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` || + { { $as_echo "$as_me:$LINENO: error: $SHELL $ac_aux_dir/config.sub $ac_build_alias failed" >&5 +$as_echo "$as_me: error: $SHELL $ac_aux_dir/config.sub $ac_build_alias failed" >&2;} + { (exit 1); exit 1; }; } + +fi +{ $as_echo "$as_me:$LINENO: result: $ac_cv_build" >&5 +$as_echo "$ac_cv_build" >&6; } +case $ac_cv_build in +*-*-*) ;; +*) { { $as_echo "$as_me:$LINENO: error: invalid value of canonical build" >&5 +$as_echo "$as_me: error: invalid value of canonical build" >&2;} + { (exit 1); exit 1; }; };; +esac +build=$ac_cv_build +ac_save_IFS=$IFS; IFS='-' +set x $ac_cv_build +shift +build_cpu=$1 +build_vendor=$2 +shift; shift +# Remember, the first character of IFS is used to create $*, +# except with old shells: +build_os=$* +IFS=$ac_save_IFS +case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac + + +{ $as_echo "$as_me:$LINENO: checking host system type" >&5 +$as_echo_n "checking host system type... " >&6; } +if test "${ac_cv_host+set}" = set; then + $as_echo_n "(cached) " >&6 +else + if test "x$host_alias" = x; then + ac_cv_host=$ac_cv_build +else + ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` || + { { $as_echo "$as_me:$LINENO: error: $SHELL $ac_aux_dir/config.sub $host_alias failed" >&5 +$as_echo "$as_me: error: $SHELL $ac_aux_dir/config.sub $host_alias failed" >&2;} + { (exit 1); exit 1; }; } +fi + +fi +{ $as_echo "$as_me:$LINENO: result: $ac_cv_host" >&5 +$as_echo "$ac_cv_host" >&6; } +case $ac_cv_host in +*-*-*) ;; +*) { { $as_echo "$as_me:$LINENO: error: invalid value of canonical host" >&5 +$as_echo "$as_me: error: invalid value of canonical host" >&2;} + { (exit 1); exit 1; }; };; +esac +host=$ac_cv_host +ac_save_IFS=$IFS; IFS='-' +set x $ac_cv_host +shift +host_cpu=$1 +host_vendor=$2 +shift; shift +# Remember, the first character of IFS is used to create $*, +# except with old shells: +host_os=$* +IFS=$ac_save_IFS +case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac + + +{ $as_echo "$as_me:$LINENO: checking target system type" >&5 +$as_echo_n "checking target system type... " >&6; } +if test "${ac_cv_target+set}" = set; then + $as_echo_n "(cached) " >&6 +else + if test "x$target_alias" = x; then + ac_cv_target=$ac_cv_host +else + ac_cv_target=`$SHELL "$ac_aux_dir/config.sub" $target_alias` || + { { $as_echo "$as_me:$LINENO: error: $SHELL $ac_aux_dir/config.sub $target_alias failed" >&5 +$as_echo "$as_me: error: $SHELL $ac_aux_dir/config.sub $target_alias failed" >&2;} + { (exit 1); exit 1; }; } +fi + +fi +{ $as_echo "$as_me:$LINENO: result: $ac_cv_target" >&5 +$as_echo "$ac_cv_target" >&6; } +case $ac_cv_target in +*-*-*) ;; +*) { { $as_echo "$as_me:$LINENO: error: invalid value of canonical target" >&5 +$as_echo "$as_me: error: invalid value of canonical target" >&2;} + { (exit 1); exit 1; }; };; +esac +target=$ac_cv_target +ac_save_IFS=$IFS; IFS='-' +set x $ac_cv_target +shift +target_cpu=$1 +target_vendor=$2 +shift; shift +# Remember, the first character of IFS is used to create $*, +# except with old shells: +target_os=$* +IFS=$ac_save_IFS +case $target_os in *\ *) target_os=`echo "$target_os" | sed 's/ /-/g'`;; esac + + +# The aliases save the names the user supplied, while $host etc. +# will get canonicalized. +test -n "$target_alias" && + test "$program_prefix$program_suffix$program_transform_name" = \ + NONENONEs,x,x, && + program_prefix=${target_alias}- + +umask 002 + +if test -z "$PWD" ; then + PWD=`pwd` +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. +set dummy ${ac_tool_prefix}gcc; ac_word=$2 +{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_CC+set}" = set; then + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_CC="${ac_tool_prefix}gcc" + $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:$LINENO: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:$LINENO: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_CC"; then + ac_ct_CC=$CC + # Extract the first word of "gcc", so it can be a program name with args. +set dummy gcc; ac_word=$2 +{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_ac_ct_CC+set}" = set; then + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_CC="gcc" + $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + { $as_echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 +$as_echo "$ac_ct_CC" >&6; } +else + { $as_echo "$as_me:$LINENO: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_CC" = x; then + CC="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools +whose name does not start with the host triplet. If you think this +configuration is useful to you, please write to autoconf@gnu.org." >&5 +$as_echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools +whose name does not start with the host triplet. If you think this +configuration is useful to you, please write to autoconf@gnu.org." >&2;} +ac_tool_warned=yes ;; +esac + CC=$ac_ct_CC + fi +else + CC="$ac_cv_prog_CC" +fi + +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. +set dummy ${ac_tool_prefix}cc; ac_word=$2 +{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_CC+set}" = set; then + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_CC="${ac_tool_prefix}cc" + $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:$LINENO: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:$LINENO: result: no" >&5 +$as_echo "no" >&6; } +fi + + + fi +fi +if test -z "$CC"; then + # Extract the first word of "cc", so it can be a program name with args. +set dummy cc; ac_word=$2 +{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_CC+set}" = set; then + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + ac_prog_rejected=no +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then + ac_prog_rejected=yes + continue + fi + ac_cv_prog_CC="cc" + $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +if test $ac_prog_rejected = yes; then + # We found a bogon in the path, so make sure we never use it. + set dummy $ac_cv_prog_CC + shift + if test $# != 0; then + # We chose a different compiler from the bogus one. + # However, it has the same basename, so the bogon will be chosen + # first if we set CC to just the basename; use the full file name. + shift + ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" + fi +fi +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:$LINENO: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:$LINENO: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + for ac_prog in cl.exe + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_CC+set}" = set; then + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_CC="$ac_tool_prefix$ac_prog" + $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:$LINENO: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:$LINENO: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$CC" && break + done +fi +if test -z "$CC"; then + ac_ct_CC=$CC + for ac_prog in cl.exe +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_ac_ct_CC+set}" = set; then + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_CC="$ac_prog" + $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + { $as_echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 +$as_echo "$ac_ct_CC" >&6; } +else + { $as_echo "$as_me:$LINENO: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$ac_ct_CC" && break +done + + if test "x$ac_ct_CC" = x; then + CC="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools +whose name does not start with the host triplet. If you think this +configuration is useful to you, please write to autoconf@gnu.org." >&5 +$as_echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools +whose name does not start with the host triplet. If you think this +configuration is useful to you, please write to autoconf@gnu.org." >&2;} +ac_tool_warned=yes ;; +esac + CC=$ac_ct_CC + fi +fi + +fi + + +test -z "$CC" && { { $as_echo "$as_me:$LINENO: error: no acceptable C compiler found in \$PATH +See \`config.log' for more details." >&5 +$as_echo "$as_me: error: no acceptable C compiler found in \$PATH +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } + +# Provide some information about the compiler. +$as_echo "$as_me:$LINENO: checking for C compiler version" >&5 +set X $ac_compile +ac_compiler=$2 +{ (ac_try="$ac_compiler --version >&5" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compiler --version >&5") 2>&5 + ac_status=$? + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } +{ (ac_try="$ac_compiler -v >&5" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compiler -v >&5") 2>&5 + ac_status=$? + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } +{ (ac_try="$ac_compiler -V >&5" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compiler -V >&5") 2>&5 + ac_status=$? + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } + +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out" +# Try to create an executable without -o first, disregard a.out. +# It will help us diagnose broken compilers, and finding out an intuition +# of exeext. +{ $as_echo "$as_me:$LINENO: checking for C compiler default output file name" >&5 +$as_echo_n "checking for C compiler default output file name... " >&6; } +ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` + +# The possible output files: +ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*" + +ac_rmfiles= +for ac_file in $ac_files +do + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; + * ) ac_rmfiles="$ac_rmfiles $ac_file";; + esac +done +rm -f $ac_rmfiles + +if { (ac_try="$ac_link_default" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_link_default") 2>&5 + ac_status=$? + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; then + # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. +# So ignore a value of `no', otherwise this would lead to `EXEEXT = no' +# in a Makefile. We should not override ac_cv_exeext if it was cached, +# so that the user can short-circuit this test for compilers unknown to +# Autoconf. +for ac_file in $ac_files '' +do + test -f "$ac_file" || continue + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) + ;; + [ab].out ) + # We found the default executable, but exeext='' is most + # certainly right. + break;; + *.* ) + if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no; + then :; else + ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + fi + # We set ac_cv_exeext here because the later test for it is not + # safe: cross compilers may not add the suffix if given an `-o' + # argument, so we may need to know it at that point already. + # Even if this section looks crufty: it has the advantage of + # actually working. + break;; + * ) + break;; + esac +done +test "$ac_cv_exeext" = no && ac_cv_exeext= + +else + ac_file='' +fi + +{ $as_echo "$as_me:$LINENO: result: $ac_file" >&5 +$as_echo "$ac_file" >&6; } +if test -z "$ac_file"; then + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +{ { $as_echo "$as_me:$LINENO: error: C compiler cannot create executables +See \`config.log' for more details." >&5 +$as_echo "$as_me: error: C compiler cannot create executables +See \`config.log' for more details." >&2;} + { (exit 77); exit 77; }; } +fi + +ac_exeext=$ac_cv_exeext + +# Check that the compiler produces executables we can run. If not, either +# the compiler is broken, or we cross compile. +{ $as_echo "$as_me:$LINENO: checking whether the C compiler works" >&5 +$as_echo_n "checking whether the C compiler works... " >&6; } +# FIXME: These cross compiler hacks should be removed for Autoconf 3.0 +# If not cross compiling, check that we can run a simple program. +if test "$cross_compiling" != yes; then + if { ac_try='./$ac_file' + { (case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + cross_compiling=no + else + if test "$cross_compiling" = maybe; then + cross_compiling=yes + else + { { $as_echo "$as_me:$LINENO: error: cannot run C compiled programs. +If you meant to cross compile, use \`--host'. +See \`config.log' for more details." >&5 +$as_echo "$as_me: error: cannot run C compiled programs. +If you meant to cross compile, use \`--host'. +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } + fi + fi +fi +{ $as_echo "$as_me:$LINENO: result: yes" >&5 +$as_echo "yes" >&6; } + +rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out +ac_clean_files=$ac_clean_files_save +# Check that the compiler produces executables we can run. If not, either +# the compiler is broken, or we cross compile. +{ $as_echo "$as_me:$LINENO: checking whether we are cross compiling" >&5 +$as_echo_n "checking whether we are cross compiling... " >&6; } +{ $as_echo "$as_me:$LINENO: result: $cross_compiling" >&5 +$as_echo "$cross_compiling" >&6; } + +{ $as_echo "$as_me:$LINENO: checking for suffix of executables" >&5 +$as_echo_n "checking for suffix of executables... " >&6; } +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; then + # If both `conftest.exe' and `conftest' are `present' (well, observable) +# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will +# work properly (i.e., refer to `conftest.exe'), while it won't with +# `rm'. +for ac_file in conftest.exe conftest conftest.*; do + test -f "$ac_file" || continue + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; + *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + break;; + * ) break;; + esac +done +else + { { $as_echo "$as_me:$LINENO: error: cannot compute suffix of executables: cannot compile and link +See \`config.log' for more details." >&5 +$as_echo "$as_me: error: cannot compute suffix of executables: cannot compile and link +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } +fi + +rm -f conftest$ac_cv_exeext +{ $as_echo "$as_me:$LINENO: result: $ac_cv_exeext" >&5 +$as_echo "$ac_cv_exeext" >&6; } + +rm -f conftest.$ac_ext +EXEEXT=$ac_cv_exeext +ac_exeext=$EXEEXT +{ $as_echo "$as_me:$LINENO: checking for suffix of object files" >&5 +$as_echo_n "checking for suffix of object files... " >&6; } +if test "${ac_cv_objext+set}" = set; then + $as_echo_n "(cached) " >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.o conftest.obj +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>&5 + ac_status=$? + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; then + for ac_file in conftest.o conftest.obj conftest.*; do + test -f "$ac_file" || continue; + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; + *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` + break;; + esac +done +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +{ { $as_echo "$as_me:$LINENO: error: cannot compute suffix of object files: cannot compile +See \`config.log' for more details." >&5 +$as_echo "$as_me: error: cannot compute suffix of object files: cannot compile +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } +fi + +rm -f conftest.$ac_cv_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:$LINENO: result: $ac_cv_objext" >&5 +$as_echo "$ac_cv_objext" >&6; } +OBJEXT=$ac_cv_objext +ac_objext=$OBJEXT +{ $as_echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5 +$as_echo_n "checking whether we are using the GNU C compiler... " >&6; } +if test "${ac_cv_c_compiler_gnu+set}" = set; then + $as_echo_n "(cached) " >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ +#ifndef __GNUC__ + choke me +#endif + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_compiler_gnu=yes +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_compiler_gnu=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +ac_cv_c_compiler_gnu=$ac_compiler_gnu + +fi +{ $as_echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5 +$as_echo "$ac_cv_c_compiler_gnu" >&6; } +if test $ac_compiler_gnu = yes; then + GCC=yes +else + GCC= +fi +ac_test_CFLAGS=${CFLAGS+set} +ac_save_CFLAGS=$CFLAGS +{ $as_echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5 +$as_echo_n "checking whether $CC accepts -g... " >&6; } +if test "${ac_cv_prog_cc_g+set}" = set; then + $as_echo_n "(cached) " >&6 +else + ac_save_c_werror_flag=$ac_c_werror_flag + ac_c_werror_flag=yes + ac_cv_prog_cc_g=no + CFLAGS="-g" + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_prog_cc_g=yes +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + CFLAGS="" + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + : +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_c_werror_flag=$ac_save_c_werror_flag + CFLAGS="-g" + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_prog_cc_g=yes +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ac_c_werror_flag=$ac_save_c_werror_flag +fi +{ $as_echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5 +$as_echo "$ac_cv_prog_cc_g" >&6; } +if test "$ac_test_CFLAGS" = set; then + CFLAGS=$ac_save_CFLAGS +elif test $ac_cv_prog_cc_g = yes; then + if test "$GCC" = yes; then + CFLAGS="-g -O2" + else + CFLAGS="-g" + fi +else + if test "$GCC" = yes; then + CFLAGS="-O2" + else + CFLAGS= + fi +fi +{ $as_echo "$as_me:$LINENO: checking for $CC option to accept ISO C89" >&5 +$as_echo_n "checking for $CC option to accept ISO C89... " >&6; } +if test "${ac_cv_prog_cc_c89+set}" = set; then + $as_echo_n "(cached) " >&6 +else + ac_cv_prog_cc_c89=no +ac_save_CC=$CC +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +#include +#include +#include +/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ +struct buf { int x; }; +FILE * (*rcsopen) (struct buf *, struct stat *, int); +static char *e (p, i) + char **p; + int i; +{ + return p[i]; +} +static char *f (char * (*g) (char **, int), char **p, ...) +{ + char *s; + va_list v; + va_start (v,p); + s = g (p, va_arg (v,int)); + va_end (v); + return s; +} + +/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has + function prototypes and stuff, but not '\xHH' hex character constants. + These don't provoke an error unfortunately, instead are silently treated + as 'x'. The following induces an error, until -std is added to get + proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an + array size at least. It's necessary to write '\x00'==0 to get something + that's true only with -std. */ +int osf4_cc_array ['\x00' == 0 ? 1 : -1]; + +/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters + inside strings and character constants. */ +#define FOO(x) 'x' +int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; + +int test (int i, double x); +struct s1 {int (*f) (int a);}; +struct s2 {int (*f) (double a);}; +int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); +int argc; +char **argv; +int +main () +{ +return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; + ; + return 0; +} +_ACEOF +for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ + -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" +do + CC="$ac_save_CC $ac_arg" + rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_prog_cc_c89=$ac_arg +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + +fi + +rm -f core conftest.err conftest.$ac_objext + test "x$ac_cv_prog_cc_c89" != "xno" && break +done +rm -f conftest.$ac_ext +CC=$ac_save_CC + +fi +# AC_CACHE_VAL +case "x$ac_cv_prog_cc_c89" in + x) + { $as_echo "$as_me:$LINENO: result: none needed" >&5 +$as_echo "none needed" >&6; } ;; + xno) + { $as_echo "$as_me:$LINENO: result: unsupported" >&5 +$as_echo "unsupported" >&6; } ;; + *) + CC="$CC $ac_cv_prog_cc_c89" + { $as_echo "$as_me:$LINENO: result: $ac_cv_prog_cc_c89" >&5 +$as_echo "$ac_cv_prog_cc_c89" >&6; } ;; +esac + + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +{ $as_echo "$as_me:$LINENO: checking how to run the C preprocessor" >&5 +$as_echo_n "checking how to run the C preprocessor... " >&6; } +# On Suns, sometimes $CPP names a directory. +if test -n "$CPP" && test -d "$CPP"; then + CPP= +fi +if test -z "$CPP"; then + if test "${ac_cv_prog_CPP+set}" = set; then + $as_echo_n "(cached) " >&6 +else + # Double quotes because CPP needs to be expanded + for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" + do + ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer to if __STDC__ is defined, since + # exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#ifdef __STDC__ +# include +#else +# include +#endif + Syntax error +_ACEOF +if { (ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null && { + test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || + test ! -s conftest.err + }; then + : +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + # Broken: fails on valid input. +continue +fi + +rm -f conftest.err conftest.$ac_ext + + # OK, works on sane cases. Now check whether nonexistent headers + # can be detected and how. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +_ACEOF +if { (ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null && { + test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || + test ! -s conftest.err + }; then + # Broken: success on invalid input. +continue +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + # Passes both tests. +ac_preproc_ok=: +break +fi + +rm -f conftest.err conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.err conftest.$ac_ext +if $ac_preproc_ok; then + break +fi + + done + ac_cv_prog_CPP=$CPP + +fi + CPP=$ac_cv_prog_CPP +else + ac_cv_prog_CPP=$CPP +fi +{ $as_echo "$as_me:$LINENO: result: $CPP" >&5 +$as_echo "$CPP" >&6; } +ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer to if __STDC__ is defined, since + # exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#ifdef __STDC__ +# include +#else +# include +#endif + Syntax error +_ACEOF +if { (ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null && { + test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || + test ! -s conftest.err + }; then + : +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + # Broken: fails on valid input. +continue +fi + +rm -f conftest.err conftest.$ac_ext + + # OK, works on sane cases. Now check whether nonexistent headers + # can be detected and how. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +_ACEOF +if { (ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null && { + test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || + test ! -s conftest.err + }; then + # Broken: success on invalid input. +continue +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + # Passes both tests. +ac_preproc_ok=: +break +fi + +rm -f conftest.err conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.err conftest.$ac_ext +if $ac_preproc_ok; then + : +else + { { $as_echo "$as_me:$LINENO: error: C preprocessor \"$CPP\" fails sanity check +See \`config.log' for more details." >&5 +$as_echo "$as_me: error: C preprocessor \"$CPP\" fails sanity check +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + +{ $as_echo "$as_me:$LINENO: checking for grep that handles long lines and -e" >&5 +$as_echo_n "checking for grep that handles long lines and -e... " >&6; } +if test "${ac_cv_path_GREP+set}" = set; then + $as_echo_n "(cached) " >&6 +else + if test -z "$GREP"; then + ac_path_GREP_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in grep ggrep; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" + { test -f "$ac_path_GREP" && $as_test_x "$ac_path_GREP"; } || continue +# Check for GNU ac_path_GREP and select it if it is found. + # Check for GNU $ac_path_GREP +case `"$ac_path_GREP" --version 2>&1` in +*GNU*) + ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo 'GREP' >> "conftest.nl" + "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + ac_count=`expr $ac_count + 1` + if test $ac_count -gt ${ac_path_GREP_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_GREP="$ac_path_GREP" + ac_path_GREP_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_GREP_found && break 3 + done + done +done +IFS=$as_save_IFS + if test -z "$ac_cv_path_GREP"; then + { { $as_echo "$as_me:$LINENO: error: no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&5 +$as_echo "$as_me: error: no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&2;} + { (exit 1); exit 1; }; } + fi +else + ac_cv_path_GREP=$GREP +fi + +fi +{ $as_echo "$as_me:$LINENO: result: $ac_cv_path_GREP" >&5 +$as_echo "$ac_cv_path_GREP" >&6; } + GREP="$ac_cv_path_GREP" + + +{ $as_echo "$as_me:$LINENO: checking for egrep" >&5 +$as_echo_n "checking for egrep... " >&6; } +if test "${ac_cv_path_EGREP+set}" = set; then + $as_echo_n "(cached) " >&6 +else + if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 + then ac_cv_path_EGREP="$GREP -E" + else + if test -z "$EGREP"; then + ac_path_EGREP_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in egrep; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" + { test -f "$ac_path_EGREP" && $as_test_x "$ac_path_EGREP"; } || continue +# Check for GNU ac_path_EGREP and select it if it is found. + # Check for GNU $ac_path_EGREP +case `"$ac_path_EGREP" --version 2>&1` in +*GNU*) + ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo 'EGREP' >> "conftest.nl" + "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + ac_count=`expr $ac_count + 1` + if test $ac_count -gt ${ac_path_EGREP_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_EGREP="$ac_path_EGREP" + ac_path_EGREP_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_EGREP_found && break 3 + done + done +done +IFS=$as_save_IFS + if test -z "$ac_cv_path_EGREP"; then + { { $as_echo "$as_me:$LINENO: error: no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&5 +$as_echo "$as_me: error: no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&2;} + { (exit 1); exit 1; }; } + fi +else + ac_cv_path_EGREP=$EGREP +fi + + fi +fi +{ $as_echo "$as_me:$LINENO: result: $ac_cv_path_EGREP" >&5 +$as_echo "$ac_cv_path_EGREP" >&6; } + EGREP="$ac_cv_path_EGREP" + + +{ $as_echo "$as_me:$LINENO: checking for ANSI C header files" >&5 +$as_echo_n "checking for ANSI C header files... " >&6; } +if test "${ac_cv_header_stdc+set}" = set; then + $as_echo_n "(cached) " >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +#include +#include +#include + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_header_stdc=yes +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_cv_header_stdc=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +if test $ac_cv_header_stdc = yes; then + # SunOS 4.x string.h does not declare mem*, contrary to ANSI. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "memchr" >/dev/null 2>&1; then + : +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "free" >/dev/null 2>&1; then + : +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. + if test "$cross_compiling" = yes; then + : +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +#include +#if ((' ' & 0x0FF) == 0x020) +# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') +# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) +#else +# define ISLOWER(c) \ + (('a' <= (c) && (c) <= 'i') \ + || ('j' <= (c) && (c) <= 'r') \ + || ('s' <= (c) && (c) <= 'z')) +# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) +#endif + +#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) +int +main () +{ + int i; + for (i = 0; i < 256; i++) + if (XOR (islower (i), ISLOWER (i)) + || toupper (i) != TOUPPER (i)) + return 2; + return 0; +} +_ACEOF +rm -f conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { ac_try='./conftest$ac_exeext' + { (case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + : +else + $as_echo "$as_me: program exited with status $ac_status" >&5 +$as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +( exit $ac_status ) +ac_cv_header_stdc=no +fi +rm -rf conftest.dSYM +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +fi + + +fi +fi +{ $as_echo "$as_me:$LINENO: result: $ac_cv_header_stdc" >&5 +$as_echo "$ac_cv_header_stdc" >&6; } +if test $ac_cv_header_stdc = yes; then + +cat >>confdefs.h <<\_ACEOF +#define STDC_HEADERS 1 +_ACEOF + +fi + +# On IRIX 5.3, sys/types and inttypes.h are conflicting. + + + + + + + + + +for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ + inttypes.h stdint.h unistd.h +do +as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +{ $as_echo "$as_me:$LINENO: checking for $ac_header" >&5 +$as_echo_n "checking for $ac_header... " >&6; } +if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then + $as_echo_n "(cached) " >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default + +#include <$ac_header> +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + eval "$as_ac_Header=yes" +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + eval "$as_ac_Header=no" +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +ac_res=`eval 'as_val=${'$as_ac_Header'} + $as_echo "$as_val"'` + { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +if test `eval 'as_val=${'$as_ac_Header'} + $as_echo "$as_val"'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + + + # Check whether --enable-optimization was given. +if test "${enable_optimization+set}" = set; then + enableval=$enable_optimization; ac_cv_without_optimization=${withval} +fi + + + + + +# Check whether --with-gcc was given. +if test "${with_gcc+set}" = set; then + withval=$with_gcc; +fi + + + if test "${ac_cv_header_minix_config_h+set}" = set; then + { $as_echo "$as_me:$LINENO: checking for minix/config.h" >&5 +$as_echo_n "checking for minix/config.h... " >&6; } +if test "${ac_cv_header_minix_config_h+set}" = set; then + $as_echo_n "(cached) " >&6 +fi +{ $as_echo "$as_me:$LINENO: result: $ac_cv_header_minix_config_h" >&5 +$as_echo "$ac_cv_header_minix_config_h" >&6; } +else + # Is the header compilable? +{ $as_echo "$as_me:$LINENO: checking minix/config.h usability" >&5 +$as_echo_n "checking minix/config.h usability... " >&6; } +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +#include +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_header_compiler=yes +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_compiler=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +{ $as_echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 +$as_echo "$ac_header_compiler" >&6; } + +# Is the header present? +{ $as_echo "$as_me:$LINENO: checking minix/config.h presence" >&5 +$as_echo_n "checking minix/config.h presence... " >&6; } +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +_ACEOF +if { (ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null && { + test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || + test ! -s conftest.err + }; then + ac_header_preproc=yes +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_preproc=no +fi + +rm -f conftest.err conftest.$ac_ext +{ $as_echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 +$as_echo "$ac_header_preproc" >&6; } + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in + yes:no: ) + { $as_echo "$as_me:$LINENO: WARNING: minix/config.h: accepted by the compiler, rejected by the preprocessor!" >&5 +$as_echo "$as_me: WARNING: minix/config.h: accepted by the compiler, rejected by the preprocessor!" >&2;} + { $as_echo "$as_me:$LINENO: WARNING: minix/config.h: proceeding with the compiler's result" >&5 +$as_echo "$as_me: WARNING: minix/config.h: proceeding with the compiler's result" >&2;} + ac_header_preproc=yes + ;; + no:yes:* ) + { $as_echo "$as_me:$LINENO: WARNING: minix/config.h: present but cannot be compiled" >&5 +$as_echo "$as_me: WARNING: minix/config.h: present but cannot be compiled" >&2;} + { $as_echo "$as_me:$LINENO: WARNING: minix/config.h: check for missing prerequisite headers?" >&5 +$as_echo "$as_me: WARNING: minix/config.h: check for missing prerequisite headers?" >&2;} + { $as_echo "$as_me:$LINENO: WARNING: minix/config.h: see the Autoconf documentation" >&5 +$as_echo "$as_me: WARNING: minix/config.h: see the Autoconf documentation" >&2;} + { $as_echo "$as_me:$LINENO: WARNING: minix/config.h: section \"Present But Cannot Be Compiled\"" >&5 +$as_echo "$as_me: WARNING: minix/config.h: section \"Present But Cannot Be Compiled\"" >&2;} + { $as_echo "$as_me:$LINENO: WARNING: minix/config.h: proceeding with the preprocessor's result" >&5 +$as_echo "$as_me: WARNING: minix/config.h: proceeding with the preprocessor's result" >&2;} + { $as_echo "$as_me:$LINENO: WARNING: minix/config.h: in the future, the compiler will take precedence" >&5 +$as_echo "$as_me: WARNING: minix/config.h: in the future, the compiler will take precedence" >&2;} + + ;; +esac +{ $as_echo "$as_me:$LINENO: checking for minix/config.h" >&5 +$as_echo_n "checking for minix/config.h... " >&6; } +if test "${ac_cv_header_minix_config_h+set}" = set; then + $as_echo_n "(cached) " >&6 +else + ac_cv_header_minix_config_h=$ac_header_preproc +fi +{ $as_echo "$as_me:$LINENO: result: $ac_cv_header_minix_config_h" >&5 +$as_echo "$ac_cv_header_minix_config_h" >&6; } + +fi +if test $ac_cv_header_minix_config_h = yes; then + MINIX=yes +else + MINIX= +fi + + + if test "$MINIX" = yes; then + +cat >>confdefs.h <<\_ACEOF +#define _POSIX_SOURCE 1 +_ACEOF + + +cat >>confdefs.h <<\_ACEOF +#define _POSIX_1_SOURCE 2 +_ACEOF + + +cat >>confdefs.h <<\_ACEOF +#define _MINIX 1 +_ACEOF + + fi + + + + { $as_echo "$as_me:$LINENO: checking whether it is safe to define __EXTENSIONS__" >&5 +$as_echo_n "checking whether it is safe to define __EXTENSIONS__... " >&6; } +if test "${ac_cv_safe_to_define___extensions__+set}" = set; then + $as_echo_n "(cached) " >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +# define __EXTENSIONS__ 1 + $ac_includes_default +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_safe_to_define___extensions__=yes +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_cv_safe_to_define___extensions__=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:$LINENO: result: $ac_cv_safe_to_define___extensions__" >&5 +$as_echo "$ac_cv_safe_to_define___extensions__" >&6; } + test $ac_cv_safe_to_define___extensions__ = yes && + cat >>confdefs.h <<\_ACEOF +#define __EXTENSIONS__ 1 +_ACEOF + + cat >>confdefs.h <<\_ACEOF +#define _ALL_SOURCE 1 +_ACEOF + + cat >>confdefs.h <<\_ACEOF +#define _GNU_SOURCE 1 +_ACEOF + + cat >>confdefs.h <<\_ACEOF +#define _POSIX_PTHREAD_SEMANTICS 1 +_ACEOF + + cat >>confdefs.h <<\_ACEOF +#define _TANDEM_SOURCE 1 +_ACEOF + + + V_CCOPT="" + if test "${ac_cv_without_optimization+set}" != set; then + V_CCOPT="-O" + fi + V_INCLS="" + if test "${srcdir}" != "." ; then + V_INCLS="-I\$\(srcdir\)" + fi + if test -z "$CC" ; then + case "$target_os" in + + bsdi*) + # Extract the first word of "shlicc2", so it can be a program name with args. +set dummy shlicc2; ac_word=$2 +{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_SHLICC2+set}" = set; then + $as_echo_n "(cached) " >&6 +else + if test -n "$SHLICC2"; then + ac_cv_prog_SHLICC2="$SHLICC2" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_SHLICC2="yes" + $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + + test -z "$ac_cv_prog_SHLICC2" && ac_cv_prog_SHLICC2="no" +fi +fi +SHLICC2=$ac_cv_prog_SHLICC2 +if test -n "$SHLICC2"; then + { $as_echo "$as_me:$LINENO: result: $SHLICC2" >&5 +$as_echo "$SHLICC2" >&6; } +else + { $as_echo "$as_me:$LINENO: result: no" >&5 +$as_echo "no" >&6; } +fi + + + if test $SHLICC2 = yes ; then + CC=shlicc2 + export CC + fi + ;; + esac + fi + if test -z "$CC" -a "$with_gcc" = no ; then + CC=cc + export CC + fi + ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. +set dummy ${ac_tool_prefix}gcc; ac_word=$2 +{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_CC+set}" = set; then + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_CC="${ac_tool_prefix}gcc" + $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:$LINENO: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:$LINENO: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_CC"; then + ac_ct_CC=$CC + # Extract the first word of "gcc", so it can be a program name with args. +set dummy gcc; ac_word=$2 +{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_ac_ct_CC+set}" = set; then + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_CC="gcc" + $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + { $as_echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 +$as_echo "$ac_ct_CC" >&6; } +else + { $as_echo "$as_me:$LINENO: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_CC" = x; then + CC="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools +whose name does not start with the host triplet. If you think this +configuration is useful to you, please write to autoconf@gnu.org." >&5 +$as_echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools +whose name does not start with the host triplet. If you think this +configuration is useful to you, please write to autoconf@gnu.org." >&2;} +ac_tool_warned=yes ;; +esac + CC=$ac_ct_CC + fi +else + CC="$ac_cv_prog_CC" +fi + +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. +set dummy ${ac_tool_prefix}cc; ac_word=$2 +{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_CC+set}" = set; then + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_CC="${ac_tool_prefix}cc" + $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:$LINENO: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:$LINENO: result: no" >&5 +$as_echo "no" >&6; } +fi + + + fi +fi +if test -z "$CC"; then + # Extract the first word of "cc", so it can be a program name with args. +set dummy cc; ac_word=$2 +{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_CC+set}" = set; then + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + ac_prog_rejected=no +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then + ac_prog_rejected=yes + continue + fi + ac_cv_prog_CC="cc" + $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +if test $ac_prog_rejected = yes; then + # We found a bogon in the path, so make sure we never use it. + set dummy $ac_cv_prog_CC + shift + if test $# != 0; then + # We chose a different compiler from the bogus one. + # However, it has the same basename, so the bogon will be chosen + # first if we set CC to just the basename; use the full file name. + shift + ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" + fi +fi +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:$LINENO: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:$LINENO: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + for ac_prog in cl.exe + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_CC+set}" = set; then + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_CC="$ac_tool_prefix$ac_prog" + $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:$LINENO: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:$LINENO: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$CC" && break + done +fi +if test -z "$CC"; then + ac_ct_CC=$CC + for ac_prog in cl.exe +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_ac_ct_CC+set}" = set; then + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_CC="$ac_prog" + $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + { $as_echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 +$as_echo "$ac_ct_CC" >&6; } +else + { $as_echo "$as_me:$LINENO: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$ac_ct_CC" && break +done + + if test "x$ac_ct_CC" = x; then + CC="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools +whose name does not start with the host triplet. If you think this +configuration is useful to you, please write to autoconf@gnu.org." >&5 +$as_echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools +whose name does not start with the host triplet. If you think this +configuration is useful to you, please write to autoconf@gnu.org." >&2;} +ac_tool_warned=yes ;; +esac + CC=$ac_ct_CC + fi +fi + +fi + + +test -z "$CC" && { { $as_echo "$as_me:$LINENO: error: no acceptable C compiler found in \$PATH +See \`config.log' for more details." >&5 +$as_echo "$as_me: error: no acceptable C compiler found in \$PATH +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } + +# Provide some information about the compiler. +$as_echo "$as_me:$LINENO: checking for C compiler version" >&5 +set X $ac_compile +ac_compiler=$2 +{ (ac_try="$ac_compiler --version >&5" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compiler --version >&5") 2>&5 + ac_status=$? + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } +{ (ac_try="$ac_compiler -v >&5" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compiler -v >&5") 2>&5 + ac_status=$? + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } +{ (ac_try="$ac_compiler -V >&5" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compiler -V >&5") 2>&5 + ac_status=$? + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } + +{ $as_echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5 +$as_echo_n "checking whether we are using the GNU C compiler... " >&6; } +if test "${ac_cv_c_compiler_gnu+set}" = set; then + $as_echo_n "(cached) " >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ +#ifndef __GNUC__ + choke me +#endif + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_compiler_gnu=yes +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_compiler_gnu=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +ac_cv_c_compiler_gnu=$ac_compiler_gnu + +fi +{ $as_echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5 +$as_echo "$ac_cv_c_compiler_gnu" >&6; } +if test $ac_compiler_gnu = yes; then + GCC=yes +else + GCC= +fi +ac_test_CFLAGS=${CFLAGS+set} +ac_save_CFLAGS=$CFLAGS +{ $as_echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5 +$as_echo_n "checking whether $CC accepts -g... " >&6; } +if test "${ac_cv_prog_cc_g+set}" = set; then + $as_echo_n "(cached) " >&6 +else + ac_save_c_werror_flag=$ac_c_werror_flag + ac_c_werror_flag=yes + ac_cv_prog_cc_g=no + CFLAGS="-g" + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_prog_cc_g=yes +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + CFLAGS="" + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + : +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_c_werror_flag=$ac_save_c_werror_flag + CFLAGS="-g" + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_prog_cc_g=yes +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ac_c_werror_flag=$ac_save_c_werror_flag +fi +{ $as_echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5 +$as_echo "$ac_cv_prog_cc_g" >&6; } +if test "$ac_test_CFLAGS" = set; then + CFLAGS=$ac_save_CFLAGS +elif test $ac_cv_prog_cc_g = yes; then + if test "$GCC" = yes; then + CFLAGS="-g -O2" + else + CFLAGS="-g" + fi +else + if test "$GCC" = yes; then + CFLAGS="-O2" + else + CFLAGS= + fi +fi +{ $as_echo "$as_me:$LINENO: checking for $CC option to accept ISO C89" >&5 +$as_echo_n "checking for $CC option to accept ISO C89... " >&6; } +if test "${ac_cv_prog_cc_c89+set}" = set; then + $as_echo_n "(cached) " >&6 +else + ac_cv_prog_cc_c89=no +ac_save_CC=$CC +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +#include +#include +#include +/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ +struct buf { int x; }; +FILE * (*rcsopen) (struct buf *, struct stat *, int); +static char *e (p, i) + char **p; + int i; +{ + return p[i]; +} +static char *f (char * (*g) (char **, int), char **p, ...) +{ + char *s; + va_list v; + va_start (v,p); + s = g (p, va_arg (v,int)); + va_end (v); + return s; +} + +/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has + function prototypes and stuff, but not '\xHH' hex character constants. + These don't provoke an error unfortunately, instead are silently treated + as 'x'. The following induces an error, until -std is added to get + proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an + array size at least. It's necessary to write '\x00'==0 to get something + that's true only with -std. */ +int osf4_cc_array ['\x00' == 0 ? 1 : -1]; + +/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters + inside strings and character constants. */ +#define FOO(x) 'x' +int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; + +int test (int i, double x); +struct s1 {int (*f) (int a);}; +struct s2 {int (*f) (double a);}; +int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); +int argc; +char **argv; +int +main () +{ +return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; + ; + return 0; +} +_ACEOF +for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ + -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" +do + CC="$ac_save_CC $ac_arg" + rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_prog_cc_c89=$ac_arg +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + +fi + +rm -f core conftest.err conftest.$ac_objext + test "x$ac_cv_prog_cc_c89" != "xno" && break +done +rm -f conftest.$ac_ext +CC=$ac_save_CC + +fi +# AC_CACHE_VAL +case "x$ac_cv_prog_cc_c89" in + x) + { $as_echo "$as_me:$LINENO: result: none needed" >&5 +$as_echo "none needed" >&6; } ;; + xno) + { $as_echo "$as_me:$LINENO: result: unsupported" >&5 +$as_echo "unsupported" >&6; } ;; + *) + CC="$CC $ac_cv_prog_cc_c89" + { $as_echo "$as_me:$LINENO: result: $ac_cv_prog_cc_c89" >&5 +$as_echo "$ac_cv_prog_cc_c89" >&6; } ;; +esac + + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + # Check whether --enable-largefile was given. +if test "${enable_largefile+set}" = set; then + enableval=$enable_largefile; +fi + +if test "$enable_largefile" != no; then + + { $as_echo "$as_me:$LINENO: checking for special C compiler options needed for large files" >&5 +$as_echo_n "checking for special C compiler options needed for large files... " >&6; } +if test "${ac_cv_sys_largefile_CC+set}" = set; then + $as_echo_n "(cached) " >&6 +else + ac_cv_sys_largefile_CC=no + if test "$GCC" != yes; then + ac_save_CC=$CC + while :; do + # IRIX 6.2 and later do not support large files by default, + # so use the C compiler's -n32 option if that helps. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +int +main () +{ + + ; + return 0; +} +_ACEOF + rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + break +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + +fi + +rm -f core conftest.err conftest.$ac_objext + CC="$CC -n32" + rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_sys_largefile_CC=' -n32'; break +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + +fi + +rm -f core conftest.err conftest.$ac_objext + break + done + CC=$ac_save_CC + rm -f conftest.$ac_ext + fi +fi +{ $as_echo "$as_me:$LINENO: result: $ac_cv_sys_largefile_CC" >&5 +$as_echo "$ac_cv_sys_largefile_CC" >&6; } + if test "$ac_cv_sys_largefile_CC" != no; then + CC=$CC$ac_cv_sys_largefile_CC + fi + + { $as_echo "$as_me:$LINENO: checking for _FILE_OFFSET_BITS value needed for large files" >&5 +$as_echo_n "checking for _FILE_OFFSET_BITS value needed for large files... " >&6; } +if test "${ac_cv_sys_file_offset_bits+set}" = set; then + $as_echo_n "(cached) " >&6 +else + while :; do + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_sys_file_offset_bits=no; break +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#define _FILE_OFFSET_BITS 64 +#include + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_sys_file_offset_bits=64; break +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ac_cv_sys_file_offset_bits=unknown + break +done +fi +{ $as_echo "$as_me:$LINENO: result: $ac_cv_sys_file_offset_bits" >&5 +$as_echo "$ac_cv_sys_file_offset_bits" >&6; } +case $ac_cv_sys_file_offset_bits in #( + no | unknown) ;; + *) +cat >>confdefs.h <<_ACEOF +#define _FILE_OFFSET_BITS $ac_cv_sys_file_offset_bits +_ACEOF +;; +esac +rm -rf conftest* + if test $ac_cv_sys_file_offset_bits = unknown; then + { $as_echo "$as_me:$LINENO: checking for _LARGE_FILES value needed for large files" >&5 +$as_echo_n "checking for _LARGE_FILES value needed for large files... " >&6; } +if test "${ac_cv_sys_large_files+set}" = set; then + $as_echo_n "(cached) " >&6 +else + while :; do + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_sys_large_files=no; break +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#define _LARGE_FILES 1 +#include + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_sys_large_files=1; break +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ac_cv_sys_large_files=unknown + break +done +fi +{ $as_echo "$as_me:$LINENO: result: $ac_cv_sys_large_files" >&5 +$as_echo "$ac_cv_sys_large_files" >&6; } +case $ac_cv_sys_large_files in #( + no | unknown) ;; + *) +cat >>confdefs.h <<_ACEOF +#define _LARGE_FILES $ac_cv_sys_large_files +_ACEOF +;; +esac +rm -rf conftest* + fi +fi + + if test "$GCC" != yes ; then + { $as_echo "$as_me:$LINENO: checking that $CC handles ansi prototypes" >&5 +$as_echo_n "checking that $CC handles ansi prototypes... " >&6; } + if test "${ac_cv_lbl_cc_ansi_prototypes+set}" = set; then + $as_echo_n "(cached) " >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +int +main () +{ +int frob(int, char *) + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_lbl_cc_ansi_prototypes=yes +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_cv_lbl_cc_ansi_prototypes=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi + + { $as_echo "$as_me:$LINENO: result: $ac_cv_lbl_cc_ansi_prototypes" >&5 +$as_echo "$ac_cv_lbl_cc_ansi_prototypes" >&6; } + if test $ac_cv_lbl_cc_ansi_prototypes = no ; then + case "$target_os" in + + hpux*) + { $as_echo "$as_me:$LINENO: checking for HP-UX ansi compiler ($CC -Aa -D_HPUX_SOURCE)" >&5 +$as_echo_n "checking for HP-UX ansi compiler ($CC -Aa -D_HPUX_SOURCE)... " >&6; } + savedcflags="$CFLAGS" + CFLAGS="-Aa -D_HPUX_SOURCE $CFLAGS" + if test "${ac_cv_lbl_cc_hpux_cc_aa+set}" = set; then + $as_echo_n "(cached) " >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +int +main () +{ +int frob(int, char *) + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_lbl_cc_hpux_cc_aa=yes +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_cv_lbl_cc_hpux_cc_aa=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi + + { $as_echo "$as_me:$LINENO: result: $ac_cv_lbl_cc_hpux_cc_aa" >&5 +$as_echo "$ac_cv_lbl_cc_hpux_cc_aa" >&6; } + if test $ac_cv_lbl_cc_hpux_cc_aa = no ; then + { { $as_echo "$as_me:$LINENO: error: see the INSTALL doc for more info" >&5 +$as_echo "$as_me: error: see the INSTALL doc for more info" >&2;} + { (exit 1); exit 1; }; } + fi + CFLAGS="$savedcflags" + V_CCOPT="-Aa $V_CCOPT" + +cat >>confdefs.h <<\_ACEOF +#define _HPUX_SOURCE /**/ +_ACEOF + + ;; + + *) + { { $as_echo "$as_me:$LINENO: error: see the INSTALL doc for more info" >&5 +$as_echo "$as_me: error: see the INSTALL doc for more info" >&2;} + { (exit 1); exit 1; }; } + ;; + esac + fi + V_INCLS="$V_INCLS -I/usr/local/include" + LDFLAGS="$LDFLAGS -L/usr/local/lib" + + case "$target_os" in + + irix*) + V_CCOPT="$V_CCOPT -xansi -signed -g3" + ;; + + osf*) + V_CCOPT="$V_CCOPT -std1 -g3" + ;; + + ultrix*) + { $as_echo "$as_me:$LINENO: checking that Ultrix $CC hacks const in prototypes" >&5 +$as_echo_n "checking that Ultrix $CC hacks const in prototypes... " >&6; } + if test "${ac_cv_lbl_cc_const_proto+set}" = set; then + $as_echo_n "(cached) " >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +int +main () +{ +struct a { int b; }; + void c(const struct a *) + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_lbl_cc_const_proto=yes +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_cv_lbl_cc_const_proto=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi + + { $as_echo "$as_me:$LINENO: result: $ac_cv_lbl_cc_const_proto" >&5 +$as_echo "$ac_cv_lbl_cc_const_proto" >&6; } + if test $ac_cv_lbl_cc_const_proto = no ; then + +cat >>confdefs.h <<\_ACEOF +#define const /**/ +_ACEOF + + fi + ;; + esac + fi + +# Find a good install program. We prefer a C program (faster), +# so one script is as good as another. But avoid the broken or +# incompatible versions: +# SysV /etc/install, /usr/sbin/install +# SunOS /usr/etc/install +# IRIX /sbin/install +# AIX /bin/install +# AmigaOS /C/install, which installs bootblocks on floppy discs +# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag +# AFS /usr/afsws/bin/install, which mishandles nonexistent args +# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" +# OS/2's system install, which has a completely different semantic +# ./install, which can be erroneously created by make from ./install.sh. +# Reject install programs that cannot install multiple files. +{ $as_echo "$as_me:$LINENO: checking for a BSD-compatible install" >&5 +$as_echo_n "checking for a BSD-compatible install... " >&6; } +if test -z "$INSTALL"; then +if test "${ac_cv_path_install+set}" = set; then + $as_echo_n "(cached) " >&6 +else + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + # Account for people who put trailing slashes in PATH elements. +case $as_dir/ in + ./ | .// | /cC/* | \ + /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ + ?:\\/os2\\/install\\/* | ?:\\/OS2\\/INSTALL\\/* | \ + /usr/ucb/* ) ;; + *) + # OSF1 and SCO ODT 3.0 have their own names for install. + # Don't use installbsd from OSF since it installs stuff as root + # by default. + for ac_prog in ginstall scoinst install; do + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; }; then + if test $ac_prog = install && + grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then + # AIX install. It has an incompatible calling convention. + : + elif test $ac_prog = install && + grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then + # program-specific install script used by HP pwplus--don't use. + : + else + rm -rf conftest.one conftest.two conftest.dir + echo one > conftest.one + echo two > conftest.two + mkdir conftest.dir + if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" && + test -s conftest.one && test -s conftest.two && + test -s conftest.dir/conftest.one && + test -s conftest.dir/conftest.two + then + ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" + break 3 + fi + fi + fi + done + done + ;; +esac + +done +IFS=$as_save_IFS + +rm -rf conftest.one conftest.two conftest.dir + +fi + if test "${ac_cv_path_install+set}" = set; then + INSTALL=$ac_cv_path_install + else + # As a last resort, use the slow shell script. Don't cache a + # value for INSTALL within a source directory, because that will + # break other packages using the cache if that directory is + # removed, or if the value is a relative name. + INSTALL=$ac_install_sh + fi +fi +{ $as_echo "$as_me:$LINENO: result: $INSTALL" >&5 +$as_echo "$INSTALL" >&6; } + +# Use test -z because SunOS4 sh mishandles braces in ${var-val}. +# It thinks the first close brace ends the variable substitution. +test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' + +test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' + +test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' + + + + +for ac_header in fcntl.h memory.h +do +as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then + { $as_echo "$as_me:$LINENO: checking for $ac_header" >&5 +$as_echo_n "checking for $ac_header... " >&6; } +if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then + $as_echo_n "(cached) " >&6 +fi +ac_res=`eval 'as_val=${'$as_ac_Header'} + $as_echo "$as_val"'` + { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +else + # Is the header compilable? +{ $as_echo "$as_me:$LINENO: checking $ac_header usability" >&5 +$as_echo_n "checking $ac_header usability... " >&6; } +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +#include <$ac_header> +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_header_compiler=yes +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_compiler=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +{ $as_echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 +$as_echo "$ac_header_compiler" >&6; } + +# Is the header present? +{ $as_echo "$as_me:$LINENO: checking $ac_header presence" >&5 +$as_echo_n "checking $ac_header presence... " >&6; } +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <$ac_header> +_ACEOF +if { (ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null && { + test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || + test ! -s conftest.err + }; then + ac_header_preproc=yes +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_preproc=no +fi + +rm -f conftest.err conftest.$ac_ext +{ $as_echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 +$as_echo "$ac_header_preproc" >&6; } + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in + yes:no: ) + { $as_echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 +$as_echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} + { $as_echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 +$as_echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} + ac_header_preproc=yes + ;; + no:yes:* ) + { $as_echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 +$as_echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} + { $as_echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 +$as_echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} + { $as_echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 +$as_echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} + { $as_echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 +$as_echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} + { $as_echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 +$as_echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} + { $as_echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 +$as_echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} + + ;; +esac +{ $as_echo "$as_me:$LINENO: checking for $ac_header" >&5 +$as_echo_n "checking for $ac_header... " >&6; } +if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then + $as_echo_n "(cached) " >&6 +else + eval "$as_ac_Header=\$ac_header_preproc" +fi +ac_res=`eval 'as_val=${'$as_ac_Header'} + $as_echo "$as_val"'` + { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + +fi +if test `eval 'as_val=${'$as_ac_Header'} + $as_echo "$as_val"'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + + +for ac_func in strerror +do +as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +{ $as_echo "$as_me:$LINENO: checking for $ac_func" >&5 +$as_echo_n "checking for $ac_func... " >&6; } +if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then + $as_echo_n "(cached) " >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +/* Define $ac_func to an innocuous variant, in case declares $ac_func. + For example, HP-UX 11i declares gettimeofday. */ +#define $ac_func innocuous_$ac_func + +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func (); below. + Prefer to if __STDC__ is defined, since + exists even on freestanding compilers. */ + +#ifdef __STDC__ +# include +#else +# include +#endif + +#undef $ac_func + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char $ac_func (); +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined __stub_$ac_func || defined __stub___$ac_func +choke me +#endif + +int +main () +{ +return $ac_func (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_link") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && { + test "$cross_compiling" = yes || + $as_test_x conftest$ac_exeext + }; then + eval "$as_ac_var=yes" +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + eval "$as_ac_var=no" +fi + +rm -rf conftest.dSYM +rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ + conftest$ac_exeext conftest.$ac_ext +fi +ac_res=`eval 'as_val=${'$as_ac_var'} + $as_echo "$as_val"'` + { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +if test `eval 'as_val=${'$as_ac_var'} + $as_echo "$as_val"'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +else + case " $LIBOBJS " in + *" $ac_func.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS $ac_func.$ac_objext" + ;; +esac + +fi +done + + + +{ $as_echo "$as_me:$LINENO: checking for main in -lnsl" >&5 +$as_echo_n "checking for main in -lnsl... " >&6; } +if test "${ac_cv_lib_nsl_main+set}" = set; then + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lnsl $LIBS" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + + +int +main () +{ +return main (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_link") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && { + test "$cross_compiling" = yes || + $as_test_x conftest$ac_exeext + }; then + ac_cv_lib_nsl_main=yes +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_cv_lib_nsl_main=no +fi + +rm -rf conftest.dSYM +rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:$LINENO: result: $ac_cv_lib_nsl_main" >&5 +$as_echo "$ac_cv_lib_nsl_main" >&6; } +if test $ac_cv_lib_nsl_main = yes; then + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBNSL 1 +_ACEOF + + LIBS="-lnsl $LIBS" + +fi + + +{ $as_echo "$as_me:$LINENO: checking for main in -lsocket" >&5 +$as_echo_n "checking for main in -lsocket... " >&6; } +if test "${ac_cv_lib_socket_main+set}" = set; then + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lsocket $LIBS" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + + +int +main () +{ +return main (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_link") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && { + test "$cross_compiling" = yes || + $as_test_x conftest$ac_exeext + }; then + ac_cv_lib_socket_main=yes +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_cv_lib_socket_main=no +fi + +rm -rf conftest.dSYM +rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:$LINENO: result: $ac_cv_lib_socket_main" >&5 +$as_echo "$ac_cv_lib_socket_main" >&6; } +if test $ac_cv_lib_socket_main = yes; then + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBSOCKET 1 +_ACEOF + + LIBS="-lsocket $LIBS" + +fi + + +{ $as_echo "$as_me:$LINENO: checking for int32_t using $CC" >&5 +$as_echo_n "checking for int32_t using $CC... " >&6; } + if test "${ac_cv_lbl_have_int32_t+set}" = set; then + $as_echo_n "(cached) " >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +# include "confdefs.h" +# include +# if STDC_HEADERS +# include +# include +# endif +int +main () +{ +int32_t i + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_lbl_have_int32_t=yes +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_cv_lbl_have_int32_t=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi + + { $as_echo "$as_me:$LINENO: result: $ac_cv_lbl_have_int32_t" >&5 +$as_echo "$ac_cv_lbl_have_int32_t" >&6; } + if test $ac_cv_lbl_have_int32_t = no ; then + +cat >>confdefs.h <<\_ACEOF +#define int32_t int +_ACEOF + + fi +{ $as_echo "$as_me:$LINENO: checking for u_int32_t using $CC" >&5 +$as_echo_n "checking for u_int32_t using $CC... " >&6; } + if test "${ac_cv_lbl_have_u_int32_t+set}" = set; then + $as_echo_n "(cached) " >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +# include "confdefs.h" +# include +# if STDC_HEADERS +# include +# include +# endif +int +main () +{ +u_int32_t i + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_lbl_have_u_int32_t=yes +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_cv_lbl_have_u_int32_t=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi + + { $as_echo "$as_me:$LINENO: result: $ac_cv_lbl_have_u_int32_t" >&5 +$as_echo "$ac_cv_lbl_have_u_int32_t" >&6; } + if test $ac_cv_lbl_have_u_int32_t = no ; then + +cat >>confdefs.h <<\_ACEOF +#define u_int32_t u_int +_ACEOF + + fi + + + + rm -f os-proto.h + if test -f .devel ; then + if test "$GCC" = yes ; then + if test "$SHLICC2" = yes ; then + ac_cv_lbl_gcc_vers=2 + V_CCOPT="`echo $V_CCOPT | sed -e 's/-O/-O3/'`" + else + { $as_echo "$as_me:$LINENO: checking gcc version" >&5 +$as_echo_n "checking gcc version... " >&6; } + if test "${ac_cv_lbl_gcc_vers+set}" = set; then + $as_echo_n "(cached) " >&6 +else + # Gag, the gcc folks keep changing the output... + # try to grab N.N.N + ac_cv_lbl_gcc_vers=`$CC --version 2>&1 | + sed -e '1!d' -e 's/[^0-9]*\([0-9][0-9]*\)\.[0-9\][0-9]*\.[0-9][0-9]*.*/\1/'` +fi + + { $as_echo "$as_me:$LINENO: result: $ac_cv_lbl_gcc_vers" >&5 +$as_echo "$ac_cv_lbl_gcc_vers" >&6; } + if test "$ac_cv_lbl_gcc_vers" -gt 1 ; then + V_CCOPT="`echo $V_CCOPT | sed -e 's/-O/-O3/'`" + fi + fi + if test "$ac_cv_prog_cc_g" = yes ; then + V_CCOPT="-g $V_CCOPT" + fi + V_CCOPT="$V_CCOPT -Wall" + if test "$ac_cv_lbl_gcc_vers" -gt 1 ; then + V_CCOPT="$V_CCOPT -Wmissing-prototypes -Wstrict-prototypes" + if [ "`uname -s`" = "FreeBSD" ]; then + V_CCOPT="$V_CCOPT -Werror" + fi + fi + else + case "$target_os" in + + irix6*) + V_CCOPT="$V_CCOPT -fullwarn -n32" + ;; + + *) + ;; + esac + fi + os=`echo $target_os | sed -e 's/\([0-9][0-9]*\)[^0-9].*$/\1/'` + name="lbl/os-$os.h" + if test -f $name ; then + ln -s $name os-proto.h + +cat >>confdefs.h <<\_ACEOF +#define HAVE_OS_PROTO_H /**/ +_ACEOF + + else + { $as_echo "$as_me:$LINENO: WARNING: can't find $name" >&5 +$as_echo "$as_me: WARNING: can't find $name" >&2;} + fi + fi + +if test -r lbl/gnuc.h ; then + rm -f gnuc.h + ln -s lbl/gnuc.h gnuc.h +fi + + + + + + + +ac_config_files="$ac_config_files Makefile" + +cat >confcache <<\_ACEOF +# This file is a shell script that caches the results of configure +# tests run on this system so they can be shared between configure +# scripts and configure runs, see configure's option --config-cache. +# It is not useful on other systems. If it contains results you don't +# want to keep, you may remove or edit it. +# +# config.status only pays attention to the cache file if you give it +# the --recheck option to rerun configure. +# +# `ac_cv_env_foo' variables (set or unset) will be overridden when +# loading this file, other *unset* `ac_cv_foo' will be assigned the +# following values. + +_ACEOF + +# The following way of writing the cache mishandles newlines in values, +# but we know of no workaround that is simple, portable, and efficient. +# So, we kill variables containing newlines. +# Ultrix sh set writes to stderr and can't be redirected directly, +# and sets the high bit in the cache file unless we assign to the vars. +( + for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do + eval ac_val=\$$ac_var + case $ac_val in #( + *${as_nl}*) + case $ac_var in #( + *_cv_*) { $as_echo "$as_me:$LINENO: WARNING: Cache variable $ac_var contains a newline." >&5 +$as_echo "$as_me: WARNING: Cache variable $ac_var contains a newline." >&2;} ;; + esac + case $ac_var in #( + _ | IFS | as_nl) ;; #( + BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( + *) $as_unset $ac_var ;; + esac ;; + esac + done + + (set) 2>&1 | + case $as_nl`(ac_space=' '; set) 2>&1` in #( + *${as_nl}ac_space=\ *) + # `set' does not quote correctly, so add quotes (double-quote + # substitution turns \\\\ into \\, and sed turns \\ into \). + sed -n \ + "s/'/'\\\\''/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" + ;; #( + *) + # `set' quotes correctly as required by POSIX, so do not add quotes. + sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" + ;; + esac | + sort +) | + sed ' + /^ac_cv_env_/b end + t clear + :clear + s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ + t end + s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ + :end' >>confcache +if diff "$cache_file" confcache >/dev/null 2>&1; then :; else + if test -w "$cache_file"; then + test "x$cache_file" != "x/dev/null" && + { $as_echo "$as_me:$LINENO: updating cache $cache_file" >&5 +$as_echo "$as_me: updating cache $cache_file" >&6;} + cat confcache >$cache_file + else + { $as_echo "$as_me:$LINENO: not updating unwritable cache $cache_file" >&5 +$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;} + fi +fi +rm -f confcache + +test "x$prefix" = xNONE && prefix=$ac_default_prefix +# Let make expand exec_prefix. +test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' + +# Transform confdefs.h into DEFS. +# Protect against shell expansion while executing Makefile rules. +# Protect against Makefile macro expansion. +# +# If the first sed substitution is executed (which looks for macros that +# take arguments), then branch to the quote section. Otherwise, +# look for a macro that doesn't take arguments. +ac_script=' +:mline +/\\$/{ + N + s,\\\n,, + b mline +} +t clear +:clear +s/^[ ]*#[ ]*define[ ][ ]*\([^ (][^ (]*([^)]*)\)[ ]*\(.*\)/-D\1=\2/g +t quote +s/^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)/-D\1=\2/g +t quote +b any +:quote +s/[ `~#$^&*(){}\\|;'\''"<>?]/\\&/g +s/\[/\\&/g +s/\]/\\&/g +s/\$/$$/g +H +:any +${ + g + s/^\n// + s/\n/ /g + p +} +' +DEFS=`sed -n "$ac_script" confdefs.h` + + +ac_libobjs= +ac_ltlibobjs= +for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue + # 1. Remove the extension, and $U if already installed. + ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' + ac_i=`$as_echo "$ac_i" | sed "$ac_script"` + # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR + # will be set to the directory where LIBOBJS objects are built. + ac_libobjs="$ac_libobjs \${LIBOBJDIR}$ac_i\$U.$ac_objext" + ac_ltlibobjs="$ac_ltlibobjs \${LIBOBJDIR}$ac_i"'$U.lo' +done +LIBOBJS=$ac_libobjs + +LTLIBOBJS=$ac_ltlibobjs + + + +: ${CONFIG_STATUS=./config.status} +ac_write_fail=0 +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files $CONFIG_STATUS" +{ $as_echo "$as_me:$LINENO: creating $CONFIG_STATUS" >&5 +$as_echo "$as_me: creating $CONFIG_STATUS" >&6;} +cat >$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +#! $SHELL +# Generated by $as_me. +# Run this file to recreate the current configuration. +# Compiler output produced by configure, useful for debugging +# configure, is in config.log if it exists. + +debug=false +ac_cs_recheck=false +ac_cs_silent=false +SHELL=\${CONFIG_SHELL-$SHELL} +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +## --------------------- ## +## M4sh Initialization. ## +## --------------------- ## + +# Be more Bourne compatible +DUALCASE=1; export DUALCASE # for MKS sh +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in + *posix*) set -o posix ;; +esac + +fi + + + + +# PATH needs CR +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + +as_nl=' +' +export as_nl +# Printing a long string crashes Solaris 7 /usr/bin/printf. +as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo +if (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='printf %s\n' + as_echo_n='printf %s' +else + if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then + as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' + as_echo_n='/usr/ucb/echo -n' + else + as_echo_body='eval expr "X$1" : "X\\(.*\\)"' + as_echo_n_body='eval + arg=$1; + case $arg in + *"$as_nl"*) + expr "X$arg" : "X\\(.*\\)$as_nl"; + arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; + esac; + expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" + ' + export as_echo_n_body + as_echo_n='sh -c $as_echo_n_body as_echo' + fi + export as_echo_body + as_echo='sh -c $as_echo_body as_echo' +fi + +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { + (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || + PATH_SEPARATOR=';' + } +fi + +# Support unset when possible. +if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then + as_unset=unset +else + as_unset=false +fi + + +# IFS +# We need space, tab and new line, in precisely that order. Quoting is +# there to prevent editors from complaining about space-tab. +# (If _AS_PATH_WALK were called with IFS unset, it would disable word +# splitting by setting IFS to empty value.) +IFS=" "" $as_nl" + +# Find who we are. Look in the path if we contain no directory separator. +case $0 in + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break +done +IFS=$as_save_IFS + + ;; +esac +# We did not find ourselves, most probably we were run as `sh COMMAND' +# in which case we are not to be found in the path. +if test "x$as_myself" = x; then + as_myself=$0 +fi +if test ! -f "$as_myself"; then + $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 + { (exit 1); exit 1; } +fi + +# Work around bugs in pre-3.0 UWIN ksh. +for as_var in ENV MAIL MAILPATH +do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var +done +PS1='$ ' +PS2='> ' +PS4='+ ' + +# NLS nuisances. +LC_ALL=C +export LC_ALL +LANGUAGE=C +export LANGUAGE + +# Required to use basename. +if expr a : '\(a\)' >/dev/null 2>&1 && + test "X`expr 00001 : '.*\(...\)'`" = X001; then + as_expr=expr +else + as_expr=false +fi + +if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi + + +# Name of the executable. +as_me=`$as_basename -- "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ + s//\1/ + q + } + /^X\/\(\/\/\)$/{ + s//\1/ + q + } + /^X\/\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + +# CDPATH. +$as_unset CDPATH + + + + as_lineno_1=$LINENO + as_lineno_2=$LINENO + test "x$as_lineno_1" != "x$as_lineno_2" && + test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || { + + # Create $as_me.lineno as a copy of $as_myself, but with $LINENO + # uniformly replaced by the line number. The first 'sed' inserts a + # line-number line after each line using $LINENO; the second 'sed' + # does the real work. The second script uses 'N' to pair each + # line-number line with the line containing $LINENO, and appends + # trailing '-' during substitution so that $LINENO is not a special + # case at line end. + # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the + # scripts with optimization help from Paolo Bonzini. Blame Lee + # E. McMahon (1931-1989) for sed's syntax. :-) + sed -n ' + p + /[$]LINENO/= + ' <$as_myself | + sed ' + s/[$]LINENO.*/&-/ + t lineno + b + :lineno + N + :loop + s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ + t loop + s/-\n.*// + ' >$as_me.lineno && + chmod +x "$as_me.lineno" || + { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2 + { (exit 1); exit 1; }; } + + # Don't try to exec as it changes $[0], causing all sort of problems + # (the dirname of $[0] is not the place where we might find the + # original and so on. Autoconf is especially sensitive to this). + . "./$as_me.lineno" + # Exit status is that of the last command. + exit +} + + +if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then + as_dirname=dirname +else + as_dirname=false +fi + +ECHO_C= ECHO_N= ECHO_T= +case `echo -n x` in +-n*) + case `echo 'x\c'` in + *c*) ECHO_T=' ';; # ECHO_T is single tab character. + *) ECHO_C='\c';; + esac;; +*) + ECHO_N='-n';; +esac +if expr a : '\(a\)' >/dev/null 2>&1 && + test "X`expr 00001 : '.*\(...\)'`" = X001; then + as_expr=expr +else + as_expr=false +fi + +rm -f conf$$ conf$$.exe conf$$.file +if test -d conf$$.dir; then + rm -f conf$$.dir/conf$$.file +else + rm -f conf$$.dir + mkdir conf$$.dir 2>/dev/null +fi +if (echo >conf$$.file) 2>/dev/null; then + if ln -s conf$$.file conf$$ 2>/dev/null; then + as_ln_s='ln -s' + # ... but there are two gotchas: + # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. + # In both cases, we have to default to `cp -p'. + ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || + as_ln_s='cp -p' + elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln + else + as_ln_s='cp -p' + fi +else + as_ln_s='cp -p' +fi +rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file +rmdir conf$$.dir 2>/dev/null + +if mkdir -p . 2>/dev/null; then + as_mkdir_p=: +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + +if test -x / >/dev/null 2>&1; then + as_test_x='test -x' +else + if ls -dL / >/dev/null 2>&1; then + as_ls_L_option=L + else + as_ls_L_option= + fi + as_test_x=' + eval sh -c '\'' + if test -d "$1"; then + test -d "$1/."; + else + case $1 in + -*)set "./$1";; + esac; + case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in + ???[sx]*):;;*)false;;esac;fi + '\'' sh + ' +fi +as_executable_p=$as_test_x + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + + +exec 6>&1 + +# Save the log message, to keep $[0] and so on meaningful, and to +# report actual input values of CONFIG_FILES etc. instead of their +# values after options handling. +ac_log=" +This file was extended by $as_me, which was +generated by GNU Autoconf 2.62. Invocation command line was + + CONFIG_FILES = $CONFIG_FILES + CONFIG_HEADERS = $CONFIG_HEADERS + CONFIG_LINKS = $CONFIG_LINKS + CONFIG_COMMANDS = $CONFIG_COMMANDS + $ $0 $@ + +on `(hostname || uname -n) 2>/dev/null | sed 1q` +" + +_ACEOF + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +# Files that config.status was made for. +config_files="$ac_config_files" + +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +ac_cs_usage="\ +\`$as_me' instantiates files from templates according to the +current configuration. + +Usage: $0 [OPTIONS] [FILE]... + + -h, --help print this help, then exit + -V, --version print version number and configuration settings, then exit + -q, --quiet do not print progress messages + -d, --debug don't remove temporary files + --recheck update $as_me by reconfiguring in the same conditions + --file=FILE[:TEMPLATE] + instantiate the configuration file FILE + +Configuration files: +$config_files + +Report bugs to ." + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +ac_cs_version="\\ +config.status +configured by $0, generated by GNU Autoconf 2.62, + with options \\"`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\" + +Copyright (C) 2008 Free Software Foundation, Inc. +This config.status script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it." + +ac_pwd='$ac_pwd' +srcdir='$srcdir' +INSTALL='$INSTALL' +test -n "\$AWK" || AWK=awk +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# The default lists apply if the user does not specify any file. +ac_need_defaults=: +while test $# != 0 +do + case $1 in + --*=*) + ac_option=`expr "X$1" : 'X\([^=]*\)='` + ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` + ac_shift=: + ;; + *) + ac_option=$1 + ac_optarg=$2 + ac_shift=shift + ;; + esac + + case $ac_option in + # Handling of the options. + -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) + ac_cs_recheck=: ;; + --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) + $as_echo "$ac_cs_version"; exit ;; + --debug | --debu | --deb | --de | --d | -d ) + debug=: ;; + --file | --fil | --fi | --f ) + $ac_shift + case $ac_optarg in + *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + CONFIG_FILES="$CONFIG_FILES '$ac_optarg'" + ac_need_defaults=false;; + --he | --h | --help | --hel | -h ) + $as_echo "$ac_cs_usage"; exit ;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil | --si | --s) + ac_cs_silent=: ;; + + # This is an error. + -*) { $as_echo "$as_me: error: unrecognized option: $1 +Try \`$0 --help' for more information." >&2 + { (exit 1); exit 1; }; } ;; + + *) ac_config_targets="$ac_config_targets $1" + ac_need_defaults=false ;; + + esac + shift +done + +ac_configure_extra_args= + +if $ac_cs_silent; then + exec 6>/dev/null + ac_configure_extra_args="$ac_configure_extra_args --silent" +fi + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +if \$ac_cs_recheck; then + set X '$SHELL' '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion + shift + \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6 + CONFIG_SHELL='$SHELL' + export CONFIG_SHELL + exec "\$@" +fi + +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +exec 5>>config.log +{ + echo + sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX +## Running $as_me. ## +_ASBOX + $as_echo "$ac_log" +} >&5 + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 + +# Handling of arguments. +for ac_config_target in $ac_config_targets +do + case $ac_config_target in + "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; + + *) { { $as_echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5 +$as_echo "$as_me: error: invalid argument: $ac_config_target" >&2;} + { (exit 1); exit 1; }; };; + esac +done + + +# If the user did not use the arguments to specify the items to instantiate, +# then the envvar interface is used. Set only those that are not. +# We use the long form for the default assignment because of an extremely +# bizarre bug on SunOS 4.1.3. +if $ac_need_defaults; then + test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files +fi + +# Have a temporary directory for convenience. Make it in the build tree +# simply because there is no reason against having it here, and in addition, +# creating and moving files from /tmp can sometimes cause problems. +# Hook for its removal unless debugging. +# Note that there is a small window in which the directory will not be cleaned: +# after its creation but before its name has been assigned to `$tmp'. +$debug || +{ + tmp= + trap 'exit_status=$? + { test -z "$tmp" || test ! -d "$tmp" || rm -fr "$tmp"; } && exit $exit_status +' 0 + trap '{ (exit 1); exit 1; }' 1 2 13 15 +} +# Create a (secure) tmp directory for tmp files. + +{ + tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && + test -n "$tmp" && test -d "$tmp" +} || +{ + tmp=./conf$$-$RANDOM + (umask 077 && mkdir "$tmp") +} || +{ + $as_echo "$as_me: cannot create a temporary directory in ." >&2 + { (exit 1); exit 1; } +} + +# Set up the scripts for CONFIG_FILES section. +# No need to generate them if there are no CONFIG_FILES. +# This happens for instance with `./config.status config.h'. +if test -n "$CONFIG_FILES"; then + + +ac_cr=' ' +ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' /dev/null` +if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then + ac_cs_awk_cr='\\r' +else + ac_cs_awk_cr=$ac_cr +fi + +echo 'BEGIN {' >"$tmp/subs1.awk" && +_ACEOF + + +{ + echo "cat >conf$$subs.awk <<_ACEOF" && + echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' && + echo "_ACEOF" +} >conf$$subs.sh || + { { $as_echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5 +$as_echo "$as_me: error: could not make $CONFIG_STATUS" >&2;} + { (exit 1); exit 1; }; } +ac_delim_num=`echo "$ac_subst_vars" | grep -c '$'` +ac_delim='%!_!# ' +for ac_last_try in false false false false false :; do + . ./conf$$subs.sh || + { { $as_echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5 +$as_echo "$as_me: error: could not make $CONFIG_STATUS" >&2;} + { (exit 1); exit 1; }; } + + if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X` = $ac_delim_num; then + break + elif $ac_last_try; then + { { $as_echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5 +$as_echo "$as_me: error: could not make $CONFIG_STATUS" >&2;} + { (exit 1); exit 1; }; } + else + ac_delim="$ac_delim!$ac_delim _$ac_delim!! " + fi +done +rm -f conf$$subs.sh + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +cat >>"\$tmp/subs1.awk" <<\\_ACAWK && +_ACEOF +sed -n ' +h +s/^/S["/; s/!.*/"]=/ +p +g +s/^[^!]*!// +:repl +t repl +s/'"$ac_delim"'$// +t delim +:nl +h +s/\(.\{148\}\).*/\1/ +t more1 +s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/ +p +n +b repl +:more1 +s/["\\]/\\&/g; s/^/"/; s/$/"\\/ +p +g +s/.\{148\}// +t nl +:delim +h +s/\(.\{148\}\).*/\1/ +t more2 +s/["\\]/\\&/g; s/^/"/; s/$/"/ +p +b +:more2 +s/["\\]/\\&/g; s/^/"/; s/$/"\\/ +p +g +s/.\{148\}// +t delim +' >$CONFIG_STATUS || ac_write_fail=1 +rm -f conf$$subs.awk +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +_ACAWK +cat >>"\$tmp/subs1.awk" <<_ACAWK && + for (key in S) S_is_set[key] = 1 + FS = "" + +} +{ + line = $ 0 + nfields = split(line, field, "@") + substed = 0 + len = length(field[1]) + for (i = 2; i < nfields; i++) { + key = field[i] + keylen = length(key) + if (S_is_set[key]) { + value = S[key] + line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3) + len += length(value) + length(field[++i]) + substed = 1 + } else + len += 1 + keylen + } + + print line +} + +_ACAWK +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then + sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g" +else + cat +fi < "$tmp/subs1.awk" > "$tmp/subs.awk" \ + || { { $as_echo "$as_me:$LINENO: error: could not setup config files machinery" >&5 +$as_echo "$as_me: error: could not setup config files machinery" >&2;} + { (exit 1); exit 1; }; } +_ACEOF + +# VPATH may cause trouble with some makes, so we remove $(srcdir), +# ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and +# trailing colons and then remove the whole line if VPATH becomes empty +# (actually we leave an empty line to preserve line numbers). +if test "x$srcdir" = x.; then + ac_vpsub='/^[ ]*VPATH[ ]*=/{ +s/:*\$(srcdir):*/:/ +s/:*\${srcdir}:*/:/ +s/:*@srcdir@:*/:/ +s/^\([^=]*=[ ]*\):*/\1/ +s/:*$// +s/^[^=]*=[ ]*$// +}' +fi + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +fi # test -n "$CONFIG_FILES" + + +eval set X " :F $CONFIG_FILES " +shift +for ac_tag +do + case $ac_tag in + :[FHLC]) ac_mode=$ac_tag; continue;; + esac + case $ac_mode$ac_tag in + :[FHL]*:*);; + :L* | :C*:*) { { $as_echo "$as_me:$LINENO: error: Invalid tag $ac_tag." >&5 +$as_echo "$as_me: error: Invalid tag $ac_tag." >&2;} + { (exit 1); exit 1; }; };; + :[FH]-) ac_tag=-:-;; + :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; + esac + ac_save_IFS=$IFS + IFS=: + set x $ac_tag + IFS=$ac_save_IFS + shift + ac_file=$1 + shift + + case $ac_mode in + :L) ac_source=$1;; + :[FH]) + ac_file_inputs= + for ac_f + do + case $ac_f in + -) ac_f="$tmp/stdin";; + *) # Look for the file first in the build tree, then in the source tree + # (if the path is not absolute). The absolute path cannot be DOS-style, + # because $ac_f cannot contain `:'. + test -f "$ac_f" || + case $ac_f in + [\\/$]*) false;; + *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; + esac || + { { $as_echo "$as_me:$LINENO: error: cannot find input file: $ac_f" >&5 +$as_echo "$as_me: error: cannot find input file: $ac_f" >&2;} + { (exit 1); exit 1; }; };; + esac + case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac + ac_file_inputs="$ac_file_inputs '$ac_f'" + done + + # Let's still pretend it is `configure' which instantiates (i.e., don't + # use $as_me), people would be surprised to read: + # /* config.h. Generated by config.status. */ + configure_input='Generated from '` + $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' + `' by configure.' + if test x"$ac_file" != x-; then + configure_input="$ac_file. $configure_input" + { $as_echo "$as_me:$LINENO: creating $ac_file" >&5 +$as_echo "$as_me: creating $ac_file" >&6;} + fi + # Neutralize special characters interpreted by sed in replacement strings. + case $configure_input in #( + *\&* | *\|* | *\\* ) + ac_sed_conf_input=`$as_echo "$configure_input" | + sed 's/[\\\\&|]/\\\\&/g'`;; #( + *) ac_sed_conf_input=$configure_input;; + esac + + case $ac_tag in + *:-:* | *:-) cat >"$tmp/stdin" \ + || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5 +$as_echo "$as_me: error: could not create $ac_file" >&2;} + { (exit 1); exit 1; }; } ;; + esac + ;; + esac + + ac_dir=`$as_dirname -- "$ac_file" || +$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$ac_file" : 'X\(//\)[^/]' \| \ + X"$ac_file" : 'X\(//\)$' \| \ + X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$ac_file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + { as_dir="$ac_dir" + case $as_dir in #( + -*) as_dir=./$as_dir;; + esac + test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || { + as_dirs= + while :; do + case $as_dir in #( + *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( + *) as_qdir=$as_dir;; + esac + as_dirs="'$as_qdir' $as_dirs" + as_dir=`$as_dirname -- "$as_dir" || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + test -d "$as_dir" && break + done + test -z "$as_dirs" || eval "mkdir $as_dirs" + } || test -d "$as_dir" || { { $as_echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5 +$as_echo "$as_me: error: cannot create directory $as_dir" >&2;} + { (exit 1); exit 1; }; }; } + ac_builddir=. + +case "$ac_dir" in +.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; +*) + ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` + # A ".." for each directory in $ac_dir_suffix. + ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` + case $ac_top_builddir_sub in + "") ac_top_builddir_sub=. ac_top_build_prefix= ;; + *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; + esac ;; +esac +ac_abs_top_builddir=$ac_pwd +ac_abs_builddir=$ac_pwd$ac_dir_suffix +# for backward compatibility: +ac_top_builddir=$ac_top_build_prefix + +case $srcdir in + .) # We are building in place. + ac_srcdir=. + ac_top_srcdir=$ac_top_builddir_sub + ac_abs_top_srcdir=$ac_pwd ;; + [\\/]* | ?:[\\/]* ) # Absolute name. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir + ac_abs_top_srcdir=$srcdir ;; + *) # Relative name. + ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_build_prefix$srcdir + ac_abs_top_srcdir=$ac_pwd/$srcdir ;; +esac +ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix + + + case $ac_mode in + :F) + # + # CONFIG_FILE + # + + case $INSTALL in + [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; + *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;; + esac +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# If the template does not know about datarootdir, expand it. +# FIXME: This hack should be removed a few years after 2.60. +ac_datarootdir_hack=; ac_datarootdir_seen= + +ac_sed_dataroot=' +/datarootdir/ { + p + q +} +/@datadir@/p +/@docdir@/p +/@infodir@/p +/@localedir@/p +/@mandir@/p +' +case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in +*datarootdir*) ac_datarootdir_seen=yes;; +*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) + { $as_echo "$as_me:$LINENO: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 +$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 + ac_datarootdir_hack=' + s&@datadir@&$datadir&g + s&@docdir@&$docdir&g + s&@infodir@&$infodir&g + s&@localedir@&$localedir&g + s&@mandir@&$mandir&g + s&\\\${datarootdir}&$datarootdir&g' ;; +esac +_ACEOF + +# Neutralize VPATH when `$srcdir' = `.'. +# Shell code in configure.ac might set extrasub. +# FIXME: do we really want to maintain this feature? +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +ac_sed_extra="$ac_vpsub +$extrasub +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +:t +/@[a-zA-Z_][a-zA-Z_0-9]*@/!b +s|@configure_input@|$ac_sed_conf_input|;t t +s&@top_builddir@&$ac_top_builddir_sub&;t t +s&@top_build_prefix@&$ac_top_build_prefix&;t t +s&@srcdir@&$ac_srcdir&;t t +s&@abs_srcdir@&$ac_abs_srcdir&;t t +s&@top_srcdir@&$ac_top_srcdir&;t t +s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t +s&@builddir@&$ac_builddir&;t t +s&@abs_builddir@&$ac_abs_builddir&;t t +s&@abs_top_builddir@&$ac_abs_top_builddir&;t t +s&@INSTALL@&$ac_INSTALL&;t t +$ac_datarootdir_hack +" +eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$tmp/subs.awk" >$tmp/out \ + || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5 +$as_echo "$as_me: error: could not create $ac_file" >&2;} + { (exit 1); exit 1; }; } + +test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && + { ac_out=`sed -n '/\${datarootdir}/p' "$tmp/out"`; test -n "$ac_out"; } && + { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' "$tmp/out"`; test -z "$ac_out"; } && + { $as_echo "$as_me:$LINENO: WARNING: $ac_file contains a reference to the variable \`datarootdir' +which seems to be undefined. Please make sure it is defined." >&5 +$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' +which seems to be undefined. Please make sure it is defined." >&2;} + + rm -f "$tmp/stdin" + case $ac_file in + -) cat "$tmp/out" && rm -f "$tmp/out";; + *) rm -f "$ac_file" && mv "$tmp/out" "$ac_file";; + esac \ + || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5 +$as_echo "$as_me: error: could not create $ac_file" >&2;} + { (exit 1); exit 1; }; } + ;; + + + + esac + +done # for ac_tag + + +{ (exit 0); exit 0; } +_ACEOF +chmod +x $CONFIG_STATUS +ac_clean_files=$ac_clean_files_save + +test $ac_write_fail = 0 || + { { $as_echo "$as_me:$LINENO: error: write failure creating $CONFIG_STATUS" >&5 +$as_echo "$as_me: error: write failure creating $CONFIG_STATUS" >&2;} + { (exit 1); exit 1; }; } + + +# configure is writing to config.log, and then calls config.status. +# config.status does its own redirection, appending to config.log. +# Unfortunately, on DOS this fails, as config.log is still kept open +# by configure, so config.status won't be able to write to it; its +# output is simply discarded. So we exec the FD to /dev/null, +# effectively closing config.log, so it can be properly (re)opened and +# appended to by config.status. When coming back to configure, we +# need to make the FD available again. +if test "$no_create" != yes; then + ac_cs_success=: + ac_config_status_args= + test "$silent" = yes && + ac_config_status_args="$ac_config_status_args --quiet" + exec 5>/dev/null + $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false + exec 5>>config.log + # Use ||, not &&, to avoid exiting from the if with $? = 1, which + # would make configure fail if this is the last instruction. + $ac_cs_success || { (exit 1); exit 1; } +fi +if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then + { $as_echo "$as_me:$LINENO: WARNING: Unrecognized options: $ac_unrecognized_opts" >&5 +$as_echo "$as_me: WARNING: Unrecognized options: $ac_unrecognized_opts" >&2;} +fi + + +if test -f .devel ; then + make depend +fi +exit 0 diff --git a/contrib/nslint-3.0a2/configure.in b/contrib/nslint-3.0a2/configure.in new file mode 100644 index 0000000000..aa8a6b07f5 --- /dev/null +++ b/contrib/nslint-3.0a2/configure.in @@ -0,0 +1,51 @@ +AC_REVISION([@(#) $Id: configure.in 241 2009-10-10 23:31:13Z leres $ (LBL)]) +dnl +AC_COPYRIGHT([Copyright (c) 1995, 1996, 1997, 2006, 2009 + The Regents of the University of California. All rights reserved.]) +dnl +dnl Process this file with autoconf to produce a configure script. +dnl + +AC_INIT +AC_CONFIG_SRCDIR(nslint.c) + +AC_CANONICAL_TARGET + +umask 002 + +if test -z "$PWD" ; then + PWD=`pwd` +fi + +AC_LBL_C_INIT(V_CCOPT, V_INCLS) +AC_PROG_INSTALL + +AC_CHECK_HEADERS(fcntl.h memory.h) + +AC_REPLACE_FUNCS(strerror) +AC_CHECK_LIB(nsl, main) +AC_CHECK_LIB(socket, main) + +AC_LBL_CHECK_TYPE(int32_t, int) +AC_LBL_CHECK_TYPE(u_int32_t, u_int) + +AC_LBL_DEVEL(V_CCOPT) + +if test -r lbl/gnuc.h ; then + rm -f gnuc.h + ln -s lbl/gnuc.h gnuc.h +fi + +AC_SUBST(CFLAGS) +AC_SUBST(LDFLAGS) +AC_SUBST(LIBS) +AC_SUBST(V_CCOPT) +AC_SUBST(V_INCLS) + +AC_CONFIG_FILES(Makefile) +AC_OUTPUT + +if test -f .devel ; then + make depend +fi +exit 0 diff --git a/contrib/nslint-3.0a2/install-sh b/contrib/nslint-3.0a2/install-sh new file mode 100755 index 0000000000..a5897de6ea --- /dev/null +++ b/contrib/nslint-3.0a2/install-sh @@ -0,0 +1,519 @@ +#!/bin/sh +# install - install a program, script, or datafile + +scriptversion=2006-12-25.00 + +# This originates from X11R5 (mit/util/scripts/install.sh), which was +# later released in X11R6 (xc/config/util/install.sh) with the +# following copyright and license. +# +# Copyright (C) 1994 X Consortium +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to +# deal in the Software without restriction, including without limitation the +# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or +# sell copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN +# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC- +# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +# +# Except as contained in this notice, the name of the X Consortium shall not +# be used in advertising or otherwise to promote the sale, use or other deal- +# ings in this Software without prior written authorization from the X Consor- +# tium. +# +# +# FSF changes to this file are in the public domain. +# +# Calling this script install-sh is preferred over install.sh, to prevent +# `make' implicit rules from creating a file called install from it +# when there is no Makefile. +# +# This script is compatible with the BSD install script, but was written +# from scratch. + +nl=' +' +IFS=" "" $nl" + +# set DOITPROG to echo to test this script + +# Don't use :- since 4.3BSD and earlier shells don't like it. +doit=${DOITPROG-} +if test -z "$doit"; then + doit_exec=exec +else + doit_exec=$doit +fi + +# Put in absolute file names if you don't have them in your path; +# or use environment vars. + +chgrpprog=${CHGRPPROG-chgrp} +chmodprog=${CHMODPROG-chmod} +chownprog=${CHOWNPROG-chown} +cmpprog=${CMPPROG-cmp} +cpprog=${CPPROG-cp} +mkdirprog=${MKDIRPROG-mkdir} +mvprog=${MVPROG-mv} +rmprog=${RMPROG-rm} +stripprog=${STRIPPROG-strip} + +posix_glob='?' +initialize_posix_glob=' + test "$posix_glob" != "?" || { + if (set -f) 2>/dev/null; then + posix_glob= + else + posix_glob=: + fi + } +' + +posix_mkdir= + +# Desired mode of installed file. +mode=0755 + +chgrpcmd= +chmodcmd=$chmodprog +chowncmd= +mvcmd=$mvprog +rmcmd="$rmprog -f" +stripcmd= + +src= +dst= +dir_arg= +dst_arg= + +copy_on_change=false +no_target_directory= + +usage="\ +Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE + or: $0 [OPTION]... SRCFILES... DIRECTORY + or: $0 [OPTION]... -t DIRECTORY SRCFILES... + or: $0 [OPTION]... -d DIRECTORIES... + +In the 1st form, copy SRCFILE to DSTFILE. +In the 2nd and 3rd, copy all SRCFILES to DIRECTORY. +In the 4th, create DIRECTORIES. + +Options: + --help display this help and exit. + --version display version info and exit. + + -c (ignored) + -C install only if different (preserve the last data modification time) + -d create directories instead of installing files. + -g GROUP $chgrpprog installed files to GROUP. + -m MODE $chmodprog installed files to MODE. + -o USER $chownprog installed files to USER. + -s $stripprog installed files. + -t DIRECTORY install into DIRECTORY. + -T report an error if DSTFILE is a directory. + +Environment variables override the default commands: + CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG + RMPROG STRIPPROG +" + +while test $# -ne 0; do + case $1 in + -c) ;; + + -C) copy_on_change=true;; + + -d) dir_arg=true;; + + -g) chgrpcmd="$chgrpprog $2" + shift;; + + --help) echo "$usage"; exit $?;; + + -m) mode=$2 + case $mode in + *' '* | *' '* | *' +'* | *'*'* | *'?'* | *'['*) + echo "$0: invalid mode: $mode" >&2 + exit 1;; + esac + shift;; + + -o) chowncmd="$chownprog $2" + shift;; + + -s) stripcmd=$stripprog;; + + -t) dst_arg=$2 + shift;; + + -T) no_target_directory=true;; + + --version) echo "$0 $scriptversion"; exit $?;; + + --) shift + break;; + + -*) echo "$0: invalid option: $1" >&2 + exit 1;; + + *) break;; + esac + shift +done + +if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then + # When -d is used, all remaining arguments are directories to create. + # When -t is used, the destination is already specified. + # Otherwise, the last argument is the destination. Remove it from $@. + for arg + do + if test -n "$dst_arg"; then + # $@ is not empty: it contains at least $arg. + set fnord "$@" "$dst_arg" + shift # fnord + fi + shift # arg + dst_arg=$arg + done +fi + +if test $# -eq 0; then + if test -z "$dir_arg"; then + echo "$0: no input file specified." >&2 + exit 1 + fi + # It's OK to call `install-sh -d' without argument. + # This can happen when creating conditional directories. + exit 0 +fi + +if test -z "$dir_arg"; then + trap '(exit $?); exit' 1 2 13 15 + + # Set umask so as not to create temps with too-generous modes. + # However, 'strip' requires both read and write access to temps. + case $mode in + # Optimize common cases. + *644) cp_umask=133;; + *755) cp_umask=22;; + + *[0-7]) + if test -z "$stripcmd"; then + u_plus_rw= + else + u_plus_rw='% 200' + fi + cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;; + *) + if test -z "$stripcmd"; then + u_plus_rw= + else + u_plus_rw=,u+rw + fi + cp_umask=$mode$u_plus_rw;; + esac +fi + +for src +do + # Protect names starting with `-'. + case $src in + -*) src=./$src;; + esac + + if test -n "$dir_arg"; then + dst=$src + dstdir=$dst + test -d "$dstdir" + dstdir_status=$? + else + + # Waiting for this to be detected by the "$cpprog $src $dsttmp" command + # might cause directories to be created, which would be especially bad + # if $src (and thus $dsttmp) contains '*'. + if test ! -f "$src" && test ! -d "$src"; then + echo "$0: $src does not exist." >&2 + exit 1 + fi + + if test -z "$dst_arg"; then + echo "$0: no destination specified." >&2 + exit 1 + fi + + dst=$dst_arg + # Protect names starting with `-'. + case $dst in + -*) dst=./$dst;; + esac + + # If destination is a directory, append the input filename; won't work + # if double slashes aren't ignored. + if test -d "$dst"; then + if test -n "$no_target_directory"; then + echo "$0: $dst_arg: Is a directory" >&2 + exit 1 + fi + dstdir=$dst + dst=$dstdir/`basename "$src"` + dstdir_status=0 + else + # Prefer dirname, but fall back on a substitute if dirname fails. + dstdir=` + (dirname "$dst") 2>/dev/null || + expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$dst" : 'X\(//\)[^/]' \| \ + X"$dst" : 'X\(//\)$' \| \ + X"$dst" : 'X\(/\)' \| . 2>/dev/null || + echo X"$dst" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q' + ` + + test -d "$dstdir" + dstdir_status=$? + fi + fi + + obsolete_mkdir_used=false + + if test $dstdir_status != 0; then + case $posix_mkdir in + '') + # Create intermediate dirs using mode 755 as modified by the umask. + # This is like FreeBSD 'install' as of 1997-10-28. + umask=`umask` + case $stripcmd.$umask in + # Optimize common cases. + *[2367][2367]) mkdir_umask=$umask;; + .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;; + + *[0-7]) + mkdir_umask=`expr $umask + 22 \ + - $umask % 100 % 40 + $umask % 20 \ + - $umask % 10 % 4 + $umask % 2 + `;; + *) mkdir_umask=$umask,go-w;; + esac + + # With -d, create the new directory with the user-specified mode. + # Otherwise, rely on $mkdir_umask. + if test -n "$dir_arg"; then + mkdir_mode=-m$mode + else + mkdir_mode= + fi + + posix_mkdir=false + case $umask in + *[123567][0-7][0-7]) + # POSIX mkdir -p sets u+wx bits regardless of umask, which + # is incompatible with FreeBSD 'install' when (umask & 300) != 0. + ;; + *) + tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$ + trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0 + + if (umask $mkdir_umask && + exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1 + then + if test -z "$dir_arg" || { + # Check for POSIX incompatibilities with -m. + # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or + # other-writeable bit of parent directory when it shouldn't. + # FreeBSD 6.1 mkdir -m -p sets mode of existing directory. + ls_ld_tmpdir=`ls -ld "$tmpdir"` + case $ls_ld_tmpdir in + d????-?r-*) different_mode=700;; + d????-?--*) different_mode=755;; + *) false;; + esac && + $mkdirprog -m$different_mode -p -- "$tmpdir" && { + ls_ld_tmpdir_1=`ls -ld "$tmpdir"` + test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1" + } + } + then posix_mkdir=: + fi + rmdir "$tmpdir/d" "$tmpdir" + else + # Remove any dirs left behind by ancient mkdir implementations. + rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null + fi + trap '' 0;; + esac;; + esac + + if + $posix_mkdir && ( + umask $mkdir_umask && + $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir" + ) + then : + else + + # The umask is ridiculous, or mkdir does not conform to POSIX, + # or it failed possibly due to a race condition. Create the + # directory the slow way, step by step, checking for races as we go. + + case $dstdir in + /*) prefix='/';; + -*) prefix='./';; + *) prefix='';; + esac + + eval "$initialize_posix_glob" + + oIFS=$IFS + IFS=/ + $posix_glob set -f + set fnord $dstdir + shift + $posix_glob set +f + IFS=$oIFS + + prefixes= + + for d + do + test -z "$d" && continue + + prefix=$prefix$d + if test -d "$prefix"; then + prefixes= + else + if $posix_mkdir; then + (umask=$mkdir_umask && + $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break + # Don't fail if two instances are running concurrently. + test -d "$prefix" || exit 1 + else + case $prefix in + *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;; + *) qprefix=$prefix;; + esac + prefixes="$prefixes '$qprefix'" + fi + fi + prefix=$prefix/ + done + + if test -n "$prefixes"; then + # Don't fail if two instances are running concurrently. + (umask $mkdir_umask && + eval "\$doit_exec \$mkdirprog $prefixes") || + test -d "$dstdir" || exit 1 + obsolete_mkdir_used=true + fi + fi + fi + + if test -n "$dir_arg"; then + { test -z "$chowncmd" || $doit $chowncmd "$dst"; } && + { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } && + { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false || + test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1 + else + + # Make a couple of temp file names in the proper directory. + dsttmp=$dstdir/_inst.$$_ + rmtmp=$dstdir/_rm.$$_ + + # Trap to clean up those temp files at exit. + trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0 + + # Copy the file name to the temp name. + (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") && + + # and set any options; do chmod last to preserve setuid bits. + # + # If any of these fail, we abort the whole thing. If we want to + # ignore errors from any of these, just make sure not to ignore + # errors from the above "$doit $cpprog $src $dsttmp" command. + # + { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } && + { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } && + { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } && + { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } && + + # If -C, don't bother to copy if it wouldn't change the file. + if $copy_on_change && + old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` && + new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` && + + eval "$initialize_posix_glob" && + $posix_glob set -f && + set X $old && old=:$2:$4:$5:$6 && + set X $new && new=:$2:$4:$5:$6 && + $posix_glob set +f && + + test "$old" = "$new" && + $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1 + then + rm -f "$dsttmp" + else + # Rename the file to the real destination. + $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null || + + # The rename failed, perhaps because mv can't rename something else + # to itself, or perhaps because mv is so ancient that it does not + # support -f. + { + # Now remove or move aside any old file at destination location. + # We try this two ways since rm can't unlink itself on some + # systems and the destination file might be busy for other + # reasons. In this case, the final cleanup might fail but the new + # file should still install successfully. + { + test ! -f "$dst" || + $doit $rmcmd -f "$dst" 2>/dev/null || + { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null && + { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; } + } || + { echo "$0: cannot unlink or rename $dst" >&2 + (exit 1); exit 1 + } + } && + + # Now rename the file to the real destination. + $doit $mvcmd "$dsttmp" "$dst" + } + fi || exit 1 + + trap '' 0 + fi +done + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-end: "$" +# End: diff --git a/contrib/nslint-2.1a3/lbl/gnuc.h b/contrib/nslint-3.0a2/lbl/gnuc.h similarity index 72% rename from contrib/nslint-2.1a3/lbl/gnuc.h rename to contrib/nslint-3.0a2/lbl/gnuc.h index aa56c3d4fc..3c6b8f8d9e 100644 --- a/contrib/nslint-2.1a3/lbl/gnuc.h +++ b/contrib/nslint-3.0a2/lbl/gnuc.h @@ -1,4 +1,4 @@ -/* @(#) $Header: /u0/home/explorer/proj/ISC/git-conversion/cvsroot/bind9/contrib/nslint-2.1a3/lbl/gnuc.h,v 1.1 2001/12/21 04:12:05 marka Exp $ (LBL) */ +/* @(#) $Id: gnuc.h,v 1.4 2006/04/30 03:58:45 leres Exp $ (LBL) */ /* Define __P() macro, if necessary */ #ifndef __P @@ -21,12 +21,18 @@ * * For example: * - * __dead void foo(void) __attribute__((volatile)); + * __dead void foo(void) __attribute__((noreturn)); * */ #ifdef __GNUC__ #ifndef __dead +#if __GNUC__ >= 4 +#define __dead +#define noreturn __noreturn__ +#else #define __dead volatile +#define noreturn volatile +#endif #endif #if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 5) #ifndef __attribute__ diff --git a/contrib/nslint-2.1a3/mkdep b/contrib/nslint-3.0a2/mkdep old mode 100644 new mode 100755 similarity index 100% rename from contrib/nslint-2.1a3/mkdep rename to contrib/nslint-3.0a2/mkdep diff --git a/contrib/nslint-2.1a3/nslint.8 b/contrib/nslint-3.0a2/nslint.8 similarity index 84% rename from contrib/nslint-2.1a3/nslint.8 rename to contrib/nslint-3.0a2/nslint.8 index 98c1ebeab0..92515ea449 100644 --- a/contrib/nslint-2.1a3/nslint.8 +++ b/contrib/nslint-3.0a2/nslint.8 @@ -1,6 +1,6 @@ -.\" @(#) $Id: nslint.8,v 1.1 2001/12/21 04:12:03 marka Exp $ (LBL) +.\" @(#) $Id: nslint.8 238 2009-03-14 05:43:37Z leres $ (LBL) .\" -.\" Copyright (c) 1994, 1996, 1997, 1999, 2001 +.\" Copyright (c) 1994, 1996, 1997, 1999, 2001, 2002, 2009 .\" The Regents of the University of California. All rights reserved. .\" All rights reserved. .\" @@ -20,7 +20,7 @@ .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. .\" -.TH nslint 8 "20 March 2001" +.TH nslint 8 "2 May 2002" .UC 4 .SH NAME nslint - perform consistency checks on dns files @@ -29,23 +29,23 @@ nslint - perform consistency checks on dns files [ .B -d ] [ -.B -b -.I named.boot -] [ -.B -B -.I nslint.boot -] -.br -.B nslint -[ -.B -d -] [ .B -c .I named.conf ] [ .B -C .I nslint.conf ] +.br +.B nslint +[ +.B -d +] [ +.B -b +.I named.boot +] [ +.B -B +.I nslint.boot +] .SH DESCRIPTION .B Nslint reads the nameserver configuration files and performs a number of @@ -56,7 +56,7 @@ and .B nslint exits with a non-zero status. .LP -Here is a short list of errors +Here is a partial list of errors .B nslint detects: .IP @@ -93,7 +93,7 @@ Unknown service and/or protocol keywords in .B WKS records. .IP -Missing quotes. +Missing semicolons and quotes. .LP .SH OPTIONS .TP @@ -150,25 +150,31 @@ displayed on .IR stdout . .LP .B Nslint -knows how to read old style -.I named.boot -and BIND 8's new +knows how to read +BIND 8 and 9's .I named.conf -files. If both files exist, +configuration file and also +older BIND's +.I named.boot +file. If both files exist, .B nslint will prefer .I named.conf (on the theory that you forgot to delete .I named.boot -when you upgraded to BIND 8). +when you upgraded BIND). .LP .SH "ADVANCED CONFIGURATION" There are some cases where it is necessary to use the advanced configuration features of .BR nslint . Advanced configuration is done with the +.I nslint.conf +file. (You can also use .I nslint.boot -file. +which has a syntax similar to +.I named.boot +but is not described here.) .LP The most common is when a site has a demilitarized zone (DMZ). The problem here is that the DMZ network will have @@ -198,14 +204,19 @@ but we will get errors because there is no record defined for .IR gateway.es.net . The solution is to create a -.I nslint.boot +.I nslint.conf file (in the same directory as the other dns files) with: .LP .RS .nf .sp .5 -primary es.net nslint.es.net +zone "es.net" { +.RS +type master; +file "nslint.es.net"; +.RE +}; .sp .5 .fi .RE @@ -242,7 +253,12 @@ In this case we would need: .RS .nf .sp .5 -primary es.net nslint.es.net +zone "es.net" { +.RS +type master; +file "nslint.es.net"; +.RE +}; .sp .5 .fi .RE @@ -292,14 +308,25 @@ To suppress these warnings, add you would the lines: .RS .nf .sp .5 -primary lbl.gov nslint.lbl.gov -primary 0.128.in-addr.arpa nslint.128.0.rev +zone "lbl.gov" { +.RS +type master; +file "nslint.lbl.gov"; +.RE +}; +.LP +zone "0.128.in-addr.arpa" { +.RS +type master; +file "nslint.128.0.rev"; +.RE +}; .sp .5 .fi .RE .LP to -.I nslint.boot +.I nslint.conf and create .I nslint.lbl.gov with: @@ -340,7 +367,7 @@ to be shared by and .IR jerry.lbl.gov . .LP -One last +Another .B nslint feature helps detect hosts that have mistakenly had two ip addresses assigned on the same subnet. This can happen when two different @@ -361,6 +388,19 @@ containing something similar to: nslint { .RS network "128.0.6/22"; +.RE +}; +.sp .5 +.fi +.RE +.LP +or: +.LP +.RS +.nf +.sp .5 +nslint { +.RS network "128.0.6 255.255.252.0"; .RE }; @@ -368,26 +408,11 @@ network "128.0.6 255.255.252.0"; .fi .RE .LP -The two network lines in this example are equivalent ways of saying the same -thing; that subnet +These two examples are are equivalent ways of saying the same thing; +that subnet .I 128.0.6 has a 22 bit wide subnet mask. .LP -If you are using -.IR nslint.boot , -the syntax would be: -.LP -.RS -.nf -.sp .5 -network 128.0.6/22 -network 128.0.6 255.255.252.0 -.sp .5 -.fi -.RE -.LP -Again this shows two ways of saying the same thing. -.LP Using information from the above .B network statement, @@ -409,21 +434,42 @@ Note that if you specify any .B network lines in your .I nslint.conf -or -.I nslint.boot -files, +file, .B nslint requires you to include lines for all networks; otherwise you might forget to add .B network lines for new networks. .LP +Sometimes you have a zone that +.B nslint +just can't deal with. A good example is +a dynamic dns zone. To handle this, you can +add the following to +.IB nslint.com : +.LP +.RS +.nf +.sp .5 +nslint { +.RS +ignorezone "dhcp.lbl.gov"; +.RE +}; +.sp .5 +.fi +.RE +.LP +This will suppress "name referenced without other records" warnings. +.LP .SH FILES .na .nh .nf -/etc/named.boot - default named configuration file -nslint.boot - default nslint configuration file +/etc/named.conf - default named configuration file +/etc/named.boot - old style named configuration file +nslint.conf - default nslint configuration file +nslint.boot - old style nslint configuration file .ad .hy .fi diff --git a/contrib/nslint-2.1a3/nslint.c b/contrib/nslint-3.0a2/nslint.c similarity index 60% rename from contrib/nslint-2.1a3/nslint.c rename to contrib/nslint-3.0a2/nslint.c index 4d9eeb8e1e..9708c58a38 100644 --- a/contrib/nslint-2.1a3/nslint.c +++ b/contrib/nslint-3.0a2/nslint.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 + * Copyright (c) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2005, 2006, 2007, 2008, 2009 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -20,10 +20,10 @@ */ #ifndef lint static const char copyright[] = - "@(#) Copyright (c) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001\n\ + "@(#) Copyright (c) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2005, 2006, 2007, 2008, 2009\n\ The Regents of the University of California. All rights reserved.\n"; static const char rcsid[] = - "@(#) $Id: nslint.c,v 1.2 2011/11/30 00:48:51 marka Exp $ (LBL)"; + "@(#) $Id: nslint.c 247 2009-10-14 17:54:05Z leres $ (LBL)"; #endif /* * nslint - perform consistency checks on dns files @@ -31,6 +31,7 @@ static const char rcsid[] = #include #include +#include #include @@ -41,9 +42,6 @@ static const char rcsid[] = #ifdef HAVE_FCNTL_H #include #endif -#ifdef HAVE_MALLOC_H -#include -#endif #ifdef HAVE_MEMORY_H #include #endif @@ -55,6 +53,7 @@ static const char rcsid[] = #include #include "savestr.h" +#include "version.h" #include "gnuc.h" #ifdef HAVE_OS_PROTO_H @@ -64,32 +63,91 @@ static const char rcsid[] = #define NSLINTBOOT "nslint.boot" /* default nslint.boot file */ #define NSLINTCONF "nslint.conf" /* default nslint.conf file */ -/* item struct */ +/* Is the string just a dot by itself? */ +#define CHECKDOT(p) (p[0] == '.' && p[1] == '\0') + +/* Address (network order) */ +struct addr { + u_int family; + union { + struct in_addr _a_addr4; + struct in6_addr _a_addr6; + } addr; +}; +#define a_addr4 addr._a_addr4.s_addr +#define a_addr6 addr._a_addr6.s6_addr + +/* Network */ +struct network { + u_int family; + union { + struct in_addr _n_addr4; + struct in6_addr _n_addr6; + } addr; + union { + struct in_addr _n_mask4; + struct in6_addr _n_mask6; + } mask; +}; +#define n_addr4 addr._n_addr4.s_addr +#define n_mask4 mask._n_mask4.s_addr +#define n_addr6 addr._n_addr6.s6_addr +#define n_mask6 mask._n_mask6.s6_addr + +/* Item struct */ struct item { char *host; /* pointer to hostname */ - u_int32_t addr; /* ip address */ + struct addr addr; /* ip address */ u_int ttl; /* ttl of A records */ int records; /* resource records seen */ int flags; /* flags word */ }; +/* Ignored zone struct */ +struct ignoredzone { + char *zone; /* zone name */ + int len; /* length of zone */ +}; + /* Resource records seen */ #define REC_A 0x0001 -#define REC_PTR 0x0002 -#define REC_WKS 0x0004 -#define REC_HINFO 0x0008 -#define REC_MX 0x0010 -#define REC_CNAME 0x0020 -#define REC_NS 0x0040 -#define REC_SOA 0x0080 -#define REC_RP 0x0100 -#define REC_TXT 0x0200 -#define REC_SRV 0x0400 +#define REC_AAAA 0x0002 +#define REC_PTR 0x0004 +#define REC_WKS 0x0008 +#define REC_HINFO 0x0010 +#define REC_MX 0x0020 +#define REC_CNAME 0x0040 +#define REC_NS 0x0080 +#define REC_SOA 0x0100 +#define REC_RP 0x0200 +#define REC_TXT 0x0400 +#define REC_SRV 0x0800 /* These aren't real records */ -#define REC_OTHER 0x0800 -#define REC_REF 0x1000 -#define REC_UNKNOWN 0x2000 +#define REC_OTHER 0x1000 +#define REC_REF 0x2000 +#define REC_UNKNOWN 0x4000 + +/* resource record types for parsing */ +enum rrtype { + RR_UNDEF = 0, + RR_A, + RR_AAAA, + RR_ALLOWDUPA, + RR_CNAME, + RR_DNSKEY, + RR_HINFO, + RR_MX, + RR_NS, + RR_PTR, + RR_RP, + RR_SOA, + RR_SRV, + RR_TXT, + RR_WKS, + RR_RRSIG, + RR_NSEC, +}; /* Test for records we want to map to REC_OTHER */ #define MASK_TEST_REC (REC_WKS | REC_HINFO | \ @@ -97,11 +155,11 @@ struct item { /* Mask away records we don't care about in the final processing to REC_OTHER */ #define MASK_CHECK_REC \ - (REC_A | REC_PTR | REC_CNAME | REC_REF | REC_OTHER) + (REC_A | REC_AAAA | REC_PTR | REC_CNAME | REC_REF | REC_OTHER) /* Test for records we want to check for duplicate name detection */ #define MASK_TEST_DUP \ - (REC_A | REC_HINFO) + (REC_A | REC_AAAA | REC_HINFO | REC_CNAME) /* Flags */ #define FLG_SELFMX 0x001 /* mx record refers to self */ @@ -109,14 +167,15 @@ struct item { #define FLG_SMTPWKS 0x004 /* saw wks with smtp/tcp */ #define FLG_ALLOWDUPA 0x008 /* allow duplicate a records */ +/* doconf() and doboot() flags */ +#define CONF_MUSTEXIST 0x001 /* fatal for files to not exist */ +#define CONF_NOZONE 0x002 /* do not parse zone files */ + /* Test for smtp problems */ #define MASK_TEST_SMTP \ (FLG_SELFMX | FLG_SMTPWKS) - #define ITEMSIZE (1 << 17) /* power of two */ -#define ITEMHASH(str, h, p) \ - for (p = str, h = 0; *p != '.' && *p != '\0';) h = (h << 5) - h + *p++ struct item items[ITEMSIZE]; int itemcnt; /* count of items */ @@ -128,19 +187,34 @@ int strsize; /* size of space left in pool */ int debug; int errors; +#ifdef __FreeBSD__ +char *bootfile = "/etc/namedb/named.boot"; +char *conffile = "/etc/namedb/named.conf"; +#else char *bootfile = "/etc/named.boot"; char *conffile = "/etc/named.conf"; +#endif char *nslintboot; char *nslintconf; char *prog; char *cwd = "."; +static struct network *netlist; +static u_int netlistsize; /* size of array */ +static u_int netlistcnt; /* next free element */ + char **protoserv; /* valid protocol/service names */ int protoserv_init; int protoserv_last; int protoserv_len; static char inaddr[] = ".in-addr.arpa."; +static char inaddr6[] = ".ip6.arpa."; + +/* XXX should be dynamic */ +static struct ignoredzone ignoredzones[10]; +static int numignoredzones = 0; +#define SIZEIGNOREDZONES (sizeof(ignoredzones) / sizeof(ignoredzones[0])) /* SOA record */ #define SOA_SERIAL 0 @@ -154,57 +228,49 @@ static int nsoaval; #define NSOAVAL (sizeof(soaval) / sizeof(soaval[0])) /* Forwards */ -static inline void add_domain(char *, const char *); -int checkdots(const char *); -void checkdups(struct item *, int); -int checkserv(const char *, char **p); -int checkwks(FILE *, char *, int *, char **); -int cmpaddr(const void *, const void *); -int cmphost(const void *, const void *); -int doboot(const char *, int); -int doconf(const char *, int); -void initprotoserv(void); -char *intoa(u_int32_t); -int main(int, char **); -int nslint(void); -int parseinaddr(const char *, u_int32_t *, u_int32_t *); -int parsenetwork(const char *, char **); -u_int32_t parseptr(const char *, u_int32_t, u_int32_t, char **); -char *parsequoted(char *); -int parsesoa(const char *, char **); -void process(const char *, const char *, const char *); -int rfc1034host(const char *, int); -int updateitem(const char *, u_int32_t, int, u_int, int); -__dead void usage(void) __attribute__((volatile)); +void add_domain(char *, const char *); +const char *addr2str(struct addr *); +int checkaddr(const char *); +int checkdots(const char *); +void checkdups(struct item *, int); +int checkignoredzone(const char *); +int checkserv(const char *, char **p); +int checkwks(FILE *, char *, int *, char **); +int cmpaddr(const void *, const void *); +int cmpitemaddr(const void *, const void *); +int cmpitemhost(const void *, const void *); +int cmpnetwork(const void *, const void *); +void doboot(const char *, int); +void doconf(const char *, int); +const char *extractaddr(const char *, struct addr *); +const char *extractnetwork(const char *, struct network *); +struct network *findnetwork(struct addr *); +void initprotoserv(void); +int main(int, char **); +int maskwidth(struct network *); +const char *network2str(struct network *); +void nslint(void); +const char *parsenetwork(const char *); +const char *parseptr(const char *, struct addr *); +char *parsequoted(char *); +int parserrsig(const char *, char **); +int parsesoa(const char *, char **); +void process(const char *, const char *, const char *); +int rfc1034host(const char *, int); +enum rrtype txt2rrtype(const char *); +int samesubnet(struct addr *, struct addr *, struct network *); +void setmaskwidth(u_int w, struct network *); +int updateitem(const char *, struct addr *, int, u_int, int); +void usage(void) __attribute__((noreturn)); extern char *optarg; extern int optind, opterr; -/* add domain if necessary */ -static inline void -add_domain(register char *name, register const char *domain) -{ - register char *cp; - - /* Kill trailing white space and convert to lowercase */ - for (cp = name; *cp != '\0' && !isspace(*cp); ++cp) - if (isupper(*cp)) - *cp = tolower(*cp); - *cp-- = '\0'; - /* If necessary, append domain */ - if (cp >= name && *cp++ != '.') { - if (*domain != '.') - *cp++ = '.'; - (void)strcpy(cp, domain); - } - /* XXX should we insure a trailing dot? */ -} - int main(int argc, char **argv) { - register char *cp; - register int op, status, i, donamedboot, donamedconf; + char *cp; + int op, donamedboot, donamedconf; if ((cp = strrchr(argv[0], '/')) != NULL) prog = cp + 1; @@ -246,180 +312,409 @@ main(int argc, char **argv) if (optind != argc || (donamedboot && donamedconf)) usage(); - if (donamedboot) - status = doboot(bootfile, 1); - else if (donamedconf) - status = doconf(conffile, 1); - else { - status = doconf(conffile, 0); - if (status < 0) { - status = doboot(bootfile, 1); - ++donamedboot; - } else + /* Find config file if not manually specified */ + if (!donamedboot && !donamedconf) { + if (access(conffile, R_OK) >= 0) ++donamedconf; - } + if (access(bootfile, R_OK) >= 0) + ++donamedboot; - if (donamedboot) { - if (nslintboot != NULL) - status |= doboot(nslintboot, 1); - else if ((i = doboot(NSLINTBOOT, 0)) > 0) - status |= i; - } else { - if (nslintconf != NULL) - status |= doconf(nslintconf, 1); - else if ((i = doconf(NSLINTCONF, 0)) > 0) - status |= i; - } - status |= nslint(); - exit (status); -} - -struct netlist { - u_int32_t net; - u_int32_t mask; -}; - -static struct netlist *netlist; -static u_int netlistsize; /* size of array */ -static u_int netlistcnt; /* next free element */ - -static u_int32_t -findmask(u_int32_t addr) -{ - register int i; - - for (i = 0; i < netlistcnt; ++i) - if ((addr & netlist[i].mask) == netlist[i].net) - return (netlist[i].mask); - return (0); -} - -int -parsenetwork(register const char *cp, register char **errstrp) -{ - register int i, w; - register u_int32_t net, mask; - register u_int32_t o; - register int shift; - static char errstr[132]; - - while (isspace(*cp)) - ++cp; - net = 0; - mask = 0; - shift = 24; - while (isdigit(*cp) && shift >= 0) { - o = 0; - do { - o = o * 10 + (*cp++ - '0'); - } while (isdigit(*cp)); - net |= o << shift; - shift -= 8; - if (*cp != '.') - break; - ++cp; - } - - - if (isspace(*cp)) { - ++cp; - while (isspace(*cp)) - ++cp; - mask = htonl(inet_addr(cp)); - if ((int)mask == -1) { - *errstrp = errstr; - (void)sprintf(errstr, "bad mask \"%s\"", cp); - return (0); - } - i = 0; - while (isdigit(*cp)) - ++cp; - for (i = 0; i < 3 && *cp == '.'; ++i) { - ++cp; - while (isdigit(*cp)) - ++cp; - } - if (i != 3) { - *errstrp = "wrong number of dots in mask"; - return (0); - } - } else if (*cp == '/') { - ++cp; - w = atoi(cp); - do { - ++cp; - } while (isdigit(*cp)); - if (w < 1 || w > 32) { - *errstrp = "bad mask width"; - return (0); - } - mask = 0xffffffff << (32 - w); - } else { - *errstrp = "garbage after net"; - return (0); - } - - while (isspace(*cp)) - ++cp; - - if (*cp != '\0') { - *errstrp = "trailing garbage"; - return (0); - } - - /* Finaly sanity checks */ - if ((net & ~ mask) != 0) { - *errstrp = errstr; - (void)sprintf(errstr, "host bits set in net \"%s\"", - intoa(net)); - return (0); - } - - /* Make sure there's room */ - if (netlistsize <= netlistcnt) { - if (netlistsize == 0) { - netlistsize = 32; - netlist = (struct netlist *) - malloc(netlistsize * sizeof(*netlist)); - } else { - netlistsize <<= 1; - netlist = (struct netlist *) - realloc(netlist, netlistsize * sizeof(*netlist)); - } - if (netlist == NULL) { - fprintf(stderr, "%s: nslint: malloc/realloc: %s\n", - prog, strerror(errno)); + if (donamedboot && donamedconf) { + fprintf(stderr, + "%s: nslint: both %s and %s exist; use -b or -c\n", + prog, conffile, bootfile); exit(1); } } - /* Add to list */ - netlist[netlistcnt].net = net; - netlist[netlistcnt].mask = mask; - ++netlistcnt; + if (donamedboot) { + doboot(bootfile, CONF_MUSTEXIST | CONF_NOZONE); + if (nslintboot != NULL) + doboot(nslintboot, CONF_MUSTEXIST); + else + doboot(NSLINTBOOT, 0); + doboot(bootfile, CONF_MUSTEXIST); + } else { + doconf(conffile, CONF_MUSTEXIST | CONF_NOZONE); + if (nslintconf != NULL) + doconf(nslintconf, CONF_MUSTEXIST); + else + doconf(NSLINTCONF, 0); + doconf(conffile, CONF_MUSTEXIST); + } - return (1); + /* Sort network list */ + if (netlistcnt > 0) + qsort(netlist, netlistcnt, sizeof(netlist[0]), cmpnetwork); + + nslint(); + exit (errors != 0); +} + +/* add domain if necessary */ +void +add_domain(char *name, const char *domain) +{ + char *cp; + + /* Kill trailing white space and convert to lowercase */ + for (cp = name; *cp != '\0' && !isspace(*cp); ++cp) + if (isupper(*cp)) + *cp = tolower(*cp); + *cp-- = '\0'; + /* If necessary, append domain */ + if (cp >= name && *cp++ != '.') { + if (*domain != '.') + *cp++ = '.'; + (void)strcpy(cp, domain); + } + /* XXX should we insure a trailing dot? */ +} + +const char * +addr2str(struct addr *ap) +{ + struct network net; + + memset(&net, 0, sizeof(net)); + net.family = ap->family; + switch (ap->family) { + + case AF_INET: + net.n_addr4 = ap->a_addr4; + setmaskwidth(32, &net); + break; + + case AF_INET6: + memmove(net.n_addr6, &ap->a_addr6, sizeof(ap->a_addr6)); + setmaskwidth(128, &net); + break; + + default: + return (""); + } + return (network2str(&net)); +} + +/* + * Returns true if name is really an ip address. + */ +int +checkaddr(const char *name) +{ + struct in_addr addr; + + return (inet_pton(AF_INET, name, (char *)&addr)); +} + +/* + * Returns true if name contains a dot but not a trailing dot. + * Special case: allow a single dot if the second part is not one + * of the 3 or 4 letter top level domains or is any 2 letter TLD + */ +int +checkdots(const char *name) +{ + const char *cp, *cp2; + + if ((cp = strchr(name, '.')) == NULL) + return (0); + cp2 = name + strlen(name) - 1; + if (cp2 >= name && *cp2 == '.') + return (0); + + /* Return true of more than one dot*/ + ++cp; + if (strchr(cp, '.') != NULL) + return (1); + + if (strlen(cp) == 2 || + strcasecmp(cp, "gov") == 0 || + strcasecmp(cp, "edu") == 0 || + strcasecmp(cp, "com") == 0 || + strcasecmp(cp, "net") == 0 || + strcasecmp(cp, "org") == 0 || + strcasecmp(cp, "mil") == 0 || + strcasecmp(cp, "int") == 0 || + strcasecmp(cp, "nato") == 0 || + strcasecmp(cp, "arpa") == 0) + return (1); + return (0); +} + +/* Records we use to detect duplicates */ +static struct duprec { + int record; + char *name; +} duprec[] = { + { REC_A, "a" }, + { REC_AAAA, "aaaa" }, + { REC_HINFO, "hinfo" }, + { REC_CNAME, "cname" }, + { 0, NULL }, +}; + +void +checkdups(struct item *ip, int records) +{ + struct duprec *dp; + + records &= (ip->records & MASK_TEST_DUP); + if (records == 0) + return; + for (dp = duprec; dp->name != NULL; ++dp) + if ((records & dp->record) != 0) { + ++errors; + fprintf(stderr, "%s: multiple \"%s\" records for %s\n", + prog, dp->name, ip->host); + records &= ~dp->record; + } + if (records != 0) + fprintf(stderr, "%s: checkdups: records not zero %s (0x%x)\n", + prog, ip->host, records); +} + +/* Check for an "ignored zone" (usually dynamic dns) */ +int +checkignoredzone(const char *name) +{ + int i, len, len2; + + len = strlen(name); + if (len > 1 && name[len - 1] == '.') + --len; + for (i = 0; i < numignoredzones; ++i) { + len2 = len - ignoredzones[i].len; + if (len2 >= 0 && + strncasecmp(name + len2, + ignoredzones[i].zone, len - len2) == 0) + return (1); + } + return (0); } int -doboot(register const char *file, register int mustexist) +checkserv(const char *serv, char **p) { - register int n; - register char *cp, *cp2; - register FILE *f; - char *errstr; + for (; *p != NULL; ++p) + if (*serv == **p && strcmp(serv, *p) == 0) + return (1); + return (0); +} + +int +checkwks(FILE *f, char *proto, int *smtpp, char **errstrp) +{ + int n, sawparen; + char *cp, *serv, **p; + static char errstr[132]; + char buf[1024]; + char psbuf[512]; + + if (!protoserv_init) { + initprotoserv(); + ++protoserv_init; + } + + /* Line count */ + n = 0; + + /* Terminate protocol */ + cp = proto; + while (!isspace(*cp) && *cp != '\0') + ++cp; + if (*cp != '\0') + *cp++ = '\0'; + + /* Find services */ + *smtpp = 0; + sawparen = 0; + if (*cp == '(') { + ++sawparen; + ++cp; + while (isspace(*cp)) + ++cp; + } + for (;;) { + if (*cp == '\0') { + if (!sawparen) + break; + if (fgets(buf, sizeof(buf), f) == NULL) { + *errstrp = "mismatched parens"; + return (n); + } + ++n; + cp = buf; + while (isspace(*cp)) + ++cp; + } + /* Find end of service, converting to lowercase */ + for (serv = cp; !isspace(*cp) && *cp != '\0'; ++cp) + if (isupper(*cp)) + *cp = tolower(*cp); + if (*cp != '\0') + *cp++ = '\0'; + if (sawparen && *cp == ')') { + /* XXX should check for trailing junk */ + break; + } + + (void)sprintf(psbuf, "%s/%s", serv, proto); + + if (*serv == 's' && strcmp(psbuf, "tcp/smtp") == 0) + ++*smtpp; + + for (p = protoserv; *p != NULL; ++p) + if (*psbuf == **p && strcmp(psbuf, *p) == 0) { + break; + } + if (*p == NULL) { + sprintf(errstr, "%s unknown", psbuf); + *errstrp = errstr; + break; + } + } + + return (n); +} + +int +cmpaddr(const void *arg1, const void *arg2) +{ + int i, r1; + const struct network *n1, *n2; + + n1 = (const struct network *)arg1; + n2 = (const struct network *)arg2; + + /* IPv4 before IPv6 */ + if (n1->family != n2->family) + return ((n1->family == AF_INET) ? -1 : 1); + + switch (n1->family) { + + case AF_INET: + /* Address */ + if (ntohl(n1->n_addr4) < ntohl(n2->n_addr4)) + return (-1); + else if (ntohl(n1->n_addr4) > ntohl(n2->n_addr4)) + return (1); + return (0); + + case AF_INET6: + /* Address */ + r1 = 0; + for (i = 0; i < 16; ++i) { + if (ntohl(n1->n_addr6[i]) < ntohl(n2->n_addr6[i])) + return (-1); + if (ntohl(n1->n_addr6[i]) > ntohl(n2->n_addr6[i])) + return (1); + } + return (0); + + default: + abort(); + } +} + +int +cmpitemaddr(const void *arg1, const void *arg2) +{ + struct item *i1, *i2; + + i1 = (struct item *)arg1; + i2 = (struct item *)arg2; + + return (cmpaddr(&i1->addr, &i2->addr)); +} + +int +cmpitemhost(const void *arg1, const void *arg2) +{ + struct item *i1, *i2; + + i1 = (struct item *)arg1; + i2 = (struct item *)arg2; + + return (strcasecmp(i1->host, i1->host)); +} + +/* Sort by network number (use mask when networks are the same) */ +int +cmpnetwork(const void *arg1, const void *arg2) +{ + int i, r1, r2; + const struct network *n1, *n2; + + n1 = (const struct network *)arg1; + n2 = (const struct network *)arg2; + + /* IPv4 before IPv6 */ + if (n1->family != n2->family) + return ((n1->family == AF_INET) ? -1 : 1); + + switch (n1->family) { + + case AF_INET: + /* Address */ + if (ntohl(n1->n_addr4) < ntohl(n2->n_addr4)) + return (-1); + else if (ntohl(n1->n_addr4) > ntohl(n2->n_addr4)) + return (1); + + /* Mask */ + if (ntohl(n1->n_mask4) < ntohl(n2->n_mask4)) + return (1); + else if (ntohl(n1->n_mask4) > ntohl(n2->n_mask4)) + return (-1); + return (0); + + case AF_INET6: + /* Address */ + r1 = 0; + for (i = 0; i < 16; ++i) { + if (ntohl(n1->n_addr6[i]) < ntohl(n2->n_addr6[i])) + return (-1); + if (ntohl(n1->n_addr6[i]) > ntohl(n2->n_addr6[i])) + return (1); + } + + /* Mask */ + r2 = 0; + for (i = 0; i < 16; ++i) { + if (n1->n_mask6[i] < n2->n_mask6[i]) + return (1); + if (n1->n_mask6[i] > n2->n_mask6[i]) + return (-1); + } + return (0); + break; + + default: + abort(); + } + abort(); +} + +void +doboot(const char *file, int flags) +{ + int n; + char *cp, *cp2; + FILE *f; + const char *errstr; char buf[1024], name[128]; errno = 0; f = fopen(file, "r"); if (f == NULL) { /* Not an error if it doesn't exist */ - if (!mustexist && errno == ENOENT) { + if ((flags & CONF_MUSTEXIST) == 0 && errno == ENOENT) { if (debug > 1) printf( "%s: doit: %s doesn't exist (ignoring)\n", prog, file); - return (-1); + return; } fprintf(stderr, "%s: %s: %s\n", prog, file, strerror(errno)); exit(1); @@ -499,11 +794,13 @@ doboot(register const char *file, register int mustexist) /* Process it! (zone is the same as the domain) */ nsoaval = -1; memset(soaval, 0, sizeof(soaval)); - process(cp2, name, name); + if ((flags & CONF_NOZONE) == 0) + process(cp2, name, name); continue; } if (strcasecmp(cp2, "network") == 0) { - if (!parsenetwork(cp, &errstr)) { + errstr = parsenetwork(cp); + if (errstr != NULL) { ++errors; fprintf(stderr, "%s: %s:%d: bad network: %s\n", @@ -517,24 +814,22 @@ doboot(register const char *file, register int mustexist) while (!isspace(*cp) && *cp != '\0') ++cp; *cp = '\0'; - errors += doboot(cp2, 1); + doboot(cp2, 1); continue; } /* Eat any other options */ } (void)fclose(f); - - return (errors != 0); } -int -doconf(register const char *file, register int mustexist) +void +doconf(const char *file, int flags) { - register int n, fd, cc, i, depth; - register char *cp, *cp2, *buf; - register char *name, *zonename, *filename, *typename; - register int namelen, zonenamelen, filenamelen, typenamelen; - char *errstr; + int n, fd, cc, i, depth; + char *cp, *cp2, *buf; + const char *p; + char *name, *zonename, *filename, *typename; + int namelen, zonenamelen, filenamelen, typenamelen; struct stat sbuf; char zone[128], includefile[256]; @@ -542,12 +837,12 @@ doconf(register const char *file, register int mustexist) fd = open(file, O_RDONLY, 0); if (fd < 0) { /* Not an error if it doesn't exist */ - if (!mustexist && errno == ENOENT) { + if ((flags & CONF_MUSTEXIST) == 0 && errno == ENOENT) { if (debug > 1) printf( "%s: doconf: %s doesn't exist (ignoring)\n", prog, file); - return (-1); + return; } fprintf(stderr, "%s: %s: %s\n", prog, file, strerror(errno)); exit(1); @@ -656,7 +951,7 @@ doconf(register const char *file, register int mustexist) /* Eat everything to the next semicolon, perhaps eating matching qbraces */ #define EATSEMICOLON \ { \ - register int depth = 0; \ + int depth = 0; \ while (*cp != '\0') { \ EATCOMMENTS \ if (*cp == ';') { \ @@ -679,6 +974,17 @@ doconf(register const char *file, register int mustexist) } \ } +/* Eat everything to the next left qbrace */ +#define EATSLEFTBRACE \ + while (*cp != '\0') { \ + EATCOMMENTS \ + if (*cp == '{') { \ + ++cp; \ + break; \ + } \ + ++cp; \ + } + n = 1; zone[0] = '\0'; cp = buf; @@ -855,7 +1161,8 @@ doconf(register const char *file, register int mustexist) filename[filenamelen] = '\0'; nsoaval = -1; memset(soaval, 0, sizeof(soaval)); - process(filename, zone, zone); + if ((flags & CONF_NOZONE) == 0) + process(filename, zone, zone); } continue; } @@ -878,13 +1185,28 @@ doconf(register const char *file, register int mustexist) EATCOMMENTS GETQUOTEDNAME(cp2, i) - cp2[i] = '\0'; - if (!parsenetwork(cp2, &errstr)) { + p = parsenetwork(cp2); + if (p != NULL) { ++errors; fprintf(stderr, "%s: %s:%d: bad network: %s\n", - prog, file, n, errstr); + prog, file, n, p); + } + } else if (strncasecmp(name, "ignorezone", + namelen) == 0) { + EATCOMMENTS + GETQUOTEDNAME(cp2, i) + cp2[i] = '\0'; + if (numignoredzones + 1 < + sizeof(ignoredzones) / + sizeof(ignoredzones[0])) { + ignoredzones[numignoredzones].zone = + savestr(cp2); + if (ignoredzones[numignoredzones].zone != NULL) { + ignoredzones[numignoredzones].len = strlen(cp2); + ++numignoredzones; + } } } else { ++errors; @@ -899,7 +1221,9 @@ doconf(register const char *file, register int mustexist) EATCOMMENTS if (*cp != ';') { ++errors; - fprintf(stderr, "missing options semi\n"); + fprintf(stderr, + "%s: %s:%d: missing nslint semi\n", + prog, file, n); } else ++cp; continue; @@ -909,10 +1233,14 @@ doconf(register const char *file, register int mustexist) GETQUOTEDNAME(filename, filenamelen) strncpy(includefile, filename, filenamelen); includefile[filenamelen] = '\0'; - errors += doconf(includefile, 1); + doconf(includefile, 1); EATSEMICOLON continue; } + if (strncasecmp(name, "view", namelen) == 0) { + EATSLEFTBRACE + continue; + } /* Skip over statements we don't understand */ EATSEMICOLON @@ -920,14 +1248,691 @@ doconf(register const char *file, register int mustexist) free(buf); close(fd); - return (errors != 0); +} + +const char * +extractaddr(const char *str, struct addr *ap) +{ + + memset(ap, 0, sizeof(*ap)); + + /* Let's see what we've got here */ + if (strchr(str, '.') != NULL) { + ap->family = AF_INET; + } else if (strchr(str, ':') != NULL) { + ap->family = AF_INET6; + } else + return ("unrecognized address type"); + + switch (ap->family) { + + case AF_INET: + if (!inet_pton(ap->family, str, &ap->a_addr4)) + return ("cannot parse IPv4 address"); + + break; + + case AF_INET6: + if (!inet_pton(ap->family, str, &ap->a_addr6)) + return ("cannot parse IPv6 address"); + break; + + default: + abort(); + } + + return (NULL); +} + +const char * +extractnetwork(const char *str, struct network *np) +{ + int i; + long w; + char *cp, *ep; + const char *p; + char temp[64]; + + memset(np, 0, sizeof(*np)); + + /* Let's see what we've got here */ + if (strchr(str, '.') != NULL) { + np->family = AF_INET; + w = 32; + } else if (strchr(str, ':') != NULL) { + np->family = AF_INET6; + w = 128; + } else + return ("unrecognized address type"); + + p = strchr(str, '/'); + if (p != NULL) { + /* Mask length was specified */ + strncpy(temp, str, sizeof(temp)); + temp[sizeof(temp) - 1] = '\0'; + cp = strchr(temp, '/'); + if (cp == NULL) + abort(); + *cp++ = '\0'; + ep = NULL; + w = strtol(cp, &ep, 10); + if (*ep != '\0') + return ("garbage following mask width"); + str = temp; + } + + switch (np->family) { + + case AF_INET: + if (!inet_pton(np->family, str, &np->n_addr4)) + return ("cannot parse IPv4 address"); + + if (w > 32) + return ("mask length must be <= 32"); + setmaskwidth(w, np); + + if ((np->n_addr4 & ~np->n_mask4) != 0) + return ("non-network bits set in addr"); + +#ifdef notdef + if ((ntohl(np->n_addr4) & 0xff000000) == 0) + return ("high octet must be non-zero"); +#endif + break; + + case AF_INET6: + if (!inet_pton(np->family, str, &np->n_addr6)) + return ("cannot parse IPv6 address"); + if (w > 128) + return ("mask length must be <= 128"); + setmaskwidth(w, np); + + for (i = 0; i < 16; ++i) { + if ((np->n_addr6[i] & ~np->n_mask6[i]) != 0) + return ("non-network bits set in addr"); + } + break; + + default: + abort(); + } + + return (NULL); +} + +struct network * +findnetwork(struct addr *ap) +{ + int i, j; + struct network *np; + + switch (ap->family) { + + case AF_INET: + for (i = 0, np = netlist; i < netlistcnt; ++i, ++np) + if ((ap->a_addr4 & np->n_mask4) == np->n_addr4) + return (np); + break; + + case AF_INET6: + for (i = 0, np = netlist; i < netlistcnt; ++i, ++np) { + for (j = 0; j < sizeof(ap->a_addr6); ++j) { + if ((ap->a_addr6[j] & np->n_mask6[j]) != + np->n_addr6[j]) + break; + } + if (j >= sizeof(ap->a_addr6)) + return (np); + } + break; + + default: + abort(); + } + return (NULL); +} + +void +initprotoserv(void) +{ + char *cp; + struct servent *sp; + char psbuf[512]; + + protoserv_len = 256; + protoserv = (char **)malloc(protoserv_len * sizeof(*protoserv)); + if (protoserv == NULL) { + fprintf(stderr, "%s: nslint: malloc: %s\n", + prog, strerror(errno)); + exit(1); + } + + while ((sp = getservent()) != NULL) { + (void)sprintf(psbuf, "%s/%s", sp->s_name, sp->s_proto); + + /* Convert to lowercase */ + for (cp = psbuf; *cp != '\0'; ++cp) + if (isupper(*cp)) + *cp = tolower(*cp); + + if (protoserv_last + 1 >= protoserv_len) { + protoserv_len <<= 1; + protoserv = realloc(protoserv, + protoserv_len * sizeof(*protoserv)); + if (protoserv == NULL) { + fprintf(stderr, "%s: nslint: realloc: %s\n", + prog, strerror(errno)); + exit(1); + } + } + protoserv[protoserv_last] = savestr(psbuf); + ++protoserv_last; + } + protoserv[protoserv_last] = NULL; +} + +int +maskwidth(struct network *np) +{ + int w; + int i, j; + u_int32_t m, tm; + + /* Work backwards until we find a set bit */ + switch (np->family) { + + case AF_INET: + m = ntohl(np->n_mask4); + for (w = 32; w > 0; --w) { + tm = 0xffffffff << (32 - w); + if (tm == m) + break; + } + break; + + case AF_INET6: + w = 128; + for (j = 15; j >= 0; --j) { + m = np->n_mask6[j]; + for (i = 8; i > 0; --w, --i) { + tm = (0xff << (8 - i)) & 0xff; + if (tm == m) + return (w); + } + } + break; + + default: + abort(); + } + return (w); +} + +const char * +network2str(struct network *np) +{ + int w; + size_t len, size; + char *cp; + static char buf[128]; + + w = maskwidth(np); + switch (np->family) { + + case AF_INET: + if (inet_ntop(np->family, &np->n_addr4, + buf, sizeof(buf)) == NULL) { + fprintf(stderr, "network2str: v4 botch"); + abort(); + } + if (w == 32) + return (buf); + break; + + case AF_INET6: + if (inet_ntop(np->family, &np->n_addr6, + buf, sizeof(buf)) == NULL) { + fprintf(stderr, "network2str: v6 botch"); + abort(); + } + if (w == 128) + return (buf); + break; + + default: + return (""); + } + + /* Append address mask width */ + cp = buf; + len = strlen(cp); + cp += len; + size = sizeof(buf) - len; + (void)snprintf(cp, size, "/%d", w); + return (buf); +} + +void +nslint(void) +{ + int n, records, flags; + struct item *ip, *lastaip, **ipp, **itemlist; + struct addr addr, lastaddr; + struct network *np; + + itemlist = (struct item **)calloc(itemcnt, sizeof(*ipp)); + if (itemlist == NULL) { + fprintf(stderr, "%s: nslint: calloc: %s\n", + prog, strerror(errno)); + exit(1); + } + ipp = itemlist; + for (n = 0, ip = items; n < ITEMSIZE; ++n, ++ip) { + if (ip->host == NULL) + continue; + /* Save entries with addresses for later check */ + if (ip->addr.family != 0) + *ipp++ = ip; + + if (debug > 1) { + if (debug > 2) + printf("%d\t", n); + printf("%s\t%s\t0x%x\t0x%x\n", + ip->host, addr2str(&ip->addr), + ip->records, ip->flags); + } + + /* Check for illegal hostnames (rfc1034) */ + if (rfc1034host(ip->host, ip->records)) + ++errors; + + /* Check for missing ptr records (ok if also an ns record) */ + records = ip->records & MASK_CHECK_REC; + if ((ip->records & MASK_TEST_REC) != 0) + records |= REC_OTHER; + switch (records) { + + case REC_A | REC_OTHER | REC_PTR | REC_REF: + case REC_A | REC_OTHER | REC_PTR: + case REC_A | REC_PTR | REC_REF: + case REC_A | REC_PTR: + case REC_AAAA | REC_OTHER | REC_PTR | REC_REF: + case REC_AAAA | REC_OTHER | REC_PTR: + case REC_AAAA | REC_PTR | REC_REF: + case REC_AAAA | REC_PTR: + case REC_CNAME: + /* These are O.K. */ + break; + + case REC_CNAME | REC_REF: + ++errors; + fprintf(stderr, "%s: \"cname\" referenced by other" + " \"cname\" or \"mx\": %s\n", prog, ip->host); + break; + + case REC_OTHER | REC_REF: + case REC_OTHER: + /* + * This is only an error if there is an address + * associated with the hostname; this means + * there was a wks entry with bogus address. + * Otherwise, we have an mx or hinfo. + * + * XXX ignore localhost for now + * (use flag to indicate loopback?) + */ + if (ip->addr.family == AF_INET && + ip->addr.a_addr4 != htonl(INADDR_LOOPBACK)) { + ++errors; + fprintf(stderr, + "%s: \"wks\" without \"a\" and \"ptr\": %s -> %s\n", + prog, ip->host, addr2str(&ip->addr)); + } + break; + + case REC_REF: + if (!checkignoredzone(ip->host)) { + ++errors; + fprintf(stderr, "%s: Name referenced without" + " other records: %s\n", prog, ip->host); + } + break; + + case REC_A | REC_OTHER | REC_REF: + case REC_A | REC_OTHER: + case REC_A | REC_REF: + case REC_A: + case REC_AAAA | REC_OTHER | REC_REF: + case REC_AAAA | REC_OTHER: + case REC_AAAA | REC_REF: + case REC_AAAA: + ++errors; + fprintf(stderr, "%s: Missing \"ptr\": %s -> %s\n", + prog, ip->host, addr2str(&ip->addr)); + break; + + case REC_OTHER | REC_PTR | REC_REF: + case REC_OTHER | REC_PTR: + case REC_PTR | REC_REF: + case REC_PTR: + ++errors; + fprintf(stderr, "%s: Missing \"a\": %s -> %s\n", + prog, ip->host, addr2str(&ip->addr)); + break; + + case REC_A | REC_CNAME | REC_OTHER | REC_PTR | REC_REF: + case REC_A | REC_CNAME | REC_OTHER | REC_PTR: + case REC_A | REC_CNAME | REC_OTHER | REC_REF: + case REC_A | REC_CNAME | REC_OTHER: + case REC_A | REC_CNAME | REC_PTR | REC_REF: + case REC_A | REC_CNAME | REC_PTR: + case REC_A | REC_CNAME | REC_REF: + case REC_A | REC_CNAME: + case REC_AAAA | REC_CNAME | REC_OTHER | REC_PTR | REC_REF: + case REC_AAAA | REC_CNAME | REC_OTHER | REC_PTR: + case REC_AAAA | REC_CNAME | REC_OTHER | REC_REF: + case REC_AAAA | REC_CNAME | REC_OTHER: + case REC_AAAA | REC_CNAME | REC_PTR | REC_REF: + case REC_AAAA | REC_CNAME | REC_PTR: + case REC_AAAA | REC_CNAME | REC_REF: + case REC_AAAA | REC_CNAME: + case REC_CNAME | REC_OTHER | REC_PTR | REC_REF: + case REC_CNAME | REC_OTHER | REC_PTR: + case REC_CNAME | REC_OTHER | REC_REF: + case REC_CNAME | REC_OTHER: + case REC_CNAME | REC_PTR | REC_REF: + case REC_CNAME | REC_PTR: + ++errors; + fprintf(stderr, "%s: \"cname\" %s has other records\n", + prog, ip->host); + break; + + case 0: + /* Second level test */ + if ((ip->records & ~(REC_NS | REC_TXT)) == 0) + break; + /* Fall through... */ + + default: + ++errors; + fprintf(stderr, + "%s: records == 0x%x: can't happen (%s 0x%x)\n", + prog, records, ip->host, ip->records); + break; + } + + /* Check for smtp problems */ + flags = ip->flags & MASK_TEST_SMTP; + + if ((flags & FLG_SELFMX) != 0 && + (ip->records & (REC_A | REC_AAAA)) == 0) { + ++errors; + fprintf(stderr, + "%s: Self \"mx\" for %s missing" + " \"a\" or \"aaaa\" record\n", + prog, ip->host); + } + + switch (flags) { + + case 0: + case FLG_SELFMX | FLG_SMTPWKS: + /* These are O.K. */ + break; + + case FLG_SELFMX: + if ((ip->records & REC_WKS) != 0) { + ++errors; + fprintf(stderr, + "%s: smtp/tcp missing from \"wks\": %s\n", + prog, ip->host); + } + break; + + case FLG_SMTPWKS: + ++errors; + fprintf(stderr, + "%s: Saw smtp/tcp without self \"mx\": %s\n", + prog, ip->host); + break; + + default: + ++errors; + fprintf(stderr, + "%s: flags == 0x%x: can't happen (%s)\n", + prog, flags, ip->host); + } + + /* Check for chained MX records */ + if ((ip->flags & (FLG_SELFMX | FLG_MXREF)) == FLG_MXREF && + (ip->records & REC_MX) != 0) { + ++errors; + fprintf(stderr, "%s: \"mx\" referenced by other" + " \"mx\" record: %s\n", prog, ip->host); + } + } + + /* Check for doubly booked addresses */ + n = ipp - itemlist; + qsort(itemlist, n, sizeof(itemlist[0]), cmpaddr); + memset(&lastaddr, 0, sizeof(lastaddr)); + ip = NULL; + for (ipp = itemlist; n > 0; ++ipp, --n) { + addr = (*ipp)->addr; + if (cmpaddr(&lastaddr, &addr) == 0 && + ((*ipp)->flags & FLG_ALLOWDUPA) == 0 && + (ip->flags & FLG_ALLOWDUPA) == 0) { + ++errors; + fprintf(stderr, "%s: %s in use by %s and %s\n", + prog, addr2str(&addr), (*ipp)->host, ip->host); + } + memmove(&lastaddr, &addr, sizeof(addr)); + ip = *ipp; + } + + /* Check for hosts with multiple addresses on the same subnet */ + n = ipp - itemlist; + qsort(itemlist, n, sizeof(itemlist[0]), cmpitemhost); + if (netlistcnt > 0) { + n = ipp - itemlist; + lastaip = NULL; + for (ipp = itemlist; n > 0; ++ipp, --n) { + ip = *ipp; + if ((ip->records & (REC_A | REC_AAAA)) == 0 || + (ip->flags & FLG_ALLOWDUPA) != 0) + continue; + if (lastaip != NULL && + strcasecmp(ip->host, lastaip->host) == 0) { + np = findnetwork(&ip->addr); + if (np == NULL) { + ++errors; + fprintf(stderr, + "%s: Can't find subnet mask" + " for %s (%s)\n", + prog, ip->host, + addr2str(&ip->addr)); + } else if (samesubnet(&lastaip->addr, + &ip->addr, np)) { + ++errors; + fprintf(stderr, + "%s: Multiple \"a\" records for %s on subnet %s", + prog, ip->host, + network2str(np)); + fprintf(stderr, "\n\t(%s", + addr2str(&lastaip->addr)); + fprintf(stderr, " and %s)\n", + addr2str(&ip->addr)); + } + } + lastaip = ip; + } + } + + if (debug) + printf("%s: %d/%d items used, %d error%s\n", prog, itemcnt, + ITEMSIZE, errors, errors == 1 ? "" : "s"); +} + +const char * +parsenetwork(const char *cp) +{ + const char *p; + struct network net; + + while (isspace(*cp)) + ++cp; + + p = extractnetwork(cp, &net); + if (p != NULL) + return (p); + + while (isspace(*cp)) + ++cp; + + /* Make sure there's room */ + if (netlistsize <= netlistcnt) { + if (netlistsize == 0) { + netlistsize = 32; + netlist = (struct network *) + malloc(netlistsize * sizeof(*netlist)); + } else { + netlistsize <<= 1; + netlist = (struct network *) + realloc(netlist, netlistsize * sizeof(*netlist)); + } + if (netlist == NULL) { + fprintf(stderr, + "%s: parsenetwork: malloc/realloc: %s\n", + prog, strerror(errno)); + exit(1); + } + } + + /* Add to list */ + memmove(netlist + netlistcnt, &net, sizeof(net)); + ++netlistcnt; + + return (NULL); +} + +const char * +parseptr(const char *str, struct addr *ap) +{ + int i, n, base; + u_long v, v2; + char *cp; + const char *p; + u_char *up; + + memset(ap, 0, sizeof(*ap)); + base = -1; + + /* IPv4 */ + p = str + strlen(str) - sizeof(inaddr) + 1; + if (p >= str && strcasecmp(p, inaddr) == 0) { + ap->family = AF_INET; + n = 4; + base = 10; + } else { + /* IPv6 */ + p = str + strlen(str) - sizeof(inaddr6) + 1; + if (p >= str && strcasecmp(p, inaddr6) == 0) { + ap->family = AF_INET6; + n = 16; + base = 16; + } + } + + if (base < 0) + return ("Not a IPv4 or IPv6 \"ptr\" record"); + + up = (u_char *)&ap->addr; + for (i = 0; i < n; ++i) { + /* Back up to previous dot or beginning of string */ + while (p > str && p[-1] != '.') + --p; + v = strtoul(p, &cp, base); + + if (base == 10) { + if (v > 0xff) + return ("Octet larger than 8 bits"); + } else { + if (v > 0xf) + return ("Octet larger than 4 bits"); + if (*cp != '.') + return ("Junk in \"ptr\" record"); + + /* Back up over dot */ + if (p > str) + --p; + + /* Back up to previous dot or beginning of string */ + while (p > str && p[-1] != '.') + --p; + v2 = strtoul(p, &cp, base); + if (v2 > 0xf) + return ("Octet larger than 4 bits"); + if (*cp != '.') + return ("Junk in \"ptr\" record"); + v = (v << 4) | v2; + } + if (*cp != '.') + return ("Junk in \"ptr\" record"); + + *up++ = v & 0xff; + + /* Back up over dot */ + if (p > str) + --p; + else if (p == str) + break; + } + if (i < n - 1) + return ("Too many octets in \"ptr\" record"); + if (p != str) + return ("Not enough octets in \"ptr\" record"); + + return (NULL); +} + +/* Returns a pointer after the next token or quoted string, else NULL */ +char * +parsequoted(char *cp) +{ + + if (*cp == '"') { + ++cp; + while (*cp != '"' && *cp != '\0') + ++cp; + if (*cp != '"') + return (NULL); + ++cp; + } else { + while (!isspace(*cp) && *cp != '\0') + ++cp; + } + return (cp); } /* Return true when done */ int -parsesoa(register const char *cp, register char **errstrp) +parserrsig(const char *str, char **errstrp) { - register char ch, *garbage; + const char *cp; + + /* XXX just look for closing paren */ + cp = str + strlen(str) - 1; + while (cp >= str) + if (*cp-- == ')') + return (1); + return (0); +} + +/* Return true when done */ +int +parsesoa(const char *cp, char **errstrp) +{ + char ch, *garbage; static char errstr[132]; /* Eat leading whitespace */ @@ -1024,20 +2029,28 @@ parsesoa(register const char *cp, register char **errstrp) } void -process(register const char *file, register const char *domain, - register const char *zone) +process(const char *file, const char *domain, const char *zone) { - register FILE *f; - register char ch, *cp, *cp2, *cp3, *rtype; - register const char *ccp; - register int n, sawsoa, flags, i; - register u_int ttl; - register u_int32_t addr; - u_int32_t net, mask; + FILE *f; + char ch, *cp, *cp2, *cp3, *rtype; + const char *p; + int n, sawsoa, sawrrsig, flags, i; + u_int ttl; + enum rrtype rrtype; + struct addr *ap; + struct addr addr; + // struct network *net; int smtp; - char buf[1024], name[128], lastname[128], odomain[128]; + char buf[2048], name[256], lastname[256], odomain[256]; char *errstr; - char *dotfmt = "%s: %s/%s:%d \"%s\" target missing trailing dot: %s\n"; + const char *addrfmt = + "%s: %s/%s:%d \"%s\" target is an ip address: %s\n"; + const char *dotfmt = + "%s: %s/%s:%d \"%s\" target missing trailing dot: %s\n"; + + /* Check for an "ignored zone" (usually dynamic dns) */ + if (checkignoredzone(zone)) + return; f = fopen(file, "r"); if (f == NULL) { @@ -1049,22 +2062,14 @@ process(register const char *file, register const char *domain, if (debug > 1) printf("%s: process: opened %s/%s\n", prog, cwd, file); - /* Are we doing an in-addr.arpa domain? */ + /* Line number */ n = 0; - net = 0; - mask = 0; - ccp = domain + strlen(domain) - sizeof(inaddr) + 1; - if (ccp >= domain && strcasecmp(ccp, inaddr) == 0 && - !parseinaddr(domain, &net, &mask)) { - ++errors; - fprintf(stderr, "%s: %s/%s:%d bad in-addr.arpa domain\n", - prog, cwd, file, n); - fclose(f); - return; - } + + ap = &addr; lastname[0] = '\0'; sawsoa = 0; + sawrrsig = 0; while (fgets(buf, sizeof(buf), f) != NULL) { ++n; cp = buf; @@ -1098,11 +2103,26 @@ process(register const char *file, register const char *domain, if (errstr != NULL) { ++errors; fprintf(stderr, - "%s: %s/%s:%d bad \"soa\" record (%s)\n", + "%s: %s/%s:%d Bad \"soa\" record (%s)\n", prog, cwd, file, n, errstr); } continue; } + + /* Handle multi-line rrsig records */ + if (sawrrsig) { + errstr = NULL; + if (parserrsig(cp, &errstr)) + sawsoa = 0; + if (errstr != NULL) { + ++errors; + fprintf(stderr, + "%s: %s/%s:%d Bad \"rrsig\" record (%s)\n", + prog, cwd, file, n, errstr); + } + continue; + } + if (debug > 3) printf(">%s<\n", cp); @@ -1112,7 +2132,7 @@ process(register const char *file, register const char *domain, if (lastname[0] == '\0') { ++errors; fprintf(stderr, - "%s: %s/%s:%d no default name\n", + "%s: %s/%s:%d No default name\n", prog, cwd, file, n); continue; } @@ -1171,19 +2191,6 @@ process(register const char *file, register const char *domain, *cp2 = '\0'; domain = odomain; lastname[0] = '\0'; - - /* Are we doing an in-addr.arpa domain? */ - net = 0; - mask = 0; - ccp = domain + strlen(domain) - (sizeof(inaddr) - 1); - if (ccp >= domain && strcasecmp(ccp, inaddr) == 0 && - !parseinaddr(domain, &net, &mask)) { - ++errors; - fprintf(stderr, - "%s: %s/%s:%d bad in-addr.arpa domain\n", - prog, cwd, file, n); - return; - } continue; } @@ -1202,7 +2209,7 @@ process(register const char *file, register const char *domain, if (*cp != '\0') { ++errors; fprintf(stderr, - "%s: %s/%s:%d bad $ttl \"%s\"\n", + "%s: %s/%s:%d Bad $ttl \"%s\"\n", prog, cwd, file, n, cp2); } (void)strcpy(name, lastname); @@ -1245,10 +2252,9 @@ process(register const char *file, register const char *domain, ; /* none */ } - if (!isspace(*cp)) { ++errors; - fprintf(stderr, "%s: %s/%s:%d bad ttl\n", + fprintf(stderr, "%s: %s/%s:%d Bad ttl\n", prog, cwd, file, n); continue; } @@ -1307,59 +2313,91 @@ process(register const char *file, register const char *domain, } } -#define CHECK4(p, a, b, c, d) \ - (p[0] == (a) && p[1] == (b) && p[2] == (c) && p[3] == (d) && p[4] == '\0') -#define CHECK3(p, a, b, c) \ - (p[0] == (a) && p[1] == (b) && p[2] == (c) && p[3] == '\0') -#define CHECK2(p, a, b) \ - (p[0] == (a) && p[1] == (b) && p[2] == '\0') -#define CHECKDOT(p) \ - (p[0] == '.' && p[1] == '\0') + rrtype = txt2rrtype(rtype); + switch (rrtype) { - if (rtype[0] == 'a' && rtype[1] == '\0') { + case RR_A: /* Handle "a" record */ add_domain(name, domain); - addr = htonl(inet_addr(cp)); - if ((int)addr == -1) { + p = extractaddr(cp, ap); + if (p != NULL) { ++errors; cp2 = cp + strlen(cp) - 1; if (cp2 >= cp && *cp2 == '\n') *cp2 = '\0'; fprintf(stderr, - "%s: %s/%s:%d bad \"a\" record ip addr \"%s\"\n", + "%s: %s/%s:%d Bad \"a\" record ip addr \"%s\"\n", prog, cwd, file, n, cp); continue; } - errors += updateitem(name, addr, REC_A, ttl, 0); - } else if (CHECK4(rtype, 'a', 'a', 'a', 'a')) { - /* Just eat for now */ - continue; - } else if (CHECK3(rtype, 'p', 't', 'r')) { + if (ap->family != AF_INET) { + ++errors; + cp2 = cp + strlen(cp) - 1; + if (cp2 >= cp && *cp2 == '\n') + *cp2 = '\0'; + fprintf(stderr, + "%s: %s/%s:%d \"a\"record not AF_INET \"%s\"\n", + prog, cwd, file, n, cp); + continue; + } + errors += updateitem(name, ap, REC_A, ttl, 0); + break; + + case RR_AAAA: + /* Handle "aaaa" record */ + add_domain(name, domain); + p = extractaddr(cp, ap); + if (p != NULL) { + ++errors; + cp2 = cp + strlen(cp) - 1; + if (cp2 >= cp && *cp2 == '\n') + *cp2 = '\0'; + fprintf(stderr, + "%s: %s/%s:%d Bad \"aaaa\" record ip addr \"%s\"\n", + prog, cwd, file, n, cp); + continue; + } + if (ap->family != AF_INET6) { + ++errors; + cp2 = cp + strlen(cp) - 1; + if (cp2 >= cp && *cp2 == '\n') + *cp2 = '\0'; + fprintf(stderr, + "%s: %s/%s:%d \"aaaa\"record not AF_INET6 \"%s\"\n", + prog, cwd, file, n, cp); + continue; + } + errors += updateitem(name, ap, REC_AAAA, ttl, 0); + break; + + case RR_PTR: /* Handle "ptr" record */ add_domain(name, domain); if (strcmp(cp, "@") == 0) (void)strcpy(cp, zone); if (checkdots(cp)) { ++errors; - fprintf(stderr, dotfmt, + fprintf(stderr, + checkaddr(cp) ? addrfmt : dotfmt, prog, cwd, file, n, rtype, cp); } add_domain(cp, domain); - errstr = NULL; - addr = parseptr(name, net, mask, &errstr); - if (errstr != NULL) { + p = parseptr(name, ap); + if (p != NULL) { ++errors; fprintf(stderr, - "%s: %s/%s:%d bad \"ptr\" record (%s) ip addr \"%s\"\n", - prog, cwd, file, n, errstr, name); + "%s: %s/%s:%d Bad \"ptr\" record (%s) ip addr \"%s\"\n", + prog, cwd, file, n, p, name); continue; } - errors += updateitem(cp, addr, REC_PTR, 0, 0); - } else if (CHECK3(rtype, 's', 'o', 'a')) { + errors += updateitem(cp, ap, REC_PTR, 0, 0); + break; + + case RR_SOA: /* Handle "soa" record */ if (!CHECKDOT(name)) { add_domain(name, domain); - errors += updateitem(name, 0, REC_SOA, 0, 0); + errors += updateitem(name, NULL, REC_SOA, 0, 0); } errstr = NULL; if (!parsesoa(cp, &errstr)) @@ -1367,21 +2405,23 @@ process(register const char *file, register const char *domain, if (errstr != NULL) { ++errors; fprintf(stderr, - "%s: %s/%s:%d bad \"soa\" record (%s)\n", + "%s: %s/%s:%d Bad \"soa\" record (%s)\n", prog, cwd, file, n, errstr); continue; } - } else if (CHECK3(rtype, 'w', 'k', 's')) { + break; + + case RR_WKS: /* Handle "wks" record */ - addr = htonl(inet_addr(cp)); - if ((int)addr == -1) { + p = extractaddr(cp, ap); + if (p != NULL) { ++errors; cp2 = cp; while (!isspace(*cp2) && *cp2 != '\0') ++cp2; *cp2 = '\0'; fprintf(stderr, - "%s: %s/%s:%d bad \"wks\" record ip addr \"%s\"\n", + "%s: %s/%s:%d Bad \"wks\" record ip addr \"%s\"\n", prog, cwd, file, n, cp); continue; } @@ -1396,18 +2436,20 @@ process(register const char *file, register const char *domain, if (errstr != NULL) { ++errors; fprintf(stderr, - "%s: %s/%s:%d bad \"wks\" record (%s)\n", + "%s: %s/%s:%d Bad \"wks\" record (%s)\n", prog, cwd, file, n, errstr); continue; } add_domain(name, domain); - errors += updateitem(name, addr, REC_WKS, + errors += updateitem(name, ap, REC_WKS, 0, smtp ? FLG_SMTPWKS : 0); /* XXX check to see if ip address records exists? */ - } else if (rtype[0] == 'h' && strcmp(rtype, "hinfo") == 0) { + break; + + case RR_HINFO: /* Handle "hinfo" record */ add_domain(name, domain); - errors += updateitem(name, 0, REC_HINFO, 0, 0); + errors += updateitem(name, NULL, REC_HINFO, 0, 0); cp2 = cp; cp = parsequoted(cp); if (cp == NULL) { @@ -1449,16 +2491,18 @@ process(register const char *file, register const char *domain, prog, cwd, file, n, cp2); continue; } - } else if (CHECK2(rtype, 'm', 'x')) { + break; + + case RR_MX: /* Handle "mx" record */ add_domain(name, domain); - errors += updateitem(name, 0, REC_MX, ttl, 0); + errors += updateitem(name, NULL, REC_MX, ttl, 0); /* Look for priority */ if (!isdigit(*cp)) { ++errors; fprintf(stderr, - "%s: %s/%s:%d bad \"mx\" priority: %s\n", + "%s: %s/%s:%d Bad \"mx\" priority: %s\n", prog, cwd, file, n, cp); } @@ -1471,14 +2515,15 @@ process(register const char *file, register const char *domain, if (*cp == '\0') { ++errors; fprintf(stderr, - "%s: %s/%s:%d missing \"mx\" hostname\n", + "%s: %s/%s:%d Missing \"mx\" hostname\n", prog, cwd, file, n); } if (strcmp(cp, "@") == 0) (void)strcpy(cp, zone); if (checkdots(cp)) { ++errors; - fprintf(stderr, dotfmt, + fprintf(stderr, + checkaddr(cp) ? addrfmt : dotfmt, prog, cwd, file, n, rtype, cp); } @@ -1487,14 +2532,17 @@ process(register const char *file, register const char *domain, flags = FLG_MXREF; if (*name == *cp && strcmp(name, cp) == 0) flags |= FLG_SELFMX; - errors += updateitem(cp, 0, REC_REF, 0, flags); - } else if (rtype[0] == 'c' && strcmp(rtype, "cname") == 0) { + errors += updateitem(cp, NULL, REC_REF, 0, flags); + break; + + case RR_CNAME: /* Handle "cname" record */ add_domain(name, domain); - errors += updateitem(name, 0, REC_CNAME, 0, 0); + errors += updateitem(name, NULL, REC_CNAME, 0, 0); if (checkdots(cp)) { ++errors; - fprintf(stderr, dotfmt, + fprintf(stderr, + checkaddr(cp) ? addrfmt : dotfmt, prog, cwd, file, n, rtype, cp); } @@ -1502,11 +2550,13 @@ process(register const char *file, register const char *domain, if (strcmp(cp, "@") == 0) (void)strcpy(cp, zone); add_domain(cp, domain); - errors += updateitem(cp, 0, REC_REF, 0, 0); - } else if (CHECK3(rtype, 's', 'r', 'v')) { + errors += updateitem(cp, NULL, REC_REF, 0, 0); + break; + + case RR_SRV: /* Handle "srv" record */ add_domain(name, domain); - errors += updateitem(name, 0, REC_SRV, 0, 0); + errors += updateitem(name, NULL, REC_SRV, 0, 0); cp2 = cp; /* Skip over three values */ @@ -1514,7 +2564,7 @@ process(register const char *file, register const char *domain, if (!isdigit(*cp)) { ++errors; fprintf(stderr, "%s: %s/%s:%d" - " bad \"srv\" value: %s\n", + " Bad \"srv\" value: %s\n", prog, cwd, file, n, cp); } @@ -1528,11 +2578,13 @@ process(register const char *file, register const char *domain, /* Check to see if mx host exists */ add_domain(cp, domain); - errors += updateitem(cp, 0, REC_REF, 0, 0); - } else if (CHECK3(rtype, 't', 'x', 't')) { + errors += updateitem(cp, NULL, REC_REF, 0, 0); + break; + + case RR_TXT: /* Handle "txt" record */ add_domain(name, domain); - errors += updateitem(name, 0, REC_TXT, 0, 0); + errors += updateitem(name, NULL, REC_TXT, 0, 0); cp2 = cp; cp = parsequoted(cp); if (cp == NULL) { @@ -1551,22 +2603,27 @@ process(register const char *file, register const char *domain, prog, cwd, file, n, cp2); continue; } - } else if (CHECK2(rtype, 'n', 's')) { + break; + + case RR_NS: /* Handle "ns" record */ - errors += updateitem(zone, 0, REC_NS, 0, 0); + errors += updateitem(zone, NULL, REC_NS, 0, 0); if (strcmp(cp, "@") == 0) (void)strcpy(cp, zone); if (checkdots(cp)) { ++errors; - fprintf(stderr, dotfmt, + fprintf(stderr, + checkaddr(cp) ? addrfmt : dotfmt, prog, cwd, file, n, rtype, cp); } add_domain(cp, domain); - errors += updateitem(cp, 0, REC_REF, 0, 0); - } else if (CHECK2(rtype, 'r', 'p')) { + errors += updateitem(cp, NULL, REC_REF, 0, 0); + break; + + case RR_RP: /* Handle "rp" record */ add_domain(name, domain); - errors += updateitem(name, 0, REC_RP, 0, 0); + errors += updateitem(name, NULL, REC_RP, 0, 0); cp2 = cp; /* Step over mailbox name */ @@ -1598,31 +2655,71 @@ process(register const char *file, register const char *domain, /* Make sure text name points somewhere (if not ".") */ if (!CHECKDOT(cp3)) { add_domain(cp3, domain); - errors += updateitem(cp3, 0, REC_REF, 0, 0); + errors += updateitem(cp3, NULL, REC_REF, 0, 0); } - } else if (rtype[0] == 'a' && strcmp(rtype, "allowdupa") == 0) { + break; + + case RR_ALLOWDUPA: /* Handle "allow duplicate a" record */ add_domain(name, domain); - addr = htonl(inet_addr(cp)); - if ((int)addr == -1) { + p = extractaddr(cp, ap); + if (p != NULL) { ++errors; cp2 = cp + strlen(cp) - 1; if (cp2 >= cp && *cp2 == '\n') *cp2 = '\0'; fprintf(stderr, - "%s: %s/%s:%d bad \"allowdupa\" record ip addr \"%s\"\n", + "%s: %s/%s:%d Bad \"allowdupa\" record ip addr \"%s\"\n", prog, cwd, file, n, cp); continue; } - errors += updateitem(name, addr, 0, 0, FLG_ALLOWDUPA); - } else { + errors += updateitem(name, ap, 0, 0, FLG_ALLOWDUPA); + break; + + case RR_DNSKEY: + /* Handle "dnskey" record */ + add_domain(name, domain); + errors += updateitem(name, NULL, REC_CNAME, 0, 0); + if (checkdots(cp)) { + ++errors; + fprintf(stderr, + checkaddr(cp) ? addrfmt : dotfmt, + prog, cwd, file, n, rtype, cp); + } + + /* Make sure cname points somewhere */ + if (strcmp(cp, "@") == 0) + (void)strcpy(cp, zone); + add_domain(cp, domain); + errors += updateitem(cp, NULL, REC_REF, 0, 0); + break; + + case RR_RRSIG: + errstr = NULL; + if (!parserrsig(cp, &errstr)) + ++sawrrsig; + if (errstr != NULL) { + ++errors; + fprintf(stderr, + "%s: %s/%s:%d Bad \"rrsig\" record (%s)\n", + prog, cwd, file, n, errstr); + continue; + } + break; + + case RR_NSEC: + /* XXX */ + continue; + + default: /* Unknown record type */ ++errors; fprintf(stderr, - "%s: %s/%s:%d unknown record type \"%s\"\n", + "%s: %s/%s:%d Unknown record type \"%s\"\n", prog, cwd, file, n, rtype); add_domain(name, domain); - errors += updateitem(name, 0, REC_UNKNOWN, 0, 0); + errors += updateitem(name, NULL, REC_UNKNOWN, 0, 0); + break; } (void)strcpy(lastname, name); } @@ -1630,107 +2727,6 @@ process(register const char *file, register const char *domain, return; } -/* Records we use to detect duplicates */ -static struct duprec { - int record; - char *name; -} duprec[] = { - { REC_A, "a" }, - { REC_HINFO, "hinfo" }, - { 0, NULL }, -}; - -void -checkdups(register struct item *ip, register int records) -{ - register struct duprec *dp; - - records &= (ip->records & MASK_TEST_DUP); - if (records == 0) - return; - for (dp = duprec; dp->name != NULL; ++dp) - if ((records & dp->record) != 0) { - ++errors; - fprintf(stderr, "%s: multiple \"%s\" records for %s\n", - prog, dp->name, ip->host); - records &= ~dp->record; - } - if (records != 0) - fprintf(stderr, "%s: checkdups: records not zero (%d)\n", - prog, records); -} - -int -updateitem(register const char *host, register u_int32_t addr, - register int records, register u_int ttl, register int flags) -{ - register const char *ccp; - register int n, errs; - register u_int i; - register struct item *ip; - int foundsome; - - n = 0; - foundsome = 0; - errs = 0; - ITEMHASH(host, i, ccp); - ip = &items[i & (ITEMSIZE - 1)]; - while (n < ITEMSIZE && ip->host) { - if ((addr == 0 || addr == ip->addr || ip->addr == 0) && - *host == *ip->host && strcmp(host, ip->host) == 0) { - ++foundsome; - if (ip->addr == 0) - ip->addr = addr; - if ((records & MASK_TEST_DUP) != 0) - checkdups(ip, records); - ip->records |= records; - /* Only check differing ttl's for A and MX records */ - if (ip->ttl == 0) - ip->ttl = ttl; - else if (ttl != 0 && ip->ttl != ttl) { - fprintf(stderr, - "%s: differing ttls for %s (%u != %u)\n", - prog, ip->host, ttl, ip->ttl); - ++errs; - } - ip->flags |= flags; - /* Not done if we wildcard matched the name */ - if (addr) - return (errs); - } - ++n; - ++ip; - if (ip >= &items[ITEMSIZE]) - ip = items; - } - - if (n >= ITEMSIZE) { - fprintf(stderr, "%s: out of item slots (max %d)\n", - prog, ITEMSIZE); - exit(1); - } - - /* Done if we were wildcarding the name (and found entries for it) */ - if (addr == 0 && foundsome) - return (errs); - - /* Didn't find it, make new entry */ - ++itemcnt; - if (ip->host) { - fprintf(stderr, "%s: reusing bucket!\n", prog); - exit(1); - } - ip->addr = addr; - ip->host = savestr(host); - if ((records & MASK_TEST_DUP) != 0) - checkdups(ip, records); - ip->records |= records; - if (ttl != 0) - ip->ttl = ttl; - ip->flags |= flags; - return (errs); -} - static const char *microlist[] = { "_tcp", "_udp", @@ -1740,10 +2736,10 @@ static const char *microlist[] = { }; int -rfc1034host(register const char *host, register int recs) +rfc1034host(const char *host, int recs) { - register const char *cp, **p; - register int underok; + const char *cp, **p; + int underok; underok = 0; for (p = microlist; *p != NULL ;++p) @@ -1766,613 +2762,205 @@ rfc1034host(register const char *host, register int recs) if (!(isalpha(*cp) || isdigit(*cp) || *cp == '-' || (*cp == '/' && (recs & REC_SOA) != 0))) { fprintf(stderr, - "%s: illegal hostname \"%s\" ('%c' illegal character)\n", + "%s: Illegal hostname \"%s\" ('%c' illegal character)\n", prog, host, *cp); return (1); } if (--cp >= host && *cp == '-') { - fprintf(stderr, "%s: illegal hostname \"%s\" (ends with '-')\n", + fprintf(stderr, "%s: Illegal hostname \"%s\" (ends with '-')\n", prog, host); return (1); } return (0); } -int -nslint(void) +enum rrtype +txt2rrtype(const char *str) { - register int n, records, flags; - register struct item *ip, *lastaip, **ipp, **itemlist; - register u_int32_t addr, lastaddr, mask; - - itemlist = (struct item **)calloc(itemcnt, sizeof(*ipp)); - if (itemlist == NULL) { - fprintf(stderr, "%s: nslint: calloc: %s\n", - prog, strerror(errno)); - exit(1); - } - ipp = itemlist; - for (n = 0, ip = items; n < ITEMSIZE; ++n, ++ip) { - if (ip->host == NULL) - continue; - - /* Save entries with addresses for later check */ - if (ip->addr != 0) - *ipp++ = ip; - - if (debug > 1) { - if (debug > 2) - printf("%d\t", n); - printf("%s\t%s\t0x%x\t0x%x\n", - ip->host, intoa(ip->addr), ip->records, ip->flags); - } - - /* Check for illegal hostnames (rfc1034) */ - if (rfc1034host(ip->host, ip->records)) - ++errors; - - /* Check for missing ptr records (ok if also an ns record) */ - records = ip->records & MASK_CHECK_REC; - if ((ip->records & MASK_TEST_REC) != 0) - records |= REC_OTHER; - switch (records) { - - case REC_A | REC_OTHER | REC_PTR | REC_REF: - case REC_A | REC_OTHER | REC_PTR: - case REC_A | REC_PTR | REC_REF: - case REC_A | REC_PTR: - case REC_CNAME: - /* These are O.K. */ - break; - - case REC_CNAME | REC_REF: - ++errors; - fprintf(stderr, "%s: \"cname\" referenced by other" - " \"cname\" or \"mx\": %s\n", prog, ip->host); - break; - - case REC_OTHER | REC_REF: - case REC_OTHER: - /* - * This is only an error if there is an address - * associated with the hostname; this means - * there was a wks entry with bogus address. - * Otherwise, we have an mx or hinfo. - */ - if (ip->addr != 0) { - ++errors; - fprintf(stderr, - "%s: \"wks\" without \"a\" and \"ptr\": %s -> %s\n", - prog, ip->host, intoa(ip->addr)); - } - break; - - case REC_REF: - ++errors; - fprintf(stderr, - "%s: name referenced without other records: %s\n", - prog, ip->host); - break; - - case REC_A | REC_OTHER | REC_REF: - case REC_A | REC_OTHER: - case REC_A | REC_REF: - case REC_A: - ++errors; - fprintf(stderr, "%s: missing \"ptr\": %s -> %s\n", - prog, ip->host, intoa(ip->addr)); - break; - - case REC_OTHER | REC_PTR | REC_REF: - case REC_OTHER | REC_PTR: - case REC_PTR | REC_REF: - case REC_PTR: - ++errors; - fprintf(stderr, "%s: missing \"a\": %s -> %s\n", - prog, ip->host, intoa(ip->addr)); - break; - - case REC_A | REC_CNAME | REC_OTHER | REC_PTR | REC_REF: - case REC_A | REC_CNAME | REC_OTHER | REC_PTR: - case REC_A | REC_CNAME | REC_OTHER | REC_REF: - case REC_A | REC_CNAME | REC_OTHER: - case REC_A | REC_CNAME | REC_PTR | REC_REF: - case REC_A | REC_CNAME | REC_PTR: - case REC_A | REC_CNAME | REC_REF: - case REC_A | REC_CNAME: - case REC_CNAME | REC_OTHER | REC_PTR | REC_REF: - case REC_CNAME | REC_OTHER | REC_PTR: - case REC_CNAME | REC_OTHER | REC_REF: - case REC_CNAME | REC_OTHER: - case REC_CNAME | REC_PTR | REC_REF: - case REC_CNAME | REC_PTR: - ++errors; - fprintf(stderr, "%s: \"cname\" %s has other records\n", - prog, ip->host); - break; - - case 0: - /* Second level test */ - if ((ip->records & ~(REC_NS | REC_TXT)) == 0) - break; - /* Fall through... */ - - default: - ++errors; - fprintf(stderr, - "%s: records == 0x%x: can't happen (%s 0x%x)\n", - prog, records, ip->host, ip->records); - break; - } - - /* Check for smtp problems */ - flags = ip->flags & MASK_TEST_SMTP; - - if ((flags & FLG_SELFMX) != 0 && (ip->records & REC_A) == 0) { - ++errors; - fprintf(stderr, - "%s: self \"mx\" for %s missing \"a\" record\n", - prog, ip->host); - } - - switch (flags) { - - case 0: - case FLG_SELFMX | FLG_SMTPWKS: - /* These are O.K. */ - break; - - case FLG_SELFMX: - if ((ip->records & REC_WKS) != 0) { - ++errors; - fprintf(stderr, - "%s: smtp/tcp missing from \"wks\": %s\n", - prog, ip->host); - } - break; - - case FLG_SMTPWKS: - ++errors; - fprintf(stderr, - "%s: saw smtp/tcp without self \"mx\": %s\n", - prog, ip->host); - break; - - default: - ++errors; - fprintf(stderr, - "%s: flags == 0x%x: can't happen (%s)\n", - prog, flags, ip->host); - } - - /* Check for chained MX records */ - if ((ip->flags & (FLG_SELFMX | FLG_MXREF)) == FLG_MXREF && - (ip->records & REC_MX) != 0) { - ++errors; - fprintf(stderr, "%s: \"mx\" referenced by other" - " \"mx\" record: %s\n", prog, ip->host); - } - } - - /* Check for doubly booked addresses */ - n = ipp - itemlist; - qsort(itemlist, n, sizeof(itemlist[0]), cmpaddr); - lastaddr = 0; - ip = NULL; - for (ipp = itemlist; n > 0; ++ipp, --n) { - addr = (*ipp)->addr; - if (lastaddr == addr && - ((*ipp)->flags & FLG_ALLOWDUPA) == 0 && - (ip->flags & FLG_ALLOWDUPA) == 0) { - ++errors; - fprintf(stderr, "%s: %s in use by %s and %s\n", - prog, intoa(addr), (*ipp)->host, ip->host); - } - lastaddr = addr; - ip = *ipp; - } - - /* Check for hosts with multiple addresses on the same subnet */ - n = ipp - itemlist; - qsort(itemlist, n, sizeof(itemlist[0]), cmphost); - if (netlistcnt > 0) { - n = ipp - itemlist; - lastaip = NULL; - for (ipp = itemlist; n > 0; ++ipp, --n) { - ip = *ipp; - if ((ip->records & REC_A) == 0 || - (ip->flags & FLG_ALLOWDUPA) != 0) - continue; - if (lastaip != NULL && - strcasecmp(ip->host, lastaip->host) == 0) { - mask = findmask(ip->addr); - if (mask == 0) { - ++errors; - fprintf(stderr, - "%s: can't find mask for %s (%s)\n", - prog, ip->host, intoa(ip->addr)); - } else if ((lastaip->addr & mask) == - (ip->addr & mask) ) { - ++errors; - fprintf(stderr, - "%s: multiple \"a\" records for %s on subnet %s", - prog, ip->host, - intoa(ip->addr & mask)); - fprintf(stderr, "\n\t(%s", - intoa(lastaip->addr)); - fprintf(stderr, " and %s)\n", - intoa(ip->addr)); - } - } - lastaip = ip; - } - } - - if (debug) - printf("%s: %d/%d items used, %d error%s\n", prog, itemcnt, - ITEMSIZE, errors, errors == 1 ? "" : "s"); - return (errors != 0); -} - -/* Similar to inet_ntoa() */ -char * -intoa(u_int32_t addr) -{ - register char *cp; - register u_int byte; - register int n; - static char buf[sizeof(".xxx.xxx.xxx.xxx")]; - - cp = &buf[sizeof buf]; - *--cp = '\0'; - - n = 4; - do { - byte = addr & 0xff; - *--cp = byte % 10 + '0'; - byte /= 10; - if (byte > 0) { - *--cp = byte % 10 + '0'; - byte /= 10; - if (byte > 0) - *--cp = byte + '0'; - } - *--cp = '.'; - addr >>= 8; - } while (--n > 0); - - return cp + 1; + if (strcasecmp(str, "aaaa") == 0) + return (RR_AAAA); + if (strcasecmp(str, "a") == 0) + return (RR_A); + if (strcasecmp(str, "allowdupa") == 0) + return (RR_ALLOWDUPA); + if (strcasecmp(str, "cname") == 0) + return (RR_CNAME); + if (strcasecmp(str, "dnskey") == 0) + return (RR_DNSKEY); + if (strcasecmp(str, "hinfo") == 0) + return (RR_HINFO); + if (strcasecmp(str, "mx") == 0) + return (RR_MX); + if (strcasecmp(str, "ns") == 0) + return (RR_NS); + if (strcasecmp(str, "ptr") == 0) + return (RR_PTR); + if (strcasecmp(str, "rp") == 0) + return (RR_RP); + if (strcasecmp(str, "soa") == 0) + return (RR_SOA); + if (strcasecmp(str, "srv") == 0) + return (RR_SRV); + if (strcasecmp(str, "txt") == 0) + return (RR_TXT); + if (strcasecmp(str, "wks") == 0) + return (RR_WKS); + if (strcasecmp(str, "RRSIG") == 0) + return (RR_RRSIG); + if (strcasecmp(str, "NSEC") == 0) + return (RR_NSEC); + return (RR_UNDEF); } int -parseinaddr(register const char *cp, register u_int32_t *netp, - register u_int32_t *maskp) +samesubnet(struct addr *a1, struct addr *a2, struct network *np) { - register int i, bits; - register u_int32_t o, net, mask; + int i; + u_int32_t v1, v2; - if (!isdigit(*cp)) + /* IPv4 before IPv6 */ + if (a1->family != a2->family) return (0); - net = 0; - mask = 0xff000000; - bits = 0; - o = 0; - do { - o = o * 10 + (*cp++ - '0'); - } while (isdigit(*cp)); - net = o << 24; - /* Check for classless delegation mask width */ - if (*cp == '/') { - ++cp; - o = 0; - do { - o = o * 10 + (*cp++ - '0'); - } while (isdigit(*cp)); - bits = o; - if (bits <= 0 || bits > 32) - return (0); - } + switch (a1->family) { - if (*cp == '.' && isdigit(cp[1])) { - ++cp; - o = 0; - do { - o = o * 10 + (*cp++ - '0'); - } while (isdigit(*cp)); - net = (net >> 8) | (o << 24); - mask = 0xffff0000; - if (*cp == '.' && isdigit(cp[1])) { - ++cp; - o = 0; - do { - o = o * 10 + (*cp++ - '0'); - } while (isdigit(*cp)); - net = (net >> 8) | (o << 24); - mask = 0xffffff00; - if (*cp == '.' && isdigit(cp[1])) { - ++cp; - o = 0; - do { - o = o * 10 + (*cp++ - '0'); - } while (isdigit(*cp)); - net = (net >> 8) | (o << 24); - mask = 0xffffffff; - } + case AF_INET: + /* Apply the mask to both values */ + v1 = a1->a_addr4 & np->n_mask4; + v2 = a2->a_addr4 & np->n_mask4; + return (v1 == v2); + + case AF_INET6: + /* Apply the mask to both values */ + for (i = 0; i < 16; ++i) { + v1 = a1->a_addr6[i] & np->n_mask6[i]; + v2 = a2->a_addr6[i] & np->n_mask6[i]; + if (v1 != v2) + return (0); } + break; + + default: + abort(); } - if (strcasecmp(cp, inaddr) != 0) - return (0); - - /* Classless delegation */ - /* XXX check that calculated mask isn't smaller than octet mask? */ - if (bits != 0) - for (mask = 0, i = 31; bits > 0; --i, --bits) - mask |= (1 << i); - - *netp = net; - *maskp = mask; return (1); } -u_int32_t -parseptr(register const char *cp, u_int32_t net, u_int32_t mask, - register char **errstrp) -{ - register u_int32_t o, addr; - register int shift; - - addr = 0; - shift = 0; - while (isdigit(*cp) && shift < 32) { - o = 0; - do { - o = o * 10 + (*cp++ - '0'); - } while (isdigit(*cp)); - addr |= o << shift; - shift += 8; - if (*cp != '.') { - if (*cp == '\0') - break; - *errstrp = "missing dot"; - return (0); - } - ++cp; - } - - if (shift > 32) { - *errstrp = "more than 4 octets"; - return (0); - } - - if (shift == 32 && strcasecmp(cp, inaddr + 1) == 0) - return (addr); - -#ifdef notdef - if (*cp != '\0') { - *errstrp = "trailing junk"; - return (0); - } -#endif -#ifdef notdef - if ((~mask & net) != 0) { - *errstrp = "too many octets for net"; - return (0); - } -#endif - return (net | addr); -} - -int -checkwks(register FILE *f, register char *proto, register int *smtpp, - register char **errstrp) -{ - register int n, sawparen; - register char *cp, *serv, **p; - static char errstr[132]; - char buf[1024]; - char psbuf[512]; - - if (!protoserv_init) { - initprotoserv(); - ++protoserv_init; - } - - /* Line count */ - n = 0; - - /* Terminate protocol */ - cp = proto; - while (!isspace(*cp) && *cp != '\0') - ++cp; - if (*cp != '\0') - *cp++ = '\0'; - - /* Find services */ - *smtpp = 0; - sawparen = 0; - if (*cp == '(') { - ++sawparen; - ++cp; - while (isspace(*cp)) - ++cp; - } - for (;;) { - if (*cp == '\0') { - if (!sawparen) - break; - if (fgets(buf, sizeof(buf), f) == NULL) { - *errstrp = "mismatched parens"; - return (n); - } - ++n; - cp = buf; - while (isspace(*cp)) - ++cp; - } - /* Find end of service, converting to lowercase */ - for (serv = cp; !isspace(*cp) && *cp != '\0'; ++cp) - if (isupper(*cp)) - *cp = tolower(*cp); - if (*cp != '\0') - *cp++ = '\0'; - if (sawparen && *cp == ')') { - /* XXX should check for trailing junk */ - break; - } - - (void)sprintf(psbuf, "%s/%s", serv, proto); - - if (*serv == 's' && strcmp(psbuf, "tcp/smtp") == 0) - ++*smtpp; - - for (p = protoserv; *p != NULL; ++p) - if (*psbuf == **p && strcmp(psbuf, *p) == 0) { - break; - } - if (*p == NULL) { - sprintf(errstr, "%s unknown", psbuf); - *errstrp = errstr; - break; - } - } - - return (n); -} - -int -checkserv(register const char *serv, register char **p) -{ - for (; *p != NULL; ++p) - if (*serv == **p && strcmp(serv, *p) == 0) - return (1); - return (0); -} - +/* Set address mask in network order */ void -initprotoserv(void) +setmaskwidth(u_int w, struct network *np) { - register char *cp; - register struct servent *sp; - char psbuf[512]; + int i, j; - protoserv_len = 256; - protoserv = (char **)malloc(protoserv_len * sizeof(*protoserv)); - if (protoserv == NULL) { - fprintf(stderr, "%s: nslint: malloc: %s\n", - prog, strerror(errno)); + switch (np->family) { + + case AF_INET: + if (w <= 0) + np->n_mask4 = 0; + else + np->n_mask4 = htonl(0xffffffff << (32 - w)); + break; + + case AF_INET6: + /* XXX is this right? */ + memset(np->n_mask6, 0, sizeof(np->n_mask6)); + for (i = 0; i < w / 8; ++i) + np->n_mask6[i] = 0xff; + i = w / 8; + j = w % 8; + if (j > 0 && i < 16) + np->n_mask6[i] = 0xff << (8 - j); + break; + + default: + abort(); + } +} + +int +updateitem(const char *host, struct addr *ap, int records, u_int ttl, int flags) +{ + const char *ccp; + int n, errs; + u_int i; + struct item *ip; + int foundsome; + + n = 0; + foundsome = 0; + errs = 0; + + /* Hash the host name */ + i = 0; + ccp = host; + while (*ccp != '\0') + i = i * 37 + *ccp++; + ip = &items[i & (ITEMSIZE - 1)]; + + /* Look for a match or any empty slot */ + while (n < ITEMSIZE && ip->host != NULL) { + + if ((ap == NULL || ip->addr.family == 0 || + cmpaddr(ap, &ip->addr) == 0) && + *host == *ip->host && strcmp(host, ip->host) == 0) { + ++foundsome; + if (ip->addr.family == 0 && ap != NULL) + memmove(&ip->addr, ap, sizeof(*ap)); + if ((records & MASK_TEST_DUP) != 0) + checkdups(ip, records); + ip->records |= records; + /* Only check differing ttl's for A and MX records */ + if (ip->ttl == 0) + ip->ttl = ttl; + else if (ttl != 0 && ip->ttl != ttl) { + fprintf(stderr, + "%s: Differing ttls for %s (%u != %u)\n", + prog, ip->host, ttl, ip->ttl); + ++errs; + } + ip->flags |= flags; + /* Not done if we wildcard matched the name */ + if (ap != NULL) + return (errs); + } + ++n; + ++ip; + if (ip >= &items[ITEMSIZE]) + ip = items; + } + + if (n >= ITEMSIZE) { + fprintf(stderr, "%s: Out of item slots (max %d)\n", + prog, ITEMSIZE); exit(1); } - while ((sp = getservent()) != NULL) { - (void)sprintf(psbuf, "%s/%s", sp->s_name, sp->s_proto); - - /* Convert to lowercase */ - for (cp = psbuf; *cp != '\0'; ++cp) - if (isupper(*cp)) - *cp = tolower(*cp); - - if (protoserv_last + 1 >= protoserv_len) { - protoserv_len <<= 1; - protoserv = realloc(protoserv, - protoserv_len * sizeof(*protoserv)); - if (protoserv == NULL) { - fprintf(stderr, "%s: nslint: realloc: %s\n", - prog, strerror(errno)); - exit(1); - } - } - protoserv[protoserv_last] = savestr(psbuf); - ++protoserv_last; + /* Done if we were wildcarding the name (and found entries for it) */ + if (ap == NULL && foundsome) { + return (errs); } - protoserv[protoserv_last] = NULL; -} -/* - * Returns true if name contains a dot but not a trailing dot. - * Special case: allow a single dot if the second part is not one - * of the 3 or 4 letter top level domains or is any 2 letter TLD - */ -int -checkdots(register const char *name) -{ - register const char *cp, *cp2; - - if ((cp = strchr(name, '.')) == NULL) - return (0); - cp2 = name + strlen(name) - 1; - if (cp2 >= name && *cp2 == '.') - return (0); - - /* Return true of more than one dot*/ - ++cp; - if (strchr(cp, '.') != NULL) - return (1); - - if (strlen(cp) == 2 || - strcasecmp(cp, "gov") == 0 || - strcasecmp(cp, "edu") == 0 || - strcasecmp(cp, "com") == 0 || - strcasecmp(cp, "net") == 0 || - strcasecmp(cp, "org") == 0 || - strcasecmp(cp, "mil") == 0 || - strcasecmp(cp, "int") == 0 || - strcasecmp(cp, "nato") == 0 || - strcasecmp(cp, "arpa") == 0) - return (1); - return (0); -} - -int -cmpaddr(register const void *ip1, register const void *ip2) -{ - register u_int32_t a1, a2; - - a1 = (*(struct item **)ip1)->addr; - a2 = (*(struct item **)ip2)->addr; - - if (a1 < a2) - return (-1); - else if (a1 > a2) - return (1); - else - return (0); -} - -int -cmphost(register const void *ip1, register const void *ip2) -{ - register const char *s1, *s2; - - s1 = (*(struct item **)ip1)->host; - s2 = (*(struct item **)ip2)->host; - - return (strcasecmp(s1, s2)); -} - -/* Returns a pointer after the next token or quoted string, else NULL */ -char * -parsequoted(register char *cp) -{ - - if (*cp == '"') { - ++cp; - while (*cp != '"' && *cp != '\0') - ++cp; - if (*cp != '"') - return (NULL); - ++cp; - } else { - while (!isspace(*cp) && *cp != '\0') - ++cp; + /* Didn't find it, make new entry */ + ++itemcnt; + if (ip->host) { + fprintf(stderr, "%s: Reusing bucket!\n", prog); + exit(1); } - return (cp); + if (ap != NULL) + memmove(&ip->addr, ap, sizeof(*ap)); + ip->host = savestr(host); + if ((records & MASK_TEST_DUP) != 0) + checkdups(ip, records); + ip->records |= records; + if (ttl != 0) + ip->ttl = ttl; + ip->flags |= flags; + return (errs); } -__dead void +void usage(void) { - extern char version[]; fprintf(stderr, "Version %s\n", version); fprintf(stderr, "usage: %s [-d] [-b named.boot] [-B nslint.boot]\n", diff --git a/contrib/nslint-2.1a3/savestr.c b/contrib/nslint-3.0a2/savestr.c similarity index 90% rename from contrib/nslint-2.1a3/savestr.c rename to contrib/nslint-3.0a2/savestr.c index dad9d1a2ae..ac4eaef76f 100644 --- a/contrib/nslint-2.1a3/savestr.c +++ b/contrib/nslint-3.0a2/savestr.c @@ -21,14 +21,11 @@ #ifndef lint static const char rcsid[] = - "@(#) $Header: /u0/home/explorer/proj/ISC/git-conversion/cvsroot/bind9/contrib/nslint-2.1a3/savestr.c,v 1.1 2001/12/21 04:12:04 marka Exp $ (LBL)"; + "@(#) $Id: savestr.c,v 1.2 2006/03/09 02:27:11 leres Exp $ (LBL)"; #endif #include -#ifdef HAVE_MALLOC_H -#include -#endif #include #include diff --git a/contrib/nslint-2.1a3/savestr.h b/contrib/nslint-3.0a2/savestr.h similarity index 89% rename from contrib/nslint-2.1a3/savestr.h rename to contrib/nslint-3.0a2/savestr.h index 594baf8ccb..51b4402913 100644 --- a/contrib/nslint-2.1a3/savestr.h +++ b/contrib/nslint-3.0a2/savestr.h @@ -18,7 +18,7 @@ * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * @(#) $Header: /u0/home/explorer/proj/ISC/git-conversion/cvsroot/bind9/contrib/nslint-2.1a3/savestr.h,v 1.1 2001/12/21 04:12:05 marka Exp $ (LBL) + * @(#) $Header: savestr.h,v 1.1 97/04/22 13:30:21 leres Exp $ (LBL) */ extern char *savestr(const char *); diff --git a/contrib/nslint-2.1a3/strerror.c b/contrib/nslint-3.0a2/strerror.c similarity index 100% rename from contrib/nslint-2.1a3/strerror.c rename to contrib/nslint-3.0a2/strerror.c diff --git a/contrib/nslint-3.0a2/version.h b/contrib/nslint-3.0a2/version.h new file mode 100644 index 0000000000..879afc2808 --- /dev/null +++ b/contrib/nslint-3.0a2/version.h @@ -0,0 +1,3 @@ +/* @(#) $Id: version.h 239 2009-03-14 05:44:54Z leres $ (LBL) */ + +extern const char version[]; diff --git a/contrib/pkcs11-keygen/README b/contrib/pkcs11-keygen/README deleted file mode 100644 index caac9824d0..0000000000 --- a/contrib/pkcs11-keygen/README +++ /dev/null @@ -1 +0,0 @@ -Moved to ${top}/bin/pkcs11 diff --git a/contrib/.gitignore b/contrib/scripts/.gitignore similarity index 100% rename from contrib/.gitignore rename to contrib/scripts/.gitignore diff --git a/contrib/check-secure-delegation.pl.in b/contrib/scripts/check-secure-delegation.pl.in similarity index 100% rename from contrib/check-secure-delegation.pl.in rename to contrib/scripts/check-secure-delegation.pl.in diff --git a/contrib/check5011.pl b/contrib/scripts/check5011.pl similarity index 100% rename from contrib/check5011.pl rename to contrib/scripts/check5011.pl diff --git a/contrib/named-bootconf/named-bootconf.sh b/contrib/scripts/named-bootconf.sh similarity index 100% rename from contrib/named-bootconf/named-bootconf.sh rename to contrib/scripts/named-bootconf.sh diff --git a/contrib/nanny/nanny.pl b/contrib/scripts/nanny.pl similarity index 100% rename from contrib/nanny/nanny.pl rename to contrib/scripts/nanny.pl diff --git a/contrib/zone-edit.sh.in b/contrib/scripts/zone-edit.sh.in similarity index 100% rename from contrib/zone-edit.sh.in rename to contrib/scripts/zone-edit.sh.in diff --git a/contrib/zkt/CHANGELOG b/contrib/zkt-1.1.2/CHANGELOG similarity index 89% rename from contrib/zkt/CHANGELOG rename to contrib/zkt-1.1.2/CHANGELOG index 21af332623..792d26aa46 100644 --- a/contrib/zkt/CHANGELOG +++ b/contrib/zkt-1.1.2/CHANGELOG @@ -1,17 +1,82 @@ +zkt 1.1.2 -- 05. Dec 2012 + +* bug Fixed bug introduced by changes on inc_soa_serial() + +zkt 1.1.1 -- 27. Nov 2012 + +* bug Error fixed in zkt-conf in parsing the version number + +* misc inc_soa_serial() now returns 0 on success + +* bug Fixed bug in inc_serial() + The zone file wasn't closed on succesful change of the soa record. + Many thanks to Frederik Soderblom for fixing this. + +zkt 1.1 -- 30. Jan 2012 + +* misc Release numbering changed to three level "major.minor.revison" scheme + +* bug REMOVE_HOLD_TIME was set to 10 days only (Thanks to Chris Thompson) + +* doc Improved README file (Thanks to Jan-Piet Mens) + +* misc Fixed some typos in log messages + +* bug Fixed error in rollover.c (return code of genfirstkey() wasn't checked) + +* misc Default of KeySetDir changed from NULL to ".." (best for hierarchical mode) + Default Sig Lifetime changed from 10 days to 3 weeks (21 days) + Default ZSK lifetime changed from 3 months to 4 times the sig lifetime + Default KSK lifetime changed from 1 year to 2 years + Parameter checks in checkconfig() adapted. + KSK random device changed back from /dev/urandom to BIND default + (Be aware of some possibly long delay in key generation) + +* func New configure option to set the bind utility path manually (--enable-bindutil_path) + BIND_UTIL_PATH in config_zkt.h will no longer used + (Thanks to Mans Nilsson) + +* bug If nsec3 is turned on and KeyAlgo (or AddKeyAlgo) is RSHASHA1 + or DSA, genkey() uses algorithm type NSECRSASHA1 or NSEC3DSA instead. + (Thanks to Holger Wirtz) + +* bug Error in printconfigdiff() fixed. (Thanks to Holger Wirtz) + +* func Description added to (some of the) dnssec.conf parameters + +* func Adding a patch from Hrant Dadivanyan to always pre-publish ZSKs + +* misc Config file syntax changed to parameter names without underscores. + zkt-conf uses ZKT_VERSION string as config version + +* bug "make install-man" now installs all man page + +* bug Bug fixed in zfparse.c. zkt-conf was unable to detect an already + included dnskey.db file if another file was included. + +* misc destination dnssec-zkt removed from Makefile.in + +* func dki_prt_managedkeys() added to dki.c + zkt_list_managedkeys() added to zkt.c + zkt-ls has new option -M to print out a list of managed-keys + +* bug Bug fixed in the config parser (zconf.c). Couldn't parse + agorithm RSASHA512 correctly (Thanks to Michael Sinatra) + zkt 1.0 -- 15. June 2010 -* feat "/dev/urandom" check added to checkconfig() +* func "/dev/urandom" check added to checkconfig() -* feat Config compability switch (-C) added to zkt-conf +* func Config compability switch (-C) added to zkt-conf -* feat zkt-ls has a new switch -s to change sorting of domains from +* func zkt-ls has a new switch -s to change sorting of domains from subdomain before parent to subdomain below the parent -* feat "zkt-ls -T" prints only parent trust anchor +* func "zkt-ls -T" prints only parent trust anchor zkt 1.0rc1 -- 1. Apr 2010 (The 1.0 release was sponsored by DOMINIC(r) ) -* feat Several config parameter are printed now in a more consistent and +* func Several config parameter are printed now in a more consistent and user friendly form. SerialFormat "Incremental" could be abbreviated as "inc" on input. diff --git a/contrib/zkt/LICENSE b/contrib/zkt-1.1.2/LICENSE similarity index 100% rename from contrib/zkt/LICENSE rename to contrib/zkt-1.1.2/LICENSE diff --git a/contrib/zkt/Makefile.in b/contrib/zkt-1.1.2/Makefile.in similarity index 82% rename from contrib/zkt/Makefile.in rename to contrib/zkt-1.1.2/Makefile.in index 21219cd9d6..6daa47d168 100644 --- a/contrib/zkt/Makefile.in +++ b/contrib/zkt-1.1.2/Makefile.in @@ -55,30 +55,25 @@ OBJ_LS = $(SRC_LS:.c=.o) $(OBJ_KLS) MAN_LS = zkt-ls.8 PROG_LS= zkt-ls -SRC_ZKT = dnssec-zkt.c strlist.c zkt.c tcap.c -OBJ_ZKT = $(SRC_ZKT:.c=.o) -MAN_ZKT = dnssec-zkt.8 -PROG_ZKT= dnssec-zkt - SRC_SER = zkt-soaserial.c OBJ_SER = $(SRC_SER:.c=.o) #MAN_SER = zkt-soaserial.8 PROG_SER= zkt-soaserial -SRC_PRG = $(SRC_SIG) $(SRC_CNF) $(SRC_ZKT) $(SRC_LS) $(SRC_SER) $(SRC_KEY) +SRC_PRG = $(SRC_SIG) $(SRC_CNF) $(SRC_LS) $(SRC_SER) $(SRC_KEY) OBJ_PRG = $(SRC_PRG:.c=.o) -PROG_PRG= $(PROG_SIG) $(PROG_CNF) $(PROG_ZKT) $(PROG_LS) $(PROG_SER) $(PROG_KEY) +PROG_PRG= $(PROG_SIG) $(PROG_CNF) $(PROG_LS) $(PROG_SER) $(PROG_KEY) -MAN_ALL = $(MAN_ZKT) $(MAN_SIG) $(MAN_LS) $(MAN_CNF) $(MAN_KEY) +MAN_ALL = $(MAN_SIG) $(MAN_LS) $(MAN_CNF) $(MAN_KEY) OTHER = README README.logging TODO LICENSE CHANGELOG tags Makefile.in \ - configure examples -SAVE = $(HEADER) $(SRC_ALL) $(SRC_SIG) $(SRC_CNF) $(SRC_ZKT) $(SRC_KLS) \ + configure distribute.sh examples +SAVE = $(HEADER) $(SRC_ALL) $(SRC_SIG) $(SRC_CNF) $(SRC_KLS) \ $(SRC_LS) $(SRC_KEY) $(SRC_SER) $(OTHER) \ man configure.ac config.h.in doc #MNTSAVE = $(SAVE) configure.ac config.h.in doc -all: $(PROG_CNF) $(PROG_ZKT) $(PROG_LS) $(PROG_SIG) $(PROG_SER) $(PROG_KEY) +all: $(PROG_CNF) $(PROG_LS) $(PROG_SIG) $(PROG_SER) $(PROG_KEY) macos: ## for MAC OS (depreciated) macos: @@ -94,7 +89,6 @@ linux: $(PROG_SIG): $(OBJ_SIG) $(OBJ_ALL) Makefile $(CC) $(LDFLAGS) $(OBJ_SIG) $(OBJ_ALL) -o $(PROG_SIG) - ln -f $(PROG_SIG) dnssec-signer $(PROG_CNF): $(OBJ_CNF) $(OBJ_ALL) Makefile $(CC) $(LDFLAGS) $(OBJ_CNF) $(OBJ_ALL) -o $(PROG_CNF) @@ -102,9 +96,6 @@ $(PROG_CNF): $(OBJ_CNF) $(OBJ_ALL) Makefile $(PROG_KEY): $(OBJ_KEY) $(OBJ_ALL) Makefile $(CC) $(LDFLAGS) $(LIBS) $(OBJ_KEY) $(OBJ_ALL) -o $(PROG_KEY) -$(PROG_ZKT): $(OBJ_ZKT) $(OBJ_ALL) Makefile - $(CC) $(LDFLAGS) $(LIBS) $(OBJ_ZKT) $(OBJ_ALL) -o $(PROG_ZKT) - $(PROG_LS): $(OBJ_LS) $(OBJ_ALL) Makefile $(CC) $(LDFLAGS) $(LIBS) $(OBJ_LS) $(OBJ_ALL) -o $(PROG_LS) @@ -114,12 +105,12 @@ $(PROG_SER): $(OBJ_SER) Makefile install: ## install binaries in prefix/bin install: $(PROG_PRG) test -d $(prefix)/bin || mkdir -p $(prefix)/bin - cp dnssec-signer $(PROG_PRG) $(prefix)/bin/ + cp $(PROG_PRG) $(prefix)/bin/ install-man: ## install man pages in mandir install-man: test -d $(mandir)/man8/ || mkdir -p $(mandir)/man8/ - cp -p man/$(MAN_ZKT) man/$(MAN_SIG) $(mandir)/man8/ + cp -p man/$(MAN_LS) man/$(MAN_SIG) man/$(MAN_KEY) man/$(MAN_CNF) $(mandir)/man8/ @@ -182,7 +173,7 @@ help: ## all dependicies #:r !make depend -#gcc -MM -g -DHAVE_CONFIG_H -I. -Wall -Wmissing-prototypes zkt-signer.c zone.c ncparse.c rollover.c nscomm.c soaserial.c zkt-conf.c zfparse.c dnssec-zkt.c strlist.c zkt.c tcap.c zkt-ls.c strlist.c zkt.c tcap.c zkt-soaserial.c dki.c misc.c domaincmp.c zconf.c log.c +#gcc -MM -g -DHAVE_CONFIG_H -I. -Wall -Wmissing-prototypes zkt-signer.c zone.c ncparse.c rollover.c nscomm.c soaserial.c zkt-conf.c zfparse.c zkt-ls.c zkt-soaserial.c zkt-keyman.c dki.c misc.c domaincmp.c zconf.c log.c zkt-signer.o: zkt-signer.c config.h config_zkt.h zconf.h debug.h misc.h \ ncparse.h nscomm.h zone.h dki.h log.h soaserial.h rollover.h zone.o: zone.c config.h config_zkt.h debug.h domaincmp.h misc.h zconf.h \ @@ -198,19 +189,11 @@ zkt-conf.o: zkt-conf.c config.h config_zkt.h debug.h misc.h zconf.h \ zfparse.h zfparse.o: zfparse.c config.h config_zkt.h zconf.h log.h debug.h \ zfparse.h -dnssec-zkt.o: dnssec-zkt.c config.h config_zkt.h debug.h misc.h zconf.h \ - strlist.h dki.h zkt.h -strlist.o: strlist.c strlist.h -zkt.o: zkt.c config.h config_zkt.h dki.h misc.h zconf.h strlist.h \ - domaincmp.h tcap.h zkt.h -tcap.o: tcap.c config.h config_zkt.h tcap.h zkt-ls.o: zkt-ls.c config.h config_zkt.h debug.h misc.h zconf.h strlist.h \ dki.h tcap.h zkt.h -strlist.o: strlist.c strlist.h -zkt.o: zkt.c config.h config_zkt.h dki.h misc.h zconf.h strlist.h \ - domaincmp.h tcap.h zkt.h -tcap.o: tcap.c config.h config_zkt.h tcap.h zkt-soaserial.o: zkt-soaserial.c config.h config_zkt.h +zkt-keyman.o: zkt-keyman.c config.h config_zkt.h debug.h misc.h zconf.h \ + strlist.h dki.h zkt.h dki.o: dki.c config.h config_zkt.h debug.h domaincmp.h misc.h zconf.h \ dki.h misc.o: misc.c config.h config_zkt.h zconf.h log.h debug.h misc.h diff --git a/contrib/zkt/README b/contrib/zkt-1.1.2/README similarity index 63% rename from contrib/zkt/README rename to contrib/zkt-1.1.2/README index df1a3c609d..584fb4c7d9 100644 --- a/contrib/zkt/README +++ b/contrib/zkt-1.1.2/README @@ -1,7 +1,7 @@ # # README dnssec zone key tool # -# (c) March 2005 - Aug 2009 by Holger Zuleger hznet +# (c) March 2005 - Aug 2010 by Holger Zuleger hznet # (c) domaincmp() Aug 2005 by Karle Boss & H. Zuleger (kaho) # (c) zconf.c by Jeroen Masar & Holger Zuleger # @@ -16,13 +16,13 @@ The ZKT software is licenced under BSD (see LICENCE file) To build the software: a) Get the current version of zkt - $ wget http://www.hznet.de/dns/zkt/zkt-1.0.tar.gz + $ wget http://www.hznet.de/dns/zkt/zkt-1.1.tar.gz b) Unpack - $ tar xzvf zkt-1.0.tar.gz + $ tar xzvf zkt-1.1.tar.gz c) Change to source directory - $ cd zkt-1.0 + $ cd zkt-1.1 d) Run configure script $ ./configure @@ -45,8 +45,20 @@ b) (optional) Change default parameters $ zkt-conf -s -O "Zonedir: /var/named/zones" -w or use your prefered editor $ vi /var/named/dnssec.conf + (optional) You'll probably want to have zkt-ls work recursively + $ zkt-conf -s -O "Recursive: True" -w c) Prepare one of your zone for zkt - $ cd /var/name/zones/net/example.net # change dir to zone directory + $ cd /var/named/zones/net/example.net # change dir to zone directory $ cp zone.db # copy and rename existing zone file to "zone.db" - $ zkt-conf -w zone.db # create local dnssec.conf file and include dnskey.db into zone file + $ zkt-conf -w zone.db # create local dnssec.conf file and include dnskey.db into zone file + +d) Prepare for initial signing + $ cd /var/named/zones/net/example.net + $ touch zone.db.signed + $ zkt-signer -v -v -o example.net # -o is ORIGIN (i.e. zone name) + +e) Publish your zone + @ add `zone.db.signed' as zone file to your name server + @ publish DS contained in `dsset-example.net.' at your zone's parent + diff --git a/contrib/zkt/README.logging b/contrib/zkt-1.1.2/README.logging similarity index 95% rename from contrib/zkt/README.logging rename to contrib/zkt-1.1.2/README.logging index 7a069cbe5d..1dc458190e 100644 --- a/contrib/zkt/README.logging +++ b/contrib/zkt-1.1.2/README.logging @@ -65,10 +65,8 @@ Current logging messages: Key rollover events KSK key generation and revoking Zone reload resp. freeze/thaw of dynamic zone - LG_INFO: Currently none - planned: - Mesages for key generation and key status change - (e.g.: pre-publish -> activate; revoked -> removed etc.) + LG_INFO: + Messages for key generation/removal and ksk rollover LG_DEBUG: all "verbose" (-v) and "very verbose" (-v -v) messages Some recomended and useful logging settings diff --git a/contrib/zkt/TODO b/contrib/zkt-1.1.2/TODO similarity index 64% rename from contrib/zkt/TODO rename to contrib/zkt-1.1.2/TODO index 778f2c770f..8b3104ed2d 100644 --- a/contrib/zkt/TODO +++ b/contrib/zkt-1.1.2/TODO @@ -1,15 +1,10 @@ -TODO list as of zkt-0.99 +TODO list as of zkt-1.1 -general: - Renaming to zkt-? and split of the functions of dnssec-zkt to - separate commands - Fixed in zkt-1.0 (zkt-conf command) - -dnssec-zkt: +zkt-ls: feat option to specify the key age as remaining lifetime (Option -i inverse age ?). -dnssec-signer: +zkt-signer: bug Distribute_Cmd wouldn't work properly on dynamic zones (missing freeze, thaw; copy Keyfiles instead of signed zone file) @@ -26,18 +21,9 @@ dnssec-signer: data in the hosted domain. In other words: It's highly recommended to use the option -r when you use zkt-signer on a production zone. - Then the time of propagation is (more or less) equal to the timestamp + Than the time of propagation is (more or less) equal to the timestamp of the zone.db.signed file. - bug The max_TTL parameter should be set to the value found - in the zone. A mechanism for setting up a dnssec.conf file - for the zone specific TTL values is needed. - Fixed in zkt-1.0 (zkt-conf command) - -zkt-conf: - port Option -C (compability) to create older config files - misc Change syntax of config parameters to a more uniq form (e.g. no "_" char) - zkt-rollover: feat New command to roll keys independent of zone signing (Usefull for dynamic zones managed by BIND9.7) diff --git a/contrib/zkt/config.h.in b/contrib/zkt-1.1.2/config.h.in similarity index 100% rename from contrib/zkt/config.h.in rename to contrib/zkt-1.1.2/config.h.in diff --git a/contrib/zkt/config_zkt.h b/contrib/zkt-1.1.2/config_zkt.h similarity index 88% rename from contrib/zkt/config_zkt.h rename to contrib/zkt-1.1.2/config_zkt.h index 21ca84069c..a8feb2ae79 100644 --- a/contrib/zkt/config_zkt.h +++ b/contrib/zkt-1.1.2/config_zkt.h @@ -80,6 +80,10 @@ # define ALWAYS_CHECK_KEYSETFILES 1 #endif +#ifndef ALLOW_ALWAYS_PREPUBLISH_ZSK +# define ALLOW_ALWAYS_PREPUBLISH_ZSK 1 +#endif + #ifndef CONFIG_PATH # define CONFIG_PATH "/var/named/" #endif @@ -89,20 +93,19 @@ # define USE_TREE 1 #endif -/* BIND version and utility path will be set by ./configure script */ -#ifndef BIND_VERSION -# define BIND_VERSION 942 -#endif - +/* BIND version and utility path *must* be set by ./configure script */ #ifndef BIND_UTIL_PATH -# define BIND_UTIL_PATH "/usr/local/sbin/" +# error ("BIND_UTIL_PATH not set. Please run configure with --enable-bind_util_path="); +#endif +#ifndef BIND_VERSION +# define BIND_VERSION 970 #endif #ifndef ZKT_VERSION # if defined(USE_TREE) && USE_TREE -# define ZKT_VERSION "vT0.99c (c) Feb 2005 - Aug 2009 Holger Zuleger hznet.de" +# define ZKT_VERSION "vT1.1.0 (c) Feb 2005 - Jan 2012 Holger Zuleger hznet.de" # else -# define ZKT_VERSION "v0.99c (c) Feb 2005 - Aug 2009 Holger Zuleger hznet.de" +# define ZKT_VERSION "v1.1.0 (c) Feb 2005 - Jan 2012 Holger Zuleger hznet.de" # endif #endif diff --git a/contrib/zkt/configure b/contrib/zkt-1.1.2/configure similarity index 98% rename from contrib/zkt/configure rename to contrib/zkt-1.1.2/configure index 6f34793f0a..97cbbd2410 100755 --- a/contrib/zkt/configure +++ b/contrib/zkt-1.1.2/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.61 for ZKT 1.0. +# Generated by GNU Autoconf 2.61 for ZKT 1.1.2. # # Report bugs to . # @@ -574,8 +574,8 @@ SHELL=${CONFIG_SHELL-/bin/sh} # Identity of this package. PACKAGE_NAME='ZKT' PACKAGE_TARNAME='zkt' -PACKAGE_VERSION='1.0' -PACKAGE_STRING='ZKT 1.0' +PACKAGE_VERSION='1.1.2' +PACKAGE_STRING='ZKT 1.1.2' PACKAGE_BUGREPORT='Holger Zuleger hznet.de' ac_unique_file="zkt-signer.c" @@ -1179,7 +1179,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures ZKT 1.0 to adapt to many kinds of systems. +\`configure' configures ZKT 1.1.2 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1240,13 +1240,16 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of ZKT 1.0:";; + short | recursive ) echo "Configuration of ZKT 1.1.2:";; esac cat <<\_ACEOF Optional Features: --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) --enable-FEATURE[=ARG] include FEATURE [ARG=yes] + --enable-bind_util_path=PATH + Define path to BIND utilities, default is path to + dnssec-signzone --disable-color-mode zkt without colors --enable-print-timezone print out timezone --enable-print-age print age with year @@ -1339,7 +1342,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -ZKT configure 1.0 +ZKT configure 1.1.2 generated by GNU Autoconf 2.61 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, @@ -1353,7 +1356,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by ZKT $as_me 1.0, which was +It was created by ZKT $as_me 1.1.2, which was generated by GNU Autoconf 2.61. Invocation command line was $ $0 $@ @@ -2639,7 +2642,25 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu ### find out the path to BIND utils and version -# Extract the first word of "dnssec-signzone", so it can be a program name with args. +# Check whether --enable-bind_util_path was given. +if test "${enable_bind_util_path+set}" = set; then + enableval=$enable_bind_util_path; bind_util_path=$enableval +fi + +if test -n "$bind_util_path" +then + if test -x "$bind_util_path/dnssec-signzone" + then + { echo "$as_me:$LINENO: BIND utilities path successfully set to $bind_util_path." >&5 +echo "$as_me: BIND utilities path successfully set to $bind_util_path." >&6;} + SIGNZONE_PROG=$bind_util_path/dnssec-signzone + else + { { echo "$as_me:$LINENO: error: *** 'BIND utility not found in $bind_util_path, please use --enable-bind_util_path= to set it manually' ***" >&5 +echo "$as_me: error: *** 'BIND utility not found in $bind_util_path, please use --enable-bind_util_path= to set it manually' ***" >&2;} + { (exit 1); exit 1; }; } + fi +else + # Extract the first word of "dnssec-signzone", so it can be a program name with args. set dummy dnssec-signzone; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } @@ -2679,25 +2700,32 @@ echo "${ECHO_T}no" >&6; } fi -if test -z "$SIGNZONE_PROG" ; then - { echo "$as_me:$LINENO: WARNING: *** 'BIND dnssec-signzone' missing, use default BIND_UTIL_PATH and BIND_VERSION setting out of config_zkt.h ***" >&5 -echo "$as_me: WARNING: *** 'BIND dnssec-signzone' missing, use default BIND_UTIL_PATH and BIND_VERSION setting out of config_zkt.h ***" >&2;} -else - bind_util_path=`dirname "$SIGNZONE_PROG"` - # define BIND_UTIL_PATH in config.h.in + if test -n "$SIGNZONE_PROG" + then + bind_util_path=`dirname "$SIGNZONE_PROG"` + { echo "$as_me:$LINENO: BIND utilities path automatically set to $bind_util_path." >&5 +echo "$as_me: BIND utilities path automatically set to $bind_util_path." >&6;} + else + { { echo "$as_me:$LINENO: error: *** 'could not determine BIND utility path, please use --enable-bind_util_path= ' to set it manually ***" >&5 +echo "$as_me: error: *** 'could not determine BIND utility path, please use --enable-bind_util_path= ' to set it manually ***" >&2;} + { (exit 1); exit 1; }; } + fi +fi +### By now, we have a path. We'll use it. +# define BIND_UTIL_PATH in config.h.in cat >>confdefs.h <<_ACEOF #define BIND_UTIL_PATH "$bind_util_path/" _ACEOF - # define BIND_VERSION in config.h.in - bind_version=`$SIGNZONE_PROG 2>&1 | grep "Version:" | tr -cd "[0-9]\012" | sed "s/^\(...\).*/\1/"` +# define BIND_VERSION in config.h.in +bind_version=`$SIGNZONE_PROG 2>&1 | grep "Version:" | tr -cd "[0-9]\012" | sed "s/^\(...\).*/\1/"` cat >>confdefs.h <<_ACEOF #define BIND_VERSION $bind_version _ACEOF -fi + ac_ext=c @@ -3713,7 +3741,6 @@ if test "${enable_printyear+set}" = set; then enableval=$enable_printyear; fi -test "$printyear" = yes && printyear=1 printyear=0 if test "$enable_printyear" = "yes"; then printyear=1 @@ -3836,7 +3863,7 @@ _ACEOF cat >>confdefs.h <<_ACEOF -#define ZKT_COPYRIGHT "(c) Feb 2005 - Mar 2010 Holger Zuleger hznet.de" +#define ZKT_COPYRIGHT "(c) Feb 2005 - Nov 2012 Holger Zuleger hznet.de" _ACEOF @@ -6505,7 +6532,7 @@ exec 6>&1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by ZKT $as_me 1.0, which was +This file was extended by ZKT $as_me 1.1.2, which was generated by GNU Autoconf 2.61. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -6554,7 +6581,7 @@ Report bugs to ." _ACEOF cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\\ -ZKT config.status 1.0 +ZKT config.status 1.1.2 configured by $0, generated by GNU Autoconf 2.61, with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\" diff --git a/contrib/zkt/configure.ac b/contrib/zkt-1.1.2/configure.ac similarity index 75% rename from contrib/zkt/configure.ac rename to contrib/zkt-1.1.2/configure.ac index c10790a2c9..6bdc5e99c6 100644 --- a/contrib/zkt/configure.ac +++ b/contrib/zkt-1.1.2/configure.ac @@ -12,13 +12,15 @@ # 2008-10-01 if BIND_UTIL_PATH check failed, use config_zkt.h setting as last resort # 2009-07-30 check for timegm() added # 2009-12-02 the tr command in bind_version= didn't work well under solaris +# 2010-10-14 new option to specify BIND_UTIL_PATH on command line (thanks to Mans Nilsson) +# No build in default BIND_UTIL_PATH used anymore # dnl AC_PREREQ(2.59) ### Package name and current version -AC_INIT(ZKT, 1.0, Holger Zuleger hznet.de) -dnl AC_REVISION($Revision: 1.2 $) +AC_INIT(ZKT, 1.1.2, Holger Zuleger hznet.de) +dnl AC_REVISION($Revision: 1.397 $) ### Files to test to check if src dir contains the package AC_CONFIG_SRCDIR([zkt-signer.c]) @@ -29,17 +31,33 @@ AC_CONFIG_HEADER([config.h]) AC_PROG_CC ### find out the path to BIND utils and version -AC_PATH_PROG([SIGNZONE_PROG], dnssec-signzone) -if test -z "$SIGNZONE_PROG" ; then - AC_MSG_WARN([*** 'BIND dnssec-signzone' missing, use default BIND_UTIL_PATH and BIND_VERSION setting out of config_zkt.h ***]) +AC_ARG_ENABLE([bind_util_path], AS_HELP_STRING( [--enable-bind_util_path=PATH], [Define path to BIND utilities, default is path to dnssec-signzone]), [bind_util_path=$enableval]) +if test -n "$bind_util_path" +then + if test -x "$bind_util_path/dnssec-signzone" + then + AC_MSG_NOTICE([BIND utilities path successfully set to $bind_util_path.]) + SIGNZONE_PROG=$bind_util_path/dnssec-signzone + else + AC_MSG_ERROR([*** 'BIND utility not found in $bind_util_path, please use --enable-bind_util_path= to set it manually' ***]) + fi else - bind_util_path=`dirname "$SIGNZONE_PROG"` - # define BIND_UTIL_PATH in config.h.in - AC_DEFINE_UNQUOTED(BIND_UTIL_PATH, "$bind_util_path/", Path to BIND utilities) - # define BIND_VERSION in config.h.in - bind_version=`$SIGNZONE_PROG 2>&1 | grep "Version:" | tr -cd "[[0-9]]\012" | sed "s/^\(...\).*/\1/"` - AC_DEFINE_UNQUOTED(BIND_VERSION, $bind_version, BIND version as integer number without dots) + AC_PATH_PROG([SIGNZONE_PROG], dnssec-signzone) + if test -n "$SIGNZONE_PROG" + then + bind_util_path=`dirname "$SIGNZONE_PROG"` + AC_MSG_NOTICE([BIND utilities path automatically set to $bind_util_path.]) + else + AC_MSG_ERROR([*** 'could not determine BIND utility path, please use --enable-bind_util_path= ' to set it manually ***]) + fi fi +### By now, we have a path. We'll use it. +# define BIND_UTIL_PATH in config.h.in +AC_DEFINE_UNQUOTED(BIND_UTIL_PATH, "$bind_util_path/", Path to BIND utilities) +# define BIND_VERSION in config.h.in +bind_version=`$SIGNZONE_PROG 2>&1 | grep "Version:" | tr -cd "[[0-9]]\012" | sed "s/^\(...\).*/\1/"` +AC_DEFINE_UNQUOTED(BIND_VERSION, $bind_version, BIND version as integer number without dots) + AC_CHECK_TYPE(uint, unsigned int) AC_CHECK_TYPE(ulong, unsigned long) @@ -68,7 +86,6 @@ AS_IF([test "$enable_printtimezone" = "yes"], [printtimezone=1]) AC_DEFINE_UNQUOTED(PRINT_TIMEZONE, $printtimezone, print out timezone) AC_ARG_ENABLE([printyear], AS_HELP_STRING( [--enable-print-age], [print age with year])) -test "$printyear" = yes && printyear=1 printyear=0 AS_IF([test "$enable_printyear" = "yes"], [printyear=1]) AC_DEFINE_UNQUOTED(PRINT_AGE_WITH_YEAR, $printyear, print age with year) @@ -123,7 +140,7 @@ fi AC_DEFINE_UNQUOTED(USE_TREE, $usetree, Use TREE data structure for dnssec-zkt) AC_DEFINE_UNQUOTED(ZKT_VERSION, "$t$PACKAGE_VERSION", ZKT version string) -AC_DEFINE_UNQUOTED(ZKT_COPYRIGHT, "(c) Feb 2005 - Mar 2010 Holger Zuleger hznet.de", ZKT copyright string) +AC_DEFINE_UNQUOTED(ZKT_COPYRIGHT, "(c) Feb 2005 - Nov 2012 Holger Zuleger hznet.de", ZKT copyright string) ### Checks for libraries. diff --git a/contrib/zkt/debug.h b/contrib/zkt-1.1.2/debug.h similarity index 100% rename from contrib/zkt/debug.h rename to contrib/zkt-1.1.2/debug.h diff --git a/contrib/zkt-1.1.2/distribute.sh b/contrib/zkt-1.1.2/distribute.sh new file mode 100755 index 0000000000..d9e958952c --- /dev/null +++ b/contrib/zkt-1.1.2/distribute.sh @@ -0,0 +1,82 @@ +################################################################# +# +# @(#) distribute.sh -- distribute and reload command for dnssec-signer +# +# (c) Jul 2008 Holger Zuleger hznet.de +# +# Feb 2010 action "distkeys" added but currently not used +# +# This shell script will be run by zkt-signer as a distribution +# and reload command if: +# +# a) the dnssec.conf file parameter Distribute_Cmd: points +# to this file +# and +# b) the user running the zkt-signer command is not +# root (uid==0) +# and +# c) the owner of this shell script is the same as the +# running user and the access rights don't allow writing +# for anyone except the owner +# or +# d) the group of this shell script is the same as the +# running user and the access rights don't allow writing +# for anyone except the group +# +################################################################# + +# set path to rndc and scp +PATH="/bin:/usr/bin:/usr/local/sbin" + +# remote server and directory +server=localhost # fqdn of remote name server +dir=/var/named # zone directory on remote name server + +progname=$0 +usage() +{ + echo "usage: $progname distkeys|distribute|reload []" 1>&2 + test $# -gt 0 && echo $* 1>&2 + exit 1 +} + +if test $# -lt 3 +then + usage +fi +action="$1" +zone="$2" +zonefile="$3" +view="" +test $# -gt 3 && view="$4" + +case $action in +distkeys) + if test -n "$view" + then + : echo "scp K$zone+* $server:$dir/$view/$zone/" + scp K$zone+* $server:$dir/$view/$zone/ + else + : echo "scp K$zone+* $server:$dir/$zone/" + scp K$zone+* $server:$dir/$zone/ + fi + ;; +distribute) + if test -n "$view" + then + : echo "scp $zonefile $server:$dir/$view/$zone/" + scp $zonefile $server:$dir/$view/$zone/ + else + : echo "scp $zonefile $server:$dir/$zone/" + scp $zonefile $server:$dir/$zone/ + fi + ;; +reload) + : echo "rndc $action $zone $view" + rndc $action $zone $view + ;; +*) + usage "illegal action $action" + ;; +esac + diff --git a/contrib/zkt/dki.c b/contrib/zkt-1.1.2/dki.c similarity index 97% rename from contrib/zkt/dki.c rename to contrib/zkt-1.1.2/dki.c index 5cd2fa21e6..80fa5cefe2 100644 --- a/contrib/zkt/dki.c +++ b/contrib/zkt-1.1.2/dki.c @@ -789,6 +789,39 @@ int dki_prt_trustedkey (const dki_t *dkp, FILE *fp) return len; } +/***************************************************************** +** dki_prt_managedkey () +*****************************************************************/ +int dki_prt_managedkey (const dki_t *dkp, FILE *fp) +{ + char *p; + int spaces; + int len = 0; + + if ( dkp == NULL ) + return len; + len += fprintf (fp, "\"%s\" ", dkp->name); + spaces = 22 - (strlen (dkp->name) + 3); + len += fprintf (fp, "initial-key "); + spaces -= 13; + len += fprintf (fp, "%*s", spaces > 0 ? spaces : 0 , " "); + len += fprintf (fp, "%d 3 %d ", dkp->flags, dkp->algo); + if ( spaces < 0 ) + len += fprintf (fp, "\n\t\t\t%7s", " "); + len += fprintf (fp, "\""); + for ( p = dkp->pubkey; *p ; p++ ) + if ( *p == ' ' ) + len += fprintf (fp, "\n\t\t\t\t"); + else + putc (*p, fp), len += 1; + + if ( dki_isrevoked (dkp) ) + len += fprintf (fp, "\" ; # key id = %u (original key id = %u)\n\n", (dkp->tag + 128) % 65535, dkp->tag); + else + len += fprintf (fp, "\" ; # key id = %u\n\n", dkp->tag); + return len; +} + /***************************************************************** ** dki_cmp () return <0 | 0 | >0 diff --git a/contrib/zkt/dki.h b/contrib/zkt-1.1.2/dki.h similarity index 99% rename from contrib/zkt/dki.h rename to contrib/zkt-1.1.2/dki.h index d0712b14bf..caedddb483 100644 --- a/contrib/zkt/dki.h +++ b/contrib/zkt-1.1.2/dki.h @@ -151,6 +151,7 @@ extern int dki_allcmp (const dki_t *a, const dki_t *b); extern dki_t *dki_read (const char *dir, const char *fname); extern int dki_readdir (const char *dir, dki_t **listp, int recursive); extern int dki_prt_trustedkey (const dki_t *dkp, FILE *fp); +extern int dki_prt_managedkey (const dki_t *dkp, FILE *fp); extern int dki_prt_dnskey (const dki_t *dkp, FILE *fp); extern int dki_prt_dnskeyttl (const dki_t *dkp, FILE *fp, int ttl); extern int dki_prt_dnskey_raw (const dki_t *dkp, FILE *fp); diff --git a/contrib/zkt/doc/KeyRollover.ms b/contrib/zkt-1.1.2/doc/KeyRollover.ms similarity index 100% rename from contrib/zkt/doc/KeyRollover.ms rename to contrib/zkt-1.1.2/doc/KeyRollover.ms diff --git a/contrib/zkt-1.1.2/doc/KeyRollover.ps b/contrib/zkt-1.1.2/doc/KeyRollover.ps new file mode 100644 index 0000000000..7f22fdead4 --- /dev/null +++ b/contrib/zkt-1.1.2/doc/KeyRollover.ps @@ -0,0 +1,304 @@ +%!PS-Adobe-3.0 +%%Creator: groff version 1.19.2 +%%CreationDate: Mon Jul 14 23:23:30 2008 +%%DocumentNeededResources: font Times-Bold +%%+ font Times-Roman +%%+ font Courier +%%+ font Symbol +%%DocumentSuppliedResources: procset grops 1.19 2 +%%Pages: 1 +%%PageOrder: Ascend +%%DocumentMedia: Default 595 842 0 () () +%%Orientation: Portrait +%%EndComments +%%BeginDefaults +%%PageMedia: Default +%%EndDefaults +%%BeginProlog +%%BeginResource: procset grops 1.19 2 +%!PS-Adobe-3.0 Resource-ProcSet +/setpacking where{ +pop +currentpacking +true setpacking +}if +/grops 120 dict dup begin +/SC 32 def +/A/show load def +/B{0 SC 3 -1 roll widthshow}bind def +/C{0 exch ashow}bind def +/D{0 exch 0 SC 5 2 roll awidthshow}bind def +/E{0 rmoveto show}bind def +/F{0 rmoveto 0 SC 3 -1 roll widthshow}bind def +/G{0 rmoveto 0 exch ashow}bind def +/H{0 rmoveto 0 exch 0 SC 5 2 roll awidthshow}bind def +/I{0 exch rmoveto show}bind def +/J{0 exch rmoveto 0 SC 3 -1 roll widthshow}bind def +/K{0 exch rmoveto 0 exch ashow}bind def +/L{0 exch rmoveto 0 exch 0 SC 5 2 roll awidthshow}bind def +/M{rmoveto show}bind def +/N{rmoveto 0 SC 3 -1 roll widthshow}bind def +/O{rmoveto 0 exch ashow}bind def +/P{rmoveto 0 exch 0 SC 5 2 roll awidthshow}bind def +/Q{moveto show}bind def +/R{moveto 0 SC 3 -1 roll widthshow}bind def +/S{moveto 0 exch ashow}bind def +/T{moveto 0 exch 0 SC 5 2 roll awidthshow}bind def +/SF{ +findfont exch +[exch dup 0 exch 0 exch neg 0 0]makefont +dup setfont +[exch/setfont cvx]cvx bind def +}bind def +/MF{ +findfont +[5 2 roll +0 3 1 roll +neg 0 0]makefont +dup setfont +[exch/setfont cvx]cvx bind def +}bind def +/level0 0 def +/RES 0 def +/PL 0 def +/LS 0 def +/MANUAL{ +statusdict begin/manualfeed true store end +}bind def +/PLG{ +gsave newpath clippath pathbbox grestore +exch pop add exch pop +}bind def +/BP{ +/level0 save def +1 setlinecap +1 setlinejoin +72 RES div dup scale +LS{ +90 rotate +}{ +0 PL translate +}ifelse +1 -1 scale +}bind def +/EP{ +level0 restore +showpage +}def +/DA{ +newpath arcn stroke +}bind def +/SN{ +transform +.25 sub exch .25 sub exch +round .25 add exch round .25 add exch +itransform +}bind def +/DL{ +SN +moveto +SN +lineto stroke +}bind def +/DC{ +newpath 0 360 arc closepath +}bind def +/TM matrix def +/DE{ +TM currentmatrix pop +translate scale newpath 0 0 .5 0 360 arc closepath +TM setmatrix +}bind def +/RC/rcurveto load def +/RL/rlineto load def +/ST/stroke load def +/MT/moveto load def +/CL/closepath load def +/Fr{ +setrgbcolor fill +}bind def +/setcmykcolor where{ +pop +/Fk{ +setcmykcolor fill +}bind def +}if +/Fg{ +setgray fill +}bind def +/FL/fill load def +/LW/setlinewidth load def +/Cr/setrgbcolor load def +/setcmykcolor where{ +pop +/Ck/setcmykcolor load def +}if +/Cg/setgray load def +/RE{ +findfont +dup maxlength 1 index/FontName known not{1 add}if dict begin +{ +1 index/FID ne{def}{pop pop}ifelse +}forall +/Encoding exch def +dup/FontName exch def +currentdict end definefont pop +}bind def +/DEFS 0 def +/EBEGIN{ +moveto +DEFS begin +}bind def +/EEND/end load def +/CNT 0 def +/level1 0 def +/PBEGIN{ +/level1 save def +translate +div 3 1 roll div exch scale +neg exch neg exch translate +0 setgray +0 setlinecap +1 setlinewidth +0 setlinejoin +10 setmiterlimit +[]0 setdash +/setstrokeadjust where{ +pop +false setstrokeadjust +}if +/setoverprint where{ +pop +false setoverprint +}if +newpath +/CNT countdictstack def +userdict begin +/showpage{}def +/setpagedevice{}def +}bind def +/PEND{ +countdictstack CNT sub{end}repeat +level1 restore +}bind def +end def +/setpacking where{ +pop +setpacking +}if +%%EndResource +%%EndProlog +%%BeginSetup +%%BeginFeature: *PageSize Default +<< /PageSize [ 595 842 ] /ImagingBBox null >> setpagedevice +%%EndFeature +%%IncludeResource: font Times-Bold +%%IncludeResource: font Times-Roman +%%IncludeResource: font Courier +%%IncludeResource: font Symbol +grops begin/DEFS 1 dict def DEFS begin/u{.001 mul}bind def end/RES 72 +def/PL 841.89 def/LS false def/ENC0[/asciicircum/asciitilde/Scaron +/Zcaron/scaron/zcaron/Ydieresis/trademark/quotesingle/Euro/.notdef +/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef +/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef +/.notdef/.notdef/.notdef/space/exclam/quotedbl/numbersign/dollar/percent +/ampersand/quoteright/parenleft/parenright/asterisk/plus/comma/hyphen +/period/slash/zero/one/two/three/four/five/six/seven/eight/nine/colon +/semicolon/less/equal/greater/question/at/A/B/C/D/E/F/G/H/I/J/K/L/M/N/O +/P/Q/R/S/T/U/V/W/X/Y/Z/bracketleft/backslash/bracketright/circumflex +/underscore/quoteleft/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y +/z/braceleft/bar/braceright/tilde/.notdef/quotesinglbase/guillemotleft +/guillemotright/bullet/florin/fraction/perthousand/dagger/daggerdbl +/endash/emdash/ff/fi/fl/ffi/ffl/dotlessi/dotlessj/grave/hungarumlaut +/dotaccent/breve/caron/ring/ogonek/quotedblleft/quotedblright/oe/lslash +/quotedblbase/OE/Lslash/.notdef/exclamdown/cent/sterling/currency/yen +/brokenbar/section/dieresis/copyright/ordfeminine/guilsinglleft +/logicalnot/minus/registered/macron/degree/plusminus/twosuperior +/threesuperior/acute/mu/paragraph/periodcentered/cedilla/onesuperior +/ordmasculine/guilsinglright/onequarter/onehalf/threequarters +/questiondown/Agrave/Aacute/Acircumflex/Atilde/Adieresis/Aring/AE +/Ccedilla/Egrave/Eacute/Ecircumflex/Edieresis/Igrave/Iacute/Icircumflex +/Idieresis/Eth/Ntilde/Ograve/Oacute/Ocircumflex/Otilde/Odieresis +/multiply/Oslash/Ugrave/Uacute/Ucircumflex/Udieresis/Yacute/Thorn +/germandbls/agrave/aacute/acircumflex/atilde/adieresis/aring/ae/ccedilla +/egrave/eacute/ecircumflex/edieresis/igrave/iacute/icircumflex/idieresis +/eth/ntilde/ograve/oacute/ocircumflex/otilde/odieresis/divide/oslash +/ugrave/uacute/ucircumflex/udieresis/yacute/thorn/ydieresis]def +/Courier@0 ENC0/Courier RE/Times-Roman@0 ENC0/Times-Roman RE +/Times-Bold@0 ENC0/Times-Bold RE +%%EndSetup +%%Page: 1 1 +%%BeginPageSetup +BP +%%EndPageSetup +/F0 10/Times-Bold@0 SF 2.5(1. DNS)72 84 R -.25(Ke)2.5 G 2.5(yS).25 G +(tatus T)-2.5 E(ypes and Filenames)-.74 E -.25(Ke)189.22 105.6 S 63.235 +(yF).25 G 40.415(ilename used)-63.235 F -.25(fo)2.5 G 29.33(rd).25 G +(nssec-zkt)-29.33 E -.74(Ty)168.35 117.6 S 12.5(pe Flags).74 F 23.57 +(public pri)16.95 F -.1(va)-.1 G 21.62(te signing?).1 F(label)40.72 E +(Status)99.34 111.6 Q .4 LW 473.8 122.1 72 122.1 DL/F1 10/Times-Roman@0 +SF(acti)72 131.6 Q 70.67 -.15(ve Z)-.25 H 18.43(SK 256).15 F(.k)18.89 E +26.69 -.15(ey .)-.1 H(pri).15 E -.25(va)-.25 G 46.605(te y).25 F/F2 10 +/Courier@0 SF(act ive)30.285 E F1 17.32(KSK 257)168.35 143.6 R(.k)18.89 +E 26.69 -.15(ey .)-.1 H(pri).15 E -.25(va)-.25 G 46.605(te y).25 F F2 +(act ive)30.285 E F1 54.96(published ZSK)72 158 R 16.39(256 .k)20.93 F +26.69 -.15(ey .)-.1 H 34.985(published n).15 F F2(pub lished)30.285 E F1 +17.32(KSK 257)168.35 170 R(.k)18.89 E 26.69 -.15(ey .)-.1 H(pri).15 E +-.25(va)-.25 G 46.605(te n).25 F F2(sta ndby)30.285 E F1 +(depreciated \(retired\))72 184.4 Q 18.43(ZSK 256)15 F(.k)18.89 E 26.69 +-.15(ey .)-.1 H 27.785(depreciated n).15 F F2(dep reciated)30.285 E F1 +(re)72 198.8 Q -.2(vo)-.25 G -.1(ke).2 G 64.69(dK).1 G 17.32(SK 385) +-64.69 F(.k)18.89 E 26.69 -.15(ey .)-.1 H(pri).15 E -.25(va)-.25 G +46.605(te y).25 F F2(rev oked)30.285 E F1(remo)72 213.2 Q -.15(ve)-.15 G +61.66(dK).15 G 17.32(SK 257)-61.66 F(k*.k)18.89 E 16.69 -.15(ey k)-.1 H +(*.pri).15 E -.25(va)-.25 G 36.605(te n).25 F F2(-)30.285 E F1 80.52 +(sep KSK)72 227.6 R 16.39(257 .k)19.82 F 26.69 -.15(ey -)-.1 H(n)75.695 +E F2(sep)30.285 E 394.3 96.1 394.3 230.1 DL 343.73 96.1 343.73 230.1 DL +280.14 108.1 280.14 230.1 DL 234.56 96.1 234.56 230.1 DL 196.78 108.1 +196.78 230.1 DL 160.85 96.1 160.85 230.1 DL F0 2.5(2. K)72 257.6 R(ey r) +-.25 E(ollo)-.18 E -.1(ve)-.1 G(r).1 E 2.5(2.1. Zone)72 285.2 R +(signing k)2.5 E(ey r)-.1 E(ollo)-.18 E -.1(ve)-.1 G 2.5(r\().1 G(pr) +-2.5 E(e-publish RFC4641\))-.18 E 57.47(action cr)75.34 306.8 R 27.035 +(eate change)-.18 F -.18(re)23.045 G(mo).18 E -.1(ve)-.1 G -.1(ke)72 +318.8 S 65.025(ys newk).1 F 24.395(ey sig)-.1 F -.1(ke)2.5 G 23.775(yo) +.1 G(ld k)-23.775 E(ey)-.1 E 301.18 323.3 72 323.3 DL F1 23.62 +(zsk1 acti)72 332.8 R 12.8 -.15(ve a)-.25 H(cti).15 E 28.21 -.15(ve d) +-.25 H(epreciated).15 E 62.1(zsk2 published)72 344.8 R(acti)15 E 35.41 +-.15(ve a)-.25 H(cti).15 E -.15(ve)-.25 G 12.5(RRSIG zsk1)72 360.4 R +33.06(zsk1 zsk2)20.15 F(zsk2)42.76 E 262.41 297.3 262.41 362.9 DL 201.32 +297.3 201.32 362.9 DL 147.43 297.3 147.43 362.9 DL 108.95 309.3 108.95 +362.9 DL F0 2.5(2.2. K)72 390.4 R(ey signing k)-.25 E(ey r)-.1 E(ollo) +-.18 E -.1(ve)-.1 G 2.5(r\().1 G(double signatur)-2.5 E 2.5(eR)-.18 G +(FC4641\))-2.5 E 58.165(action cr)118.39 412 R 26.63(eate change)-.18 F +-.18(re)21.945 G(mo).18 E -.1(ve)-.1 G -.1(ke)72 424 S 108.77(ys newk).1 +F 16.58(ey delegation)-.1 F(old k)15.265 E(ey)-.1 E 343.42 428.5 72 +428.5 DL F1(ksk)72 438 Q(1)5 I(acti)68.61 -5 M 12.8 -.15(ve a)-.25 H +(cti).15 E 29.6 -.15(ve a)-.25 H(cti).15 E -.15(ve)-.25 G(ksk)72 450 Q +(2)5 I(acti)107.09 -5 M 29.6 -.15(ve a)-.25 H(cti).15 E 33.21 -.15(ve a) +-.25 H(cti).15 E -.15(ve)-.25 G(DNSKEY RRSIG)72 465.6 Q 17.09 +(ksk1 ksk1,ksk2)15 F 16.11(ksk1,ksk2 ksk2)15 F(DS at parent)72 481.2 Q +(DS)37.51 E(1)5 I(DS)20.7 -5 M(1)5 I(DS)37.5 -5 M(2)5 I(DS)41.11 -5 M(2) +5 I 304.65 402.5 304.65 483.7 DL 245.76 402.5 245.76 483.7 DL 190.48 +402.5 190.48 483.7 DL 152 414.5 152 483.7 DL F0 2.5(2.3. K)72 511.2 R +(ey signing k)-.25 E(ey r)-.1 E(ollo)-.18 E -.1(ve)-.1 G 2.5(r\().1 G +(rfc5011\))-2.5 E 63.465(action newk)118.39 532.8 R 19.855(ey change)-.1 +F(delegation)2.5 E -.1(ke)72 544.8 S 112.32(ys &).1 F -.18(ro)2.5 G(llo) +.18 E -.1(ve)-.1 G 15.525(r&).1 G -.18(re)-13.025 G(mo).18 E .2 -.1 +(ve o)-.1 H(ld k).1 E(ey)-.1 E 341.33 549.3 72 549.3 DL F1(ksk)72 558.8 +Q(1)5 I(acti)68.61 -5 M 20.43 -.15(ve r)-.25 H -2.2 -.25(ev o).15 H -.1 +(ke).25 G<87>.1 -2.4 M(ksk)72 570.8 Q(2)5 I 12.5(standby acti)68.61 -5 N +33.65 -.15(ve a)-.25 H(cti).15 E -.15(ve)-.25 G(ksk)72 582.8 Q(3)5 I +(standby)114.72 -5 M<88>-2.4 I(standby)23.22 2.4 M(DNSKEY RRSIG)72 598.4 +Q 24.72(ksk1 ksk1,ksk2)15 F(ksk2)19.05 E -.15(Pa)72 614 S(rent DS).15 E +(DS)46.82 E(1)5 I(DS)28.33 -5 M(1)5 I(DS)41.55 -5 M(2)5 I(DS)159.5 626 Q +(2)5 I(DS)28.33 -5 M(2)5 I(DS)41.55 -5 M(3)5 I 257.44 523.3 257.44 628.5 +DL 198.11 523.3 198.11 628.5 DL 152 535.3 152 628.5 DL<87>72 645.2 Q(Ha) +2.5 2.4 M .3 -.15(ve t)-.2 H 2.5(or).15 G(emain until the remo)-2.5 E .3 +-.15(ve h)-.15 H(old-do).15 E(wn time is e)-.25 E +(xpired, which is 30days at a minimum.)-.15 E<88>72 660.8 Q -.4(Wi)2.5 +2.4 O(ll be the standby k).4 E .3 -.15(ey a)-.1 H(fter the hold-do).15 E +(wn time is e)-.25 E(xpired)-.15 E(Add holdtime)72 675.2 Q/F3 10/Symbol +SF(=)2.5 E F1(max\(30days, TTL of DNSKEY\))2.5 E 0 Cg EP +%%Trailer +end +%%EOF diff --git a/contrib/zkt-1.1.2/doc/draft-gudmundsson-life-of-dnskey-00.txt b/contrib/zkt-1.1.2/doc/draft-gudmundsson-life-of-dnskey-00.txt new file mode 100644 index 0000000000..18cda6c742 --- /dev/null +++ b/contrib/zkt-1.1.2/doc/draft-gudmundsson-life-of-dnskey-00.txt @@ -0,0 +1,616 @@ + + + +Intended Status: Informational O. Gudmundsson +Network Working Group OGUD Consulting LLC +Internet-Draft J. Ihren +Expires: August 21, 2008 AAB + February 18, 2008 + + + Names of States in the life of a DNSKEY + draft-gudmundsson-life-of-dnskey-00 + +Status of this Memo + + By submitting this Internet-Draft, each author represents that any + applicable patent or other IPR claims of which he or she is aware + have been or will be disclosed, and any of which he or she becomes + aware will be disclosed, in accordance with Section 6 of BCP 79. + + Internet-Drafts are working documents of the Internet Engineering + Task Force (IETF), its areas, and its working groups. Note that + other groups may also distribute working documents as Internet- + Drafts. + + Internet-Drafts are draft documents valid for a maximum of six months + and may be updated, replaced, or obsoleted by other documents at any + time. It is inappropriate to use Internet-Drafts as reference + material or to cite them other than as "work in progress." + + The list of current Internet-Drafts can be accessed at + http://www.ietf.org/ietf/1id-abstracts.txt. + + The list of Internet-Draft Shadow Directories can be accessed at + http://www.ietf.org/shadow.html. + + This Internet-Draft will expire on August 21, 2008. + +Copyright Notice + + Copyright (C) The IETF Trust (2008). + + + + + + + + + + + + + +Gudmundsson & Ihren Expires August 21, 2008 [Page 1] + +Internet-Draft DNSSEC Key life stages. February 2008 + + +Abstract + + This document recommends a specific terminology to use when + expressing the state that a DNSKEY is in at particular time. This + does not affect how the protocol operates in any way. + + +Table of Contents + + 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 + 2. DNSKEY timeline . . . . . . . . . . . . . . . . . . . . . . . 4 + 3. Life stages of a DNSKEY . . . . . . . . . . . . . . . . . . . 5 + 3.1. Generated . . . . . . . . . . . . . . . . . . . . . . . . 5 + 3.2. Published . . . . . . . . . . . . . . . . . . . . . . . . 5 + 3.2.1. Pre-Publication . . . . . . . . . . . . . . . . . . . 5 + 3.2.2. Out-Of-Band Publication . . . . . . . . . . . . . . . 5 + 3.3. Active . . . . . . . . . . . . . . . . . . . . . . . . . . 5 + 3.4. Retired . . . . . . . . . . . . . . . . . . . . . . . . . 5 + 3.5. Removed . . . . . . . . . . . . . . . . . . . . . . . . . 6 + 3.5.1. Lame . . . . . . . . . . . . . . . . . . . . . . . . . 6 + 3.5.2. Stale . . . . . . . . . . . . . . . . . . . . . . . . 6 + 3.6. Revoked . . . . . . . . . . . . . . . . . . . . . . . . . 6 + 4. Security considerations . . . . . . . . . . . . . . . . . . . 7 + 5. IANA considerations . . . . . . . . . . . . . . . . . . . . . 8 + 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9 + 6.1. Normative References . . . . . . . . . . . . . . . . . . . 9 + 6.2. Informative References . . . . . . . . . . . . . . . . . . 9 + Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 10 + Intellectual Property and Copyright Statements . . . . . . . . . . 11 + + + + + + + + + + + + + + + + + + + + + + +Gudmundsson & Ihren Expires August 21, 2008 [Page 2] + +Internet-Draft DNSSEC Key life stages. February 2008 + + +1. Introduction + + When the editors of this document where comparing their DNSSEC key + management projects they discovered that they where discussing + roughly the same thing but using different terminology. + + This document presents a unified terminology to use when describing + the current state of a DNSKEY. + + The DNSSEC standards documents ([1], [2] and [3]) do not address the + required states for the key management of a DNSSEC key. The DNSSEC + Operational Practices [4] document does propose that keys be + published before use but uses inconsistent or confusing terms. This + document assumes basic understanding of DNSSEC and key management. + + The terms proposed in this document attempt to avoid any confusion + and make the states of keys to be as clear as possible. The terms + used in this document are intended as a operational supplement to the + terms defined in Section 2 of [1]. + + To large extent this discussion is motivated by Trust anchor keys but + the same terminology can be used for zone signing keys. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Gudmundsson & Ihren Expires August 21, 2008 [Page 3] + +Internet-Draft DNSSEC Key life stages. February 2008 + + +2. DNSKEY timeline + + The model in this document is that keys progress through a state + machine along a one-way path, keys never move to an earlier states. + + + + GENERATED----------> PUBLISHED ---> ACTIVE ---> RETIRED --> REMOVED + | ^ | | | ^ + | | | | v | + +--> Pre-PUBLISHED--+ +--------+---------> REVOKED ---+ + + + DNSKEY time line. + + There are few more states that are defined below but these apply only + to the publisher of TA's and the consumer of TA's. Two of these are + sub-sets of the Published state, the other two are error states. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Gudmundsson & Ihren Expires August 21, 2008 [Page 4] + +Internet-Draft DNSSEC Key life stages. February 2008 + + +3. Life stages of a DNSKEY + +3.1. Generated + + Once a key is generated it enters state Generated and stays there + until the next state. While in this state only the owner of the key + is aware of its existence and can prepare for its future use. + +3.2. Published + + Once the key is added to the DNSKEY set of a zone the key is there + for the world to see, or published. The key needs to remain in this + state for some time to propagate to all validators that have cached + the prior version of the DNSKEY set. In the case of KSK the key + should remain in this state for a longer time as documented in DNSSEC + Timers RFC [5]. + +3.2.1. Pre-Publication + + In certain circumstances a zone owner may want to give out a new + Trust Anchor before exposing the actual public key. In this case the + zone can publish a DS record of the key. This allows others to + configure the trust anchor but will not be able to use the key until + the key is published in the DNSKEY RRset. + +3.2.2. Out-Of-Band Publication + + In certain circumstances a domain may want to give out a new Trust + Anchor outside DNS to give others a long lead time to configure the + new key as trust anchor. The reason people may want to do this is to + keep the size of the DNSKEY set smaller and only add new trust anchor + just before the key goes into use. One likely use for this is the + DNS "." root key as it does not have a parent that can publish a DS + record for it. The publication mechanism does not matter it can be + any one of web-site, advertisement in Financial Times and other + international publication, e-mail to DNS related mailing lists, etc.. + +3.3. Active + + The key is in ACTIVE state while it is actively signing data in the + zone it resides in. It is one of the the keys that are signing the + zone or parts of the zone. + +3.4. Retired + + When the key is no longer used for signing the zone it enters state + Retired. In this state there may still be signatures by the key in + cached data from the zone available at recursive servers, but the + + + +Gudmundsson & Ihren Expires August 21, 2008 [Page 5] + +Internet-Draft DNSSEC Key life stages. February 2008 + + + authoritative servers for the zone do no longer carry any signatures + generated by the key. + +3.5. Removed + + Once the key is removed from the DNSKEY RRset it enters the state + Removed. At this point all signatures by the key that may still be + temporarily valid will fail to verify once the validator refreshes + the DNSKEY RRset in its memory. + + Therefore "removal" of a key is typically not done until all the + cached signatures have expired. Entering this state too early may + cause number of validators to end up with STALE Trust Anchors. + +3.5.1. Lame + + A Trust Anchor is Lame if the parent continues to publish DS pointing + to the key after it has been removed from the DNSKEY RRset. A Trust + Anchor is arguably Lame if there are no signatures by a Retired KSK + in the zone. + +3.5.2. Stale + + A Stale Trust Anchor is an old TA that remains in a validators list + of active key(s) after the key has been removed from the zone's + DNSKEY RRset. + +3.6. Revoked + + There are times when a zone wants to signal that a particular key + should not be used at all. The mechanism to do this is to set the + REVOKE bit [5]. Any key in any of the while the key is the DNSSKEY + set can be exited to Revoked state. After some time in the Revoke + state the key will be Removed. + + + + + + + + + + + + + + + + + +Gudmundsson & Ihren Expires August 21, 2008 [Page 6] + +Internet-Draft DNSSEC Key life stages. February 2008 + + +4. Security considerations + + TBD + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Gudmundsson & Ihren Expires August 21, 2008 [Page 7] + +Internet-Draft DNSSEC Key life stages. February 2008 + + +5. IANA considerations + + This document does not have any IANA actions. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Gudmundsson & Ihren Expires August 21, 2008 [Page 8] + +Internet-Draft DNSSEC Key life stages. February 2008 + + +6. References + +6.1. Normative References + +6.2. Informative References + + [1] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, + "DNS Security Introduction and Requirements", RFC 4033, + March 2005. + + [2] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, + "Resource Records for the DNS Security Extensions", RFC 4034, + March 2005. + + [3] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, + "Protocol Modifications for the DNS Security Extensions", + RFC 4035, March 2005. + + [4] Kolkman, O. and R. Gieben, "DNSSEC Operational Practices", + RFC 4641, September 2006. + + [5] StJohns, M., "Automated Updates of DNS Security (DNSSEC) Trust + Anchors", RFC 5011, September 2007. + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Gudmundsson & Ihren Expires August 21, 2008 [Page 9] + +Internet-Draft DNSSEC Key life stages. February 2008 + + +Authors' Addresses + + Olafur Gudmundsson + OGUD Consulting LLC + 3821 Village Park Drive + Chevy Chase, MD 20815 + USA + + Email: ogud@ogud.com + + + Johan Ihren + Automatica, AB + Bellmansgatan 30 + Stockholm, SE-118 47 + Sweden + + Email: johani@automatica.se + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Gudmundsson & Ihren Expires August 21, 2008 [Page 10] + +Internet-Draft DNSSEC Key life stages. February 2008 + + +Full Copyright Statement + + Copyright (C) The IETF Trust (2008). + + This document is subject to the rights, licenses and restrictions + contained in BCP 78, and except as set forth therein, the authors + retain all their rights. + + This document and the information contained herein are provided on an + "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS + OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND + THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS + OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF + THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED + WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + + +Intellectual Property + + The IETF takes no position regarding the validity or scope of any + Intellectual Property Rights or other rights that might be claimed to + pertain to the implementation or use of the technology described in + this document or the extent to which any license under such rights + might or might not be available; nor does it represent that it has + made any independent effort to identify any such rights. Information + on the procedures with respect to rights in RFC documents can be + found in BCP 78 and BCP 79. + + Copies of IPR disclosures made to the IETF Secretariat and any + assurances of licenses to be made available, or the result of an + attempt made to obtain a general license or permission for the use of + such proprietary rights by implementers or users of this + specification can be obtained from the IETF on-line IPR repository at + http://www.ietf.org/ipr. + + The IETF invites any interested party to bring to its attention any + copyrights, patents or patent applications, or other proprietary + rights that may cover technology that may be required to implement + this standard. Please address the information to the IETF at + ietf-ipr@ietf.org. + + +Acknowledgment + + Funding for the RFC Editor function is provided by the IETF + Administrative Support Activity (IASA). + + + + + +Gudmundsson & Ihren Expires August 21, 2008 [Page 11] + diff --git a/contrib/zkt-1.1.2/doc/draft-ietf-dnsop-rfc4641bis-01.txt b/contrib/zkt-1.1.2/doc/draft-ietf-dnsop-rfc4641bis-01.txt new file mode 100644 index 0000000000..f7d83e9d16 --- /dev/null +++ b/contrib/zkt-1.1.2/doc/draft-ietf-dnsop-rfc4641bis-01.txt @@ -0,0 +1,2128 @@ + + + +DNSOP O. Kolkman +Internet-Draft NLnet Labs +Obsoletes: 2541 (if approved) R. Gieben +Intended status: BCP +Expires: September 8, 2009 March 7, 2009 + + + DNSSEC Operational Practices, Version 2 + draft-ietf-dnsop-rfc4641bis-01 + +Status of This Memo + + This Internet-Draft is submitted to IETF in full conformance with the + provisions of BCP 78 and BCP 79. This document may contain material + from IETF Documents or IETF Contributions published or made publicly + available before November 10, 2008. The person(s) controlling the + copyright in some of this material may not have granted the IETF + Trust the right to allow modifications of such material outside the + IETF Standards Process. Without obtaining an adequate license from + the person(s) controlling the copyright in such materials, this + document may not be modified outside the IETF Standards Process, and + derivative works of it may not be created outside the IETF Standards + Process, except to format it for publication as an RFC or to + translate it into languages other than English. + + Internet-Drafts are working documents of the Internet Engineering + Task Force (IETF), its areas, and its working groups. Note that + other groups may also distribute working documents as Internet- + Drafts. + + Internet-Drafts are draft documents valid for a maximum of six months + and may be updated, replaced, or obsoleted by other documents at any + time. It is inappropriate to use Internet-Drafts as reference + material or to cite them other than as "work in progress." + + The list of current Internet-Drafts can be accessed at + http://www.ietf.org/ietf/1id-abstracts.txt. + + The list of Internet-Draft Shadow Directories can be accessed at + http://www.ietf.org/shadow.html. + + This Internet-Draft will expire on September 8, 2009. + +Copyright Notice + + Copyright (c) 2009 IETF Trust and the persons identified as the + document authors. All rights reserved. + + + + +Kolkman & Gieben Expires September 8, 2009 [Page 1] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + This document is subject to BCP 78 and the IETF Trust's Legal + Provisions Relating to IETF Documents in effect on the date of + publication of this document (http://trustee.ietf.org/license-info). + Please review these documents carefully, as they describe your rights + and restrictions with respect to this document. + +Abstract + + This document describes a set of practices for operating the DNS with + security extensions (DNSSEC). The target audience is zone + administrators deploying DNSSEC. + + The document discusses operational aspects of using keys and + signatures in the DNS. It discusses issues of key generation, key + storage, signature generation, key rollover, and related policies. + + This document obsoletes RFC 2541, as it covers more operational + ground and gives more up-to-date requirements with respect to key + sizes and the new DNSSEC specification. + +Table of Contents + + 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 + 1.1. The Use of the Term 'key' . . . . . . . . . . . . . . . . 5 + 1.2. Time Definitions . . . . . . . . . . . . . . . . . . . . . 5 + 2. Keeping the Chain of Trust Intact . . . . . . . . . . . . . . 5 + 3. Keys Generation and Storage . . . . . . . . . . . . . . . . . 6 + 3.1. Zone and Key Signing Keys . . . . . . . . . . . . . . . . 6 + 3.1.1. Motivations for the KSK and ZSK Separation . . . . . . 7 + 3.1.2. Differentiation for 'High-Level' Zones . . . . . . . . 9 + 3.2. Key Generation . . . . . . . . . . . . . . . . . . . . . . 9 + 3.3. Key Effectivity Period . . . . . . . . . . . . . . . . . . 9 + 3.4. Key Algorithm . . . . . . . . . . . . . . . . . . . . . . 10 + 3.5. Key Sizes . . . . . . . . . . . . . . . . . . . . . . . . 10 + 3.6. Private Key Storage . . . . . . . . . . . . . . . . . . . 11 + 4. Signature Generation, Key Rollover, and Related Policies . . . 12 + 4.1. Time in DNSSEC . . . . . . . . . . . . . . . . . . . . . . 12 + 4.1.1. Time Considerations . . . . . . . . . . . . . . . . . 13 + 4.2. Key Rollovers . . . . . . . . . . . . . . . . . . . . . . 15 + 4.2.1. Zone Signing Key Rollovers . . . . . . . . . . . . . . 15 + 4.2.1.1. Pre-Publish Key Rollover . . . . . . . . . . . . . 15 + 4.2.1.2. Double Signature Zone Signing Key Rollover . . . . 17 + 4.2.1.3. Pros and Cons of the Schemes . . . . . . . . . . . 19 + 4.2.2. Key Signing Key Rollovers . . . . . . . . . . . . . . 19 + 4.2.3. Difference Between ZSK and KSK Rollovers . . . . . . . 21 + 4.2.4. Key algorithm rollover . . . . . . . . . . . . . . . . 22 + 4.2.5. Automated Key Rollovers . . . . . . . . . . . . . . . 23 + 4.3. Planning for Emergency Key Rollover . . . . . . . . . . . 24 + + + +Kolkman & Gieben Expires September 8, 2009 [Page 2] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + 4.3.1. KSK Compromise . . . . . . . . . . . . . . . . . . . . 24 + 4.3.1.1. Keeping the Chain of Trust Intact . . . . . . . . 25 + 4.3.1.2. Breaking the Chain of Trust . . . . . . . . . . . 26 + 4.3.2. ZSK Compromise . . . . . . . . . . . . . . . . . . . . 26 + 4.3.3. Compromises of Keys Anchored in Resolvers . . . . . . 26 + 4.4. Parental Policies . . . . . . . . . . . . . . . . . . . . 27 + 4.4.1. Initial Key Exchanges and Parental Policies + Considerations . . . . . . . . . . . . . . . . . . . . 27 + 4.4.2. Storing Keys or Hashes? . . . . . . . . . . . . . . . 27 + 4.4.3. Security Lameness . . . . . . . . . . . . . . . . . . 28 + 4.4.4. DS Signature Validity Period . . . . . . . . . . . . . 28 + 4.4.5. (Non) Cooperating Registrars . . . . . . . . . . . . . 29 + 5. Security Considerations . . . . . . . . . . . . . . . . . . . 30 + 6. IANA considerations . . . . . . . . . . . . . . . . . . . . . 30 + 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 30 + 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 31 + 8.1. Normative References . . . . . . . . . . . . . . . . . . . 31 + 8.2. Informative References . . . . . . . . . . . . . . . . . . 31 + Appendix A. Terminology . . . . . . . . . . . . . . . . . . . . . 32 + Appendix B. Zone Signing Key Rollover How-To . . . . . . . . . . 34 + Appendix C. Typographic Conventions . . . . . . . . . . . . . . . 34 + Appendix D. Document Editing History . . . . . . . . . . . . . . 37 + D.1. draft-ietf-dnsop-rfc4641-00 . . . . . . . . . . . . . . . 37 + D.2. version 0->1 . . . . . . . . . . . . . . . . . . . . . . . 37 + + + + + + + + + + + + + + + + + + + + + + + + + + + +Kolkman & Gieben Expires September 8, 2009 [Page 3] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + +1. Introduction + + This document describes how to run a DNS Security (DNSSEC)-enabled + environment. It is intended for operators who have knowledge of the + DNS (see RFC 1034 [1] and RFC 1035 [2]) and want to deploy DNSSEC. + See RFC 4033 [3] for an introduction to DNSSEC, RFC 4034 [4] for the + newly introduced Resource Records (RRs), and RFC 4035 [5] for the + protocol changes. + + During workshops and early operational deployment tests, operators + and system administrators have gained experience about operating the + DNS with security extensions (DNSSEC). This document translates + these experiences into a set of practices for zone administrators. + At the time of writing, there exists very little experience with + DNSSEC in production environments; this document should therefore + explicitly not be seen as representing 'Best Current Practices'. + [OK: Is this document ripe enough to shoot for BCP?] + + The procedures herein are focused on the maintenance of signed zones + (i.e., signing and publishing zones on authoritative servers). It is + intended that maintenance of zones such as re-signing or key + rollovers be transparent to any verifying clients on the Internet. + + The structure of this document is as follows. In Section 2, we + discuss the importance of keeping the "chain of trust" intact. + Aspects of key generation and storage of private keys are discussed + in Section 3; the focus in this section is mainly on the private part + of the key(s). Section 4 describes considerations concerning the + public part of the keys. Since these public keys appear in the DNS + one has to take into account all kinds of timing issues, which are + discussed in Section 4.1. Section 4.2 and Section 4.3 deal with the + rollover, or supercession, of keys. Finally, Section 4.4 discusses + considerations on how parents deal with their children's public keys + in order to maintain chains of trust. + + The typographic conventions used in this document are explained in + Appendix C. + + Since this is a document with operational suggestions and there are + no protocol specifications, the RFC 2119 [6] language does not apply. + + This document [OK: when approved] obsoletes RFC 4641 [16]. + + [OK: Editorial comments and questions are indicated by square + brackets and editor innitials] + + + + + + +Kolkman & Gieben Expires September 8, 2009 [Page 4] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + +1.1. The Use of the Term 'key' + + It is assumed that the reader is familiar with the concept of + asymmetric keys on which DNSSEC is based (public key cryptography + RFC4949 [17]). Therefore, this document will use the term 'key' + rather loosely. Where it is written that 'a key is used to sign + data' it is assumed that the reader understands that it is the + private part of the key pair that is used for signing. It is also + assumed that the reader understands that the public part of the key + pair is published in the DNSKEY Resource Record and that it is the + public part that is used in key exchanges. + +1.2. Time Definitions + + In this document, we will be using a number of time-related terms. + The following definitions apply: + + o "Signature validity period" The period that a signature is valid. + It starts at the time specified in the signature inception field + of the RRSIG RR and ends at the time specified in the expiration + field of the RRSIG RR. + + o "Signature publication period" Time after which a signature (made + with a specific key) is replaced with a new signature (made with + the same key). This replacement takes place by publishing the + relevant RRSIG in the master zone file. After one stops + publishing an RRSIG in a zone, it may take a while before the + RRSIG has expired from caches and has actually been removed from + the DNS. + + o "Key effectivity period" The period during which a key pair is + expected to be effective. This period is defined as the time + between the first inception time stamp and the last expiration + date of any signature made with this key, regardless of any + discontinuity in the use of the key. The key effectivity period + can span multiple signature validity periods. + + o "Maximum/Minimum Zone Time to Live (TTL)" The maximum or minimum + value of the TTLs from the complete set of RRs in a zone. Note + that the minimum TTL is not the same as the MINIMUM field in the + SOA RR. See [9] for more information. + +2. Keeping the Chain of Trust Intact + + Maintaining a valid chain of trust is important because broken chains + of trust will result in data being marked as Bogus (as defined in [3] + Section 5), which may cause entire (sub)domains to become invisible + to verifying clients. The administrators of secured zones have to + + + +Kolkman & Gieben Expires September 8, 2009 [Page 5] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + realize that their zone is, to verifying clients, part of a chain of + trust. + + As mentioned in the introduction, the procedures herein are intended + to ensure that maintenance of zones, such as re-signing or key + rollovers, will be transparent to the verifying clients on the + Internet. + + Administrators of secured zones will have to keep in mind that data + published on an authoritative primary server will not be immediately + seen by verifying clients; it may take some time for the data to be + transferred to other secondary authoritative nameservers and clients + may be fetching data from caching non-authoritative servers. In this + light, note that the time for a zone transfer from master to slave is + negligible when using NOTIFY [8] and incremental transfer (IXFR) [7]. + It increases when full zone transfers (AXFR) are used in combination + with NOTIFY. It increases even more if you rely on full zone + transfers based on only the SOA timing parameters for refresh. + + For the verifying clients, it is important that data from secured + zones can be used to build chains of trust regardless of whether the + data came directly from an authoritative server, a caching + nameserver, or some middle box. Only by carefully using the + available timing parameters can a zone administrator ensure that the + data necessary for verification can be obtained. + + The responsibility for maintaining the chain of trust is shared by + administrators of secured zones in the chain of trust. This is most + obvious in the case of a 'key compromise' when a trade-off between + maintaining a valid chain of trust and replacing the compromised keys + as soon as possible must be made. Then zone administrators will have + to make a trade-off, between keeping the chain of trust intact -- + thereby allowing for attacks with the compromised key -- or + deliberately breaking the chain of trust and making secured + subdomains invisible to security-aware resolvers. Also see + Section 4.3. + +3. Keys Generation and Storage + + This section describes a number of considerations with respect to the + security of keys. It deals with the generation, effectivity period, + size, and storage of private keys. + +3.1. Zone and Key Signing Keys + + The DNSSEC validation protocol does not distinguish between different + types of DNSKEYs. All DNSKEYs can be used during the validation. In + practice, operators use Key Signing and Zone Signing Keys and use the + + + +Kolkman & Gieben Expires September 8, 2009 [Page 6] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + so-called Secure Entry Point (SEP) [5] flag to distinguish between + them during operations. The dynamics and considerations are + discussed below. + + To make zone re-signing and key rollover procedures easier to + implement, it is possible to use one or more keys as Key Signing Keys + (KSKs). These keys will only sign the apex DNSKEY RRSet in a zone. + Other keys can be used to sign all the RRSets in a zone and are + referred to as Zone Signing Keys (ZSKs). In this document, we assume + that KSKs are the subset of keys that are used for key exchanges with + the parent and potentially for configuration as trusted anchors -- + the SEP keys. In this document, we assume a one-to-one mapping + between KSK and SEP keys and we assume the SEP flag to be set on all + KSKs. + +3.1.1. Motivations for the KSK and ZSK Separation + + Differentiating between the KSK and ZSK functions has several + advantages: + + o No parent/child interaction is required when ZSKs are updated. + + o [OK: Bullet removed, strawman Paul Hoffman] + + o As the KSK is only used to sign a key set, which is most probably + updated less frequently than other data in the zone, it can be + stored separately from and in a safer location than the ZSK. + + o A KSK can have a longer key effectivity period. + + For almost any method of key management and zone signing, the KSK is + used less frequently than the ZSK. Once a key set is signed with the + KSK, all the keys in the key set can be used as ZSKs. If a ZSK is + compromised, it can be simply dropped from the key set. The new key + set is then re-signed with the KSK. + + Given the assumption that for KSKs the SEP flag is set, the KSK can + be distinguished from a ZSK by examining the flag field in the DNSKEY + RR. If the flag field is an odd number it is a KSK. If it is an + even number it is a ZSK. + + The Zone Signing Key can be used to sign all the data in a zone on a + regular basis. When a Zone Signing Key is to be rolled, no + interaction with the parent is needed. This allows for signature + validity periods on the order of days. + + The Key Signing Key is only to be used to sign the DNSKEY RRs in a + zone. If a Key Signing Key is to be rolled over, there will be + + + +Kolkman & Gieben Expires September 8, 2009 [Page 7] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + interactions with parties other than the zone administrator. If + there is a parent zone, these can include the registry of the parent + zone or administrators of verifying resolvers that have the + particular key configured as secure entry points. If this is a trust + anchor, everyone relying on the trust anchor needs to roll over to + the new key. The latter may be subject to stability costs if + automated trust-anchor rollover mechanisms (such as e.g. RFC5011 + [18]) are not in place. Hence, the key effectivity period of these + keys can and should be made much longer. + + There are two schools of thought on rolling a KSK that is not a trust + anchor [OK: One can never be sure a KSK is _not_ a trust anchor]: + + o It should be done regularly (possibly every few months) so that a + key rollover remains an operational routine. + + o It should only be done when it is known or strongly suspected that + the key has been compromised in order to reduce the stability + issues on systems where the rollover does not happen cleanly. + + There is no widespread agreement on which of these two schools of + thought is better for different deployments of DNSSEC. There is a + stability cost every time a non-anchor KSK is rolled over, but it is + possibly low if the communication between the child and the parent is + good. On the other hand, the only completely effective way to tell + if the communication is good is to test it periodically. Thus, + rolling a KSK with a parent is only done for two reasons: to test and + verify the rolling system to prepare for an emergency, and in the + case of an actual emergency. + + [OK: The paragraph below is a straw-man by Paul Hoffman] Because of + the difficulty of getting all users of a trust anchor to replace an + old trust anchor with a new one, a KSK that is a trust anchor should + never be rolled unless it is known or strongly suspected that the key + has been compromised. + + [OK: This is an alternative straw-man by Olaf Kolkman] The same + operational concerns apply to the rollover of KSKs that are used as + trust-anchors. Since the administrator of a zone can not be certain + that the zone's KSK is in use as a trust-anchor she will have to + assume that a rollover will cause a stability cost for the users that + did configure her key as a trust-anchor. Those costs can be + minimized by automating the rollover RFC5011 [18] and by rolling the + key regularly, and advertising such, so that the operators of + recursive nameservers will put the appropriate mechanism in place to + deal with these stability costs, or, in other words, budget for these + costs instead of incuring them unexpectedly. + + + + +Kolkman & Gieben Expires September 8, 2009 [Page 8] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + +3.1.2. Differentiation for 'High-Level' Zones + + In an earlier version of this document we made a differentiation + between KSKs used for zones that are high in the DNS hierarchy versus + KSKs used for zones low in that hierarchy. We have come to realize + that there are other considerations that argue such differentiation + does not need to be made. + + Longer keys are not useful because the crypto guidance is that + everyone should use keys that no one can break. Also, it is + impossible to judge which zones are more or less valuable to an + attacker. An attack can only be used if the compromise is unnoticed + and the attacker can act as an man-in-the-middle attack (MITM) in an + unnoticed way. If .example is compromised and the attacker forges + answers for somebank.example and sends them out as an MITM, when the + attack is discovered it will be simple to prove that .example has + been compromised and the KSK will be rolled. Defining a long-term + successful attack is difficult for keys at any level. + +3.2. Key Generation + + Careful generation of all keys is a sometimes overlooked but + absolutely essential element in any cryptographically secure system. + The strongest algorithms used with the longest keys are still of no + use if an adversary can guess enough to lower the size of the likely + key space so that it can be exhaustively searched. Technical + suggestions for the generation of random keys will be found in RFC + 4086 [14] and NIST SP 800-900 [20]. One should carefully assess if + the random number generator used during key generation adheres to + these suggestions. + + Keys with a long effectivity period are particularly sensitive as + they will represent a more valuable target and be subject to attack + for a longer time than short-period keys. It is strongly recommended + that long-term key generation occur off-line in a manner isolated + from the network via an air gap or, at a minimum, high-level secure + hardware. + +3.3. Key Effectivity Period + + From a purely operational perspective, a reasonable key effectivity + period for KSKs that have a parent zone is 13 months, with the intent + to replace them after 12 months. An intended key effectivity period + of a month is reasonable for Zone Signing Keys. This annual rollover + gives operational practice to rollovers. + + Ignoring the operational perspective, a reasonable effectivity period + for KSKs that have a parent zone is of the order of 2 decades or + + + +Kolkman & Gieben Expires September 8, 2009 [Page 9] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + longer. That is, if one does not plan to test the rollover + procedure, the key should be effective essentially forever, and then + only rolled over in case of emergency. + + The "operational habit" argument also applies to trust anchor + reconfiguration. If a short key effectivity period is used and the + trust anchor configuration has to be revisited on a regular basis, + the odds that the configuration tends to be forgotten is smaller. + The trade-off is against a system that is so dynamic that + administrators of the validating clients will not be able to follow + the modifications.Note that if a trust anchor replacement is done + incorrectly, the entire zone that the trust anchor covers will become + bogus until the trust anchor is corrected. + + Key effectivity periods can be made very short, as in a few minutes. + But when replacing keys one has to take the considerations from + Section 4.1 and Section 4.2 into account. + +3.4. Key Algorithm + + There are currently two types of signature algorithms that can be + used in DNSSEC: RSA and DSA. Both are fully specified in many + freely-available documents, and both are widely considered to be + patent-free. The creation of signatures wiht RSA and DSA takes + roughly the same time, but DSA is about ten times slower for + signature verification. + + We suggest the use of either RSA/SHA-1 or RSA/SHA-256 as the + preferred signature algorithms. Both have advantages and + disadvantages. RSA/SHA-1 has been deployed for many years, while + RSA/SHA-256 has only begun to be deployed. On the other hand, it is + expected that if effective attacks on either algorithm appeark, they + will appear for RSA/SHA-1 first. RSA/MD5 should not be considered + for use because RSA/MD5 will very likely be the first common-use + signature algorithm to have an effective attack. + + At the time of publication, it is known that the SHA-1 hash has + cryptanalysis issues. There is work in progress on addressing these + issues. We recommend the use of public key algorithms based on + hashes stronger than SHA-1 (e.g., SHA-256), as soon as these + algorithms are available in protocol specifications (see [21] and + [22]) and implementations. + +3.5. Key Sizes + + DNSSEC signing keys should be large enough to avoid all know + cryptographic attacks during the lifetime of the key. To date, + despite huge efforts, no one has broken a regular 1024-bit key; in + + + +Kolkman & Gieben Expires September 8, 2009 [Page 10] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + fact, the best completed attack is estimated to be the equivalent of + a 700-bit key. An attacker breaking a 1024-bit signing key would + need expend phenominal amounts of networked computing power in a way + that would not be detected in order to break a single key. Because + of this, it is estimated that most zones can safely use 1024-bit keys + for at least the next ten years. A 1024-bit asymmetric key has an + approximate equivalent strength of a symmetric 80-bit key. + + Keys that are used as extremely high value trust anchors, or non- + anchor keys that may be difficult to roll over, may want to use + lengths longer than 1024 bits. Typically, the next larger key size + used is 2048 bits, which have the approximate equivalent strength of + a symmetric 112-bit key. In a standard CPU, it takes about four + times as long to sign or verify with a 2048-bit key as it does with a + 1024-bit key. + + Another way to decide on the size of key to use is to remember that + the phenominal effort it takes for an attacker to break a 1024-bit + key is the same regardless of how the key is used. If an attacker + has the capability of breaking a 1024-bit DNSSEC key, he also has the + capability of breaking one of the many 1024-bit TLS trust anchor keys + that are installed with web browsers. If the value of a DNSSEC key + is lower to the attacker than the value of a TLS trust anchor, the + attacker will use the resources to attack the TLS trust anchor. + + It is possible that there is a unexpected improvement in the ability + for attackers to beak keys, and that such an attack would make it + feasible to break 1024-bit keys but not 2048-bit keys. If such an + improvement happens, it is likely that there will be a huge amount of + publicity, particularly because of the large number of 1024-bit TLS + trust anchors build into popular web browsers. At that time, all + 1024-bit keys (both ones with parent zones and ones that are trust + anchors) can be rolled over and replaced with larger keys. + + Earlier documents (including the previous version of this document) + urged the use of longer keys in situations where a particular key was + "heavily used". That advice may have been true 15 years ago, but it + is not true today when using RSA or DSA algorithms and keys of 1024 + bits or higher. + +3.6. Private Key Storage + + It is recommended that, where possible, zone private keys and the + zone file master copy that is to be signed be kept and used in off- + line, non-network-connected, physically secure machines only. + Periodically, an application can be run to add authentication to a + zone by adding RRSIG and NSEC RRs. Then the augmented file can be + transferred. + + + +Kolkman & Gieben Expires September 8, 2009 [Page 11] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + When relying on dynamic update to manage a signed zone [11], be aware + that at least one private key of the zone will have to reside on the + master server. This key is only as secure as the amount of exposure + the server receives to unknown clients and the security of the host. + Although not mandatory, one could administer the DNS in the following + way. The master that processes the dynamic updates is unavailable + from generic hosts on the Internet, it is not listed in the NS RRSet, + although its name appears in the SOA RRs MNAME field. The + nameservers in the NS RRSet are able to receive zone updates through + NOTIFY, IXFR, AXFR, or an out-of-band distribution mechanism. This + approach is known as the "hidden master" setup. + + The ideal situation is to have a one-way information flow to the + network to avoid the possibility of tampering from the network. + Keeping the zone master file on-line on the network and simply + cycling it through an off-line signer does not do this. The on-line + version could still be tampered with if the host it resides on is + compromised. For maximum security, the master copy of the zone file + should be off-net and should not be updated based on an unsecured + network mediated communication. + + In general, keeping a zone file off-line will not be practical and + the machines on which zone files are maintained will be connected to + a network. Operators are advised to take security measures to shield + unauthorized access to the master copy. + + For dynamically updated secured zones [11], both the master copy and + the private key that is used to update signatures on updated RRs will + need to be on-line. + +4. Signature Generation, Key Rollover, and Related Policies + +4.1. Time in DNSSEC + + Without DNSSEC, all times in the DNS are relative. The SOA fields + REFRESH, RETRY, and EXPIRATION are timers used to determine the time + elapsed after a slave server synchronized with a master server. The + Time to Live (TTL) value and the SOA RR minimum TTL parameter [9] are + used to determine how long a forwarder should cache data after it has + been fetched from an authoritative server. By using a signature + validity period, DNSSEC introduces the notion of an absolute time in + the DNS. Signatures in DNSSEC have an expiration date after which + the signature is marked as invalid and the signed data is to be + considered Bogus. + + + + + + + +Kolkman & Gieben Expires September 8, 2009 [Page 12] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + +4.1.1. Time Considerations + + Because of the expiration of signatures, one should consider the + following: + + o We suggest the Maximum Zone TTL of your zone data to be a fraction + of your signature validity period. + + If the TTL would be of similar order as the signature validity + period, then all RRSets fetched during the validity period + would be cached until the signature expiration time. Section + 7.1 of [3] suggests that "the resolver may use the time + remaining before expiration of the signature validity period of + a signed RRSet as an upper bound for the TTL". As a result, + query load on authoritative servers would peak at signature + expiration time, as this is also the time at which records + simultaneously expire from caches. + + To avoid query load peaks, we suggest the TTL on all the RRs in + your zone to be at least a few times smaller than your + signature validity period. + + o We suggest the signature publication period to end at least one + Maximum Zone TTL duration before the end of the signature validity + period. + + Re-signing a zone shortly before the end of the signature + validity period may cause simultaneous expiration of data from + caches. This in turn may lead to peaks in the load on + authoritative servers. + + o We suggest the Minimum Zone TTL to be long enough to both fetch + and verify all the RRs in the trust chain. In workshop + environments, it has been demonstrated [19] that a low TTL (under + 5 to 10 minutes) caused disruptions because of the following two + problems: + + 1. During validation, some data may expire before the + validation is complete. The validator should be able to keep + all data until it is completed. This applies to all RRs needed + to complete the chain of trust: DSes, DNSKEYs, RRSIGs, and the + final answers, i.e., the RRSet that is returned for the initial + query. + + 2. Frequent verification causes load on recursive nameservers. + Data at delegation points, DSes, DNSKEYs, and RRSIGs benefit + from caching. The TTL on those should be relatively long. + + + + +Kolkman & Gieben Expires September 8, 2009 [Page 13] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + o Slave servers will need to be able to fetch newly signed zones + well before the RRSIGs in the zone served by the slave server pass + their signature expiration time. + + When a slave server is out of sync with its master and data in + a zone is signed by expired signatures, it may be better for + the slave server not to give out any answer. + + Normally, a slave server that is not able to contact a master + server for an extended period will expire a zone. When that + happens, the server will respond differently to queries for + that zone. Some servers issue SERVFAIL, whereas others turn + off the 'AA' bit in the answers. The time of expiration is set + in the SOA record and is relative to the last successful + refresh between the master and the slave servers. There exists + no coupling between the signature expiration of RRSIGs in the + zone and the expire parameter in the SOA. + + If the server serves a DNSSEC zone, then it may well happen + that the signatures expire well before the SOA expiration timer + counts down to zero. It is not possible to completely prevent + this from happening by tweaking the SOA parameters. + + However, the effects can be minimized where the SOA expiration + time is equal to or shorter than the signature validity period. + + The consequence of an authoritative server not being able to + update a zone, whilst that zone includes expired signatures, is + that non-secure resolvers will continue to be able to resolve + data served by the particular slave servers while security- + aware resolvers will experience problems because of answers + being marked as Bogus. + + We suggest the SOA expiration timer being approximately one + third or one fourth of the signature validity period. It will + allow problems with transfers from the master server to be + noticed before the actual signature times out. + + We also suggest that operators of nameservers that supply + secondary services develop 'watch dogs' to spot upcoming + signature expirations in zones they slave, and take appropriate + action. + + When determining the value for the expiration parameter one has + to take the following into account: What are the chances that + all my secondaries expire the zone? How quickly can I reach an + administrator of secondary servers to load a valid zone? These + questions are not DNSSEC specific but may influence the choice + + + +Kolkman & Gieben Expires September 8, 2009 [Page 14] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + of your signature validity intervals. + +4.2. Key Rollovers + + Regardless of whether a zone uses periodic key rollovers in order to + practice for emergencies, or only rolls over keys in an emergency, + key rollovers are a fact of life when using DNSSEC. Zone + administrators who are in the process of rolling their keys have to + take into account that data published in previous versions of their + zone still lives in caches. When deploying DNSSEC, this becomes an + important consideration; ignoring data that may be in caches may lead + to loss of service for clients. + + The most pressing example of this occurs when zone material signed + with an old key is being validated by a resolver that does not have + the old zone key cached. If the old key is no longer present in the + current zone, this validation fails, marking the data "Bogus". + Alternatively, an attempt could be made to validate data that is + signed with a new key against an old key that lives in a local cache, + also resulting in data being marked "Bogus". + +4.2.1. Zone Signing Key Rollovers + + For "Zone Signing Key rollovers", there are two ways to make sure + that during the rollover data still cached can be verified with the + new key sets or newly generated signatures can be verified with the + keys still in caches. One schema, described in Section 4.2.1.2, uses + double signatures; the other uses key pre-publication + (Section 4.2.1.1). The pros, cons, and recommendations are described + in Section 4.2.1.3. + +4.2.1.1. Pre-Publish Key Rollover + + This section shows how to perform a ZSK rollover without the need to + sign all the data in a zone twice -- the "pre-publish key rollover". + This method has advantages in the case of a key compromise. If the + old key is compromised, the new key has already been distributed in + the DNS. The zone administrator is then able to quickly switch to + the new key and remove the compromised key from the zone. Another + major advantage is that the zone size does not double, as is the case + with the double signature ZSK rollover. A small "how-to" for this + kind of rollover can be found in Appendix B. + + + + + + + + + +Kolkman & Gieben Expires September 8, 2009 [Page 15] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + Pre-publish key rollover involves four stages as follows: + + ---------------------------------------------------------------- + initial new DNSKEY new RRSIGs DNSKEY removal + ---------------------------------------------------------------- + SOA0 SOA1 SOA2 SOA3 + RRSIG10(SOA0) RRSIG10(SOA1) RRSIG11(SOA2) RRSIG11(SOA3) + + DNSKEY1 DNSKEY1 DNSKEY1 DNSKEY1 + DNSKEY10 DNSKEY10 DNSKEY10 DNSKEY11 + DNSKEY11 DNSKEY11 + RRSIG1 (DNSKEY) RRSIG1 (DNSKEY) RRSIG1(DNSKEY) RRSIG1 (DNSKEY) + RRSIG10(DNSKEY) RRSIG10(DNSKEY) RRSIG11(DNSKEY) RRSIG11(DNSKEY) + ---------------------------------------------------------------- + + Pre-Publish Key Rollover + + initial: Initial version of the zone: DNSKEY 1 is the Key Signing + Key. DNSKEY 10 is used to sign all the data of the zone, the Zone + Signing Key. + + new DNSKEY: DNSKEY 11 is introduced into the key set. Note that no + signatures are generated with this key yet, but this does not + secure against brute force attacks on the public key. The minimum + duration of this pre-roll phase is the time it takes for the data + to propagate to the authoritative servers plus TTL value of the + key set. + + new RRSIGs: At the "new RRSIGs" stage (SOA serial 2), DNSKEY 11 is + used to sign the data in the zone exclusively (i.e., all the + signatures from DNSKEY 10 are removed from the zone). DNSKEY 10 + remains published in the key set. This way data that was loaded + into caches from version 1 of the zone can still be verified with + key sets fetched from version 2 of the zone. The minimum time + that the key set including DNSKEY 10 is to be published is the + time that it takes for zone data from the previous version of the + zone to expire from old caches, i.e., the time it takes for this + zone to propagate to all authoritative servers plus the Maximum + Zone TTL value of any of the data in the previous version of the + zone. + + DNSKEY removal: DNSKEY 10 is removed from the zone. The key set, + now only containing DNSKEY 1 and DNSKEY 11, is re-signed with the + DNSKEY 1. + + The above scheme can be simplified by always publishing the "future" + key immediately after the rollover. The scheme would look as follows + (we show two rollovers); the future key is introduced in "new DNSKEY" + + + +Kolkman & Gieben Expires September 8, 2009 [Page 16] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + as DNSKEY 12 and again a newer one, numbered 13, in "new DNSKEY + (II)": + + + initial new RRSIGs new DNSKEY + ----------------------------------------------------------------- + SOA0 SOA1 SOA2 + RRSIG10(SOA0) RRSIG11(SOA1) RRSIG11(SOA2) + + DNSKEY1 DNSKEY1 DNSKEY1 + DNSKEY10 DNSKEY10 DNSKEY11 + DNSKEY11 DNSKEY11 DNSKEY12 + RRSIG1(DNSKEY) RRSIG1 (DNSKEY) RRSIG1(DNSKEY) + RRSIG10(DNSKEY) RRSIG11(DNSKEY) RRSIG11(DNSKEY) + ---------------------------------------------------------------- + + ---------------------------------------------------------------- + new RRSIGs (II) new DNSKEY (II) + ---------------------------------------------------------------- + SOA3 SOA4 + RRSIG12(SOA3) RRSIG12(SOA4) + + DNSKEY1 DNSKEY1 + DNSKEY11 DNSKEY12 + DNSKEY12 DNSKEY13 + RRSIG1(DNSKEY) RRSIG1(DNSKEY) + RRSIG12(DNSKEY) RRSIG12(DNSKEY) + ---------------------------------------------------------------- + + Pre-Publish Key Rollover, Showing Two Rollovers + + Note that the key introduced in the "new DNSKEY" phase is not used + for production yet; the private key can thus be stored in a + physically secure manner and does not need to be 'fetched' every time + a zone needs to be signed. + +4.2.1.2. Double Signature Zone Signing Key Rollover + + This section shows how to perform a ZSK key rollover using the double + zone data signature scheme, aptly named "double signature rollover". + + During the "new DNSKEY" stage the new version of the zone file will + need to propagate to all authoritative servers and the data that + exists in (distant) caches will need to expire, requiring at least + the Maximum Zone TTL. + + + + + + +Kolkman & Gieben Expires September 8, 2009 [Page 17] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + Double signature ZSK rollover involves three stages as follows: + + ---------------------------------------------------------------- + initial new DNSKEY DNSKEY removal + ---------------------------------------------------------------- + SOA0 SOA1 SOA2 + RRSIG10(SOA0) RRSIG10(SOA1) RRSIG11(SOA2) + RRSIG11(SOA1) + DNSKEY1 DNSKEY1 DNSKEY1 + DNSKEY10 DNSKEY10 DNSKEY11 + DNSKEY11 + RRSIG1(DNSKEY) RRSIG1(DNSKEY) RRSIG1(DNSKEY) + RRSIG10(DNSKEY) RRSIG10(DNSKEY) RRSIG11(DNSKEY) + RRSIG11(DNSKEY) + ---------------------------------------------------------------- + + Double Signature Zone Signing Key Rollover + + initial: Initial Version of the zone: DNSKEY 1 is the Key Signing + Key. DNSKEY 10 is used to sign all the data of the zone, the Zone + Signing Key. + + new DNSKEY: At the "New DNSKEY" stage (SOA serial 1) DNSKEY 11 is + introduced into the key set and all the data in the zone is signed + with DNSKEY 10 and DNSKEY 11. The rollover period will need to + continue until all data from version 0 of the zone has expired + from remote caches. This will take at least the Maximum Zone TTL + of version 0 of the zone. + + DNSKEY removal: DNSKEY 10 is removed from the zone. All the + signatures from DNSKEY 10 are removed from the zone. The key set, + now only containing DNSKEY 11, is re-signed with DNSKEY 1. + + At every instance, RRSIGs from the previous version of the zone can + be verified with the DNSKEY RRSet from the current version and the + other way around. The data from the current version can be verified + with the data from the previous version of the zone. The duration of + the "new DNSKEY" phase and the period between rollovers should be at + least the Maximum Zone TTL. + + Making sure that the "new DNSKEY" phase lasts until the signature + expiration time of the data in the initial version of the zone is + recommended. This way all caches are cleared of the old signatures. + However, this duration could be considerably longer than the Maximum + Zone TTL, making the rollover a lengthy procedure. + + Note that in this example we assumed that the zone was not modified + during the rollover. New data can be introduced in the zone as long + + + +Kolkman & Gieben Expires September 8, 2009 [Page 18] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + as it is signed with both keys. + +4.2.1.3. Pros and Cons of the Schemes + + Pre-publish key rollover: This rollover does not involve signing the + zone data twice. Instead, before the actual rollover, the new key + is published in the key set and thus is available for + cryptanalysis attacks. A small disadvantage is that this process + requires four steps. Also the pre-publish scheme involves more + parental work when used for KSK rollovers as explained in + Section 4.2.3. + + Double signature ZSK rollover: The drawback of this signing scheme + is that during the rollover the number of signatures in your zone + doubles; this may be prohibitive if you have very big zones. An + advantage is that it only requires three steps. + +4.2.2. Key Signing Key Rollovers + + For the rollover of a Key Signing Key, the same considerations as for + the rollover of a Zone Signing Key apply. However, we can use a + double signature scheme to guarantee that old data (only the apex key + set) in caches can be verified with a new key set and vice versa. + Since only the key set is signed with a KSK, zone size considerations + do not apply. + + + + + + + + + + + + + + + + + + + + + + + + + + +Kolkman & Gieben Expires September 8, 2009 [Page 19] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + -------------------------------------------------------------------- + initial new DNSKEY DS change DNSKEY removal + -------------------------------------------------------------------- + Parent: + SOA0 --------> SOA1 --------> + RRSIGpar(SOA0) --------> RRSIGpar(SOA1) --------> + DS1 --------> DS2 --------> + RRSIGpar(DS) --------> RRSIGpar(DS) --------> + + + Child: + SOA0 SOA1 --------> SOA2 + RRSIG10(SOA0) RRSIG10(SOA1) --------> RRSIG10(SOA2) + --------> + DNSKEY1 DNSKEY1 --------> DNSKEY2 + DNSKEY2 --------> + DNSKEY10 DNSKEY10 --------> DNSKEY10 + RRSIG1 (DNSKEY) RRSIG1 (DNSKEY) --------> RRSIG2 (DNSKEY) + RRSIG2 (DNSKEY) --------> + RRSIG10(DNSKEY) RRSIG10(DNSKEY) --------> RRSIG10(DNSKEY) + -------------------------------------------------------------------- + + Stages of Deployment for a Double Signature Key Signing Key Rollover + + initial: Initial version of the zone. The parental DS points to + DNSKEY1. Before the rollover starts, the child will have to + verify what the TTL is of the DS RR that points to DNSKEY1 -- it + is needed during the rollover and we refer to the value as TTL_DS. + + new DNSKEY: During the "new DNSKEY" phase, the zone administrator + generates a second KSK, DNSKEY2. The key is provided to the + parent, and the child will have to wait until a new DS RR has been + generated that points to DNSKEY2. After that DS RR has been + published on all servers authoritative for the parent's zone, the + zone administrator has to wait at least TTL_DS to make sure that + the old DS RR has expired from caches. + + DS change: The parent replaces DS1 with DS2. + + DNSKEY removal: DNSKEY1 has been removed. + + The scenario above puts the responsibility for maintaining a valid + chain of trust with the child. It also is based on the premise that + the parent only has one DS RR (per algorithm) per zone. An + alternative mechanism has been considered. Using an established + trust relation, the interaction can be performed in-band, and the + removal of the keys by the child can possibly be signaled by the + parent. In this mechanism, there are periods where there are two DS + + + +Kolkman & Gieben Expires September 8, 2009 [Page 20] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + RRs at the parent. Since at the moment of writing the protocol for + this interaction has not been developed, further discussion is out of + scope for this document. + +4.2.3. Difference Between ZSK and KSK Rollovers + + Note that KSK rollovers and ZSK rollovers are different in the sense + that a KSK rollover requires interaction with the parent (and + possibly replacing of trust anchors) and the ensuing delay while + waiting for it. + + A zone key rollover can be handled in two different ways: pre-publish + (Section 4.2.1.1) and double signature (Section 4.2.1.2). + + As the KSK is used to validate the key set and because the KSK is not + changed during a ZSK rollover, a cache is able to validate the new + key set of the zone. The pre-publish method would also work for a + KSK rollover. The records that are to be pre-published are the + parental DS RRs. The pre-publish method has some drawbacks for KSKs. + We first describe the rollover scheme and then indicate these + drawbacks. + + + -------------------------------------------------------------------- + initial new DS new DNSKEY DS/DNSKEY removal + -------------------------------------------------------------------- + Parent: + SOA0 SOA1 --------> SOA2 + RRSIGpar(SOA0) RRSIGpar(SOA1) --------> RRSIGpar(SOA2) + DS1 DS1 --------> DS2 + DS2 --------> + RRSIGpar(DS) RRSIGpar(DS) --------> RRSIGpar(DS) + + Child: + SOA0 --------> SOA1 SOA1 + RRSIG10(SOA0) --------> RRSIG10(SOA1) RRSIG10(SOA1) + --------> + DNSKEY1 --------> DNSKEY2 DNSKEY2 + --------> + DNSKEY10 --------> DNSKEY10 DNSKEY10 + RRSIG1 (DNSKEY) --------> RRSIG2(DNSKEY) RRSIG2 (DNSKEY) + RRSIG10(DNSKEY) --------> RRSIG10(DNSKEY) RRSIG10(DNSKEY) + -------------------------------------------------------------------- + + Stages of Deployment for a Pre-Publish Key Signing Key Rollover + + When the child zone wants to roll, it notifies the parent during the + "new DS" phase and submits the new key (or the corresponding DS) to + + + +Kolkman & Gieben Expires September 8, 2009 [Page 21] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + the parent. The parent publishes DS1 and DS2, pointing to DNSKEY1 + and DNSKEY2, respectively. During the rollover ("new DNSKEY" phase), + which can take place as soon as the new DS set propagated through the + DNS, the child replaces DNSKEY1 with DNSKEY2. Immediately after that + ("DS/DNSKEY removal" phase), it can notify the parent that the old DS + record can be deleted. + + The drawbacks of this scheme are that during the "new DS" phase the + parent cannot verify the match between the DS2 RR and DNSKEY2 using + the DNS -- as DNSKEY2 is not yet published. Besides, we introduce a + "security lame" key (see Section 4.4.3). Finally, the child-parent + interaction consists of two steps. The "double signature" method + only needs one interaction. + +4.2.4. Key algorithm rollover + + [OK: The txt of this section is a strawman for the issue in: http:// + www.nlnetlabs.nl/svn/rfc4641bis/trunk/open-issues/Key_algorithm_roll + ] + + A special class of keyrollover is the rollover of key algorithms + (either adding a new algorithm, removing an old algorithm, or both), + additional steps are needed to retain integrity during the rollover. + + Because of the algorithm downgrade protection in RFC4035 section 2.2, + you may not have a key of an algorithm for which you do not have + signatures. + + When adding a new algorithm, the signatures should be added first. + After the TTL has expired, and caches have dropped the old data + covered by those signatures, the DNSKEY with the new algorithm can be + added. When removing an old algorithm, the DNSKEY should be removed + first. + + To do both, the following steps can be used. For simplicity, we use + a zone that is only signed by one zone signing key. + + + + + + + + + + + + + + + +Kolkman & Gieben Expires September 8, 2009 [Page 22] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + ---------------------------------------------------------------- + 1 Initial 2 New RRSIGS 3 New DNSKEY + ---------------------------------------------------------------- + SOA0 SOA1 SOA2 + RRSIG1(SOA0) RRSIG1(SOA1) RRSIG1(SOA2) + RRSIG2(SOA1) RRSIG2(SOA2) + + DNSKEY1 DNSKEY1 DNSKEY1 + RRSIG1(DNSKEY) RRSIG1(DNSKEY) DNSKEY2 + RRSIG2(DNSKEY) RRSIG1(DNSKEY) + RRSIG2(DNSKEY) + ---------------------------------------------------------------- + 4 Remove DNSKEY 5 Remove RRSIGS + ---------------------------------------------------------------- + SOA3 SOA4 + RRSIG1(SOA3) RRSIG2(SOA4) + RRSIG2(SOA3) + + DNSKEY2 DNSKEY2 + RRSIG1(DNSKEY) RRSIG2(DNSKEY) + RRSIG2(DNSKEY) + ---------------------------------------------------------------- + + Stages of Deployment during an Algorithm Rollover. + + In step 2, the signatures for the new key are added, but the key + itself is not. While in theory, the signatures of the keyset should + always be synchronized with the keyset itself, it can be possible + that RRSIGS are requested separately, so it might be prudent to also + sign the DNSKEY set with the new signature. + + After the cache data has expired, the new key can be added to the + zone, as done in step 3. + + The next step is to remove the old algorithm. This time the key + needs to be removed first, before removing the signatures. The key + is removed in step 4, and after the cache data has expired, the + signatures can be removed in step 5. + + The above steps ensure that during the rollover to a new algorithm, + the integrity of the zone is never broken. + +4.2.5. Automated Key Rollovers + + As keys must be renewed periodically, there is some motivation to + automate the rollover process. Consider the following: + + + + + +Kolkman & Gieben Expires September 8, 2009 [Page 23] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + o ZSK rollovers are easy to automate as only the child zone is + involved. + + o A KSK rollover needs interaction between parent and child. Data + exchange is needed to provide the new keys to the parent; + consequently, this data must be authenticated and integrity must + be guaranteed in order to avoid attacks on the rollover. + +4.3. Planning for Emergency Key Rollover + + This section deals with preparation for a possible key compromise. + Our advice is to have a documented procedure ready for when a key + compromise is suspected or confirmed. + + When the private material of one of your keys is compromised it can + be used for as long as a valid trust chain exists. A trust chain + remains intact for + + o as long as a signature over the compromised key in the trust chain + is valid, + + o as long as a parental DS RR (and signature) points to the + compromised key, + + o as long as the key is anchored in a resolver and is used as a + starting point for validation (this is generally the hardest to + update). + + While a trust chain to your compromised key exists, your namespace is + vulnerable to abuse by anyone who has obtained illegitimate + possession of the key. Zone operators have to make a trade-off if + the abuse of the compromised key is worse than having data in caches + that cannot be validated. If the zone operator chooses to break the + trust chain to the compromised key, data in caches signed with this + key cannot be validated. However, if the zone administrator chooses + to take the path of a regular rollover, the malicious key holder can + spoof data so that it appears to be valid. + +4.3.1. KSK Compromise + + A zone containing a DNSKEY RRSet with a compromised KSK is vulnerable + as long as the compromised KSK is configured as trust anchor or a + parental DS points to it. + + A compromised KSK can be used to sign the key set of an attacker's + zone. That zone could be used to poison the DNS. + + Therefore, when the KSK has been compromised, the trust anchor or the + + + +Kolkman & Gieben Expires September 8, 2009 [Page 24] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + parental DS should be replaced as soon as possible. It is local + policy whether to break the trust chain during the emergency + rollover. The trust chain would be broken when the compromised KSK + is removed from the child's zone while the parent still has a DS + pointing to the compromised KSK (the assumption is that there is only + one DS at the parent. If there are multiple DSes this does not apply + -- however the chain of trust of this particular key is broken). + + Note that an attacker's zone still uses the compromised KSK and the + presence of a parental DS would cause the data in this zone to appear + as valid. Removing the compromised key would cause the attacker's + zone to appear as valid and the child's zone as Bogus. Therefore, we + advise not to remove the KSK before the parent has a DS to a new KSK + in place. + +4.3.1.1. Keeping the Chain of Trust Intact + + If we follow this advice, the timing of the replacement of the KSK is + somewhat critical. The goal is to remove the compromised KSK as soon + as the new DS RR is available at the parent. And also make sure that + the signature made with a new KSK over the key set with the + compromised KSK in it expires just after the new DS appears at the + parent, thus removing the old cruft in one swoop. + + The procedure is as follows: + + 1. Introduce a new KSK into the key set, keep the compromised KSK in + the key set. + + 2. Sign the key set, with a short validity period. The validity + period should expire shortly after the DS is expected to appear + in the parent and the old DSes have expired from caches. + + 3. Upload the DS for this new key to the parent. + + 4. Follow the procedure of the regular KSK rollover: Wait for the DS + to appear in the authoritative servers and then wait as long as + the TTL of the old DS RRs. If necessary re-sign the DNSKEY RRSet + and modify/extend the expiration time. + + 5. Remove the compromised DNSKEY RR from the zone and re-sign the + key set using your "normal" validity interval. + + An additional danger of a key compromise is that the compromised key + could be used to facilitate a legitimate DNSKEY/DS rollover and/or + nameserver changes at the parent. When that happens, the domain may + be in dispute. An authenticated out-of-band and secure notify + mechanism to contact a parent is needed in this case. + + + +Kolkman & Gieben Expires September 8, 2009 [Page 25] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + Note that this is only a problem when the DNSKEY and or DS records + are used for authentication at the parent. + +4.3.1.2. Breaking the Chain of Trust + + There are two methods to break the chain of trust. The first method + causes the child zone to appear 'Bogus' to validating resolvers. The + other causes the child zone to appear 'insecure'. These are + described below. + + In the method that causes the child zone to appear 'Bogus' to + validating resolvers, the child zone replaces the current KSK with a + new one and re-signs the key set. Next it sends the DS of the new + key to the parent. Only after the parent has placed the new DS in + the zone is the child's chain of trust repaired. + + An alternative method of breaking the chain of trust is by removing + the DS RRs from the parent zone altogether. As a result, the child + zone would become insecure. + +4.3.2. ZSK Compromise + + Primarily because there is no parental interaction required when a + ZSK is compromised, the situation is less severe than with a KSK + compromise. The zone must still be re-signed with a new ZSK as soon + as possible. As this is a local operation and requires no + communication between the parent and child, this can be achieved + fairly quickly. However, one has to take into account that just as + with a normal rollover the immediate disappearance of the old + compromised key may lead to verification problems. Also note that as + long as the RRSIG over the compromised ZSK is not expired the zone + may be still at risk. + +4.3.3. Compromises of Keys Anchored in Resolvers + + A key can also be pre-configured in resolvers. For instance, if + DNSSEC is successfully deployed the root key may be pre-configured in + most security aware resolvers. + + If trust-anchor keys are compromised, the resolvers using these keys + should be notified of this fact. Zone administrators may consider + setting up a mailing list to communicate the fact that a SEP key is + about to be rolled over. This communication will of course need to + be authenticated, e.g., by using digital signatures. + + End-users faced with the task of updating an anchored key should + always validate the new key. New keys should be authenticated out- + of-band, for example, through the use of an announcement website that + + + +Kolkman & Gieben Expires September 8, 2009 [Page 26] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + is secured using secure sockets (TLS) [23]. + +4.4. Parental Policies + +4.4.1. Initial Key Exchanges and Parental Policies Considerations + + The initial key exchange is always subject to the policies set by the + parent. When designing a key exchange policy one should take into + account that the authentication and authorization mechanisms used + during a key exchange should be as strong as the authentication and + authorization mechanisms used for the exchange of delegation + information between parent and child. That is, there is no implicit + need in DNSSEC to make the authentication process stronger than it + was in DNS. + + Using the DNS itself as the source for the actual DNSKEY material, + with an out-of-band check on the validity of the DNSKEY, has the + benefit that it reduces the chances of user error. A DNSKEY query + tool can make use of the SEP bit [5] to select the proper key from a + DNSSEC key set, thereby reducing the chance that the wrong DNSKEY is + sent. It can validate the self-signature over a key; thereby + verifying the ownership of the private key material. Fetching the + DNSKEY from the DNS ensures that the chain of trust remains intact + once the parent publishes the DS RR indicating the child is secure. + + Note: the out-of-band verification is still needed when the key + material is fetched via the DNS. The parent can never be sure + whether or not the DNSKEY RRs have been spoofed. + +4.4.2. Storing Keys or Hashes? + + When designing a registry system one should consider which of the + DNSKEYs and/or the corresponding DSes to store. Since a child zone + might wish to have a DS published using a message digest algorithm + not yet understood by the registry, the registry can't count on being + able to generate the DS record from a raw DNSKEY. Thus, we recommend + that registry systems at least support storing DS records. + + It may also be useful to store DNSKEYs, since having them may help + during troubleshooting and, as long as the child's chosen message + digest is supported, the overhead of generating DS records from them + is minimal. Having an out-of-band mechanism, such as a registry + directory (e.g., Whois), to find out which keys are used to generate + DS Resource Records for specific owners and/or zones may also help + with troubleshooting. + + The storage considerations also relate to the design of the customer + interface and the method by which data is transferred between + + + +Kolkman & Gieben Expires September 8, 2009 [Page 27] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + registrant and registry; Will the child zone administrator be able to + upload DS RRs with unknown hash algorithms or does the interface only + allow DNSKEYs? In the registry-registrar model, one can use the + DNSSEC extensions to the Extensible Provisioning Protocol (EPP) [15], + which allows transfer of DS RRs and optionally DNSKEY RRs. + +4.4.3. Security Lameness + + Security lameness is defined as what happens when a parent has a DS + RR pointing to a non-existing DNSKEY RR. When this happens, the + child's zone may be marked "Bogus" by verifying DNS clients. + + As part of a comprehensive delegation check, the parent could, at key + exchange time, verify that the child's key is actually configured in + the DNS. However, if a parent does not understand the hashing + algorithm used by child, the parental checks are limited to only + comparing the key id. + + Child zones should be very careful in removing DNSKEY material, + specifically SEP keys, for which a DS RR exists. + + Once a zone is "security lame", a fix (e.g., removing a DS RR) will + take time to propagate through the DNS. + +4.4.4. DS Signature Validity Period + + Since the DS can be replayed as long as it has a valid signature, a + short signature validity period over the DS minimizes the time a + child is vulnerable in the case of a compromise of the child's + KSK(s). A signature validity period that is too short introduces the + possibility that a zone is marked "Bogus" in case of a configuration + error in the signer. There may not be enough time to fix the + problems before signatures expire. Something as mundane as operator + unavailability during weekends shows the need for DS signature + validity periods longer than 2 days. We recommend an absolute + minimum for a DS signature validity period of a few days. + + The maximum signature validity period of the DS record depends on how + long child zones are willing to be vulnerable after a key compromise. + On the other hand, shortening the DS signature validity interval + increases the operational risk for the parent. Therefore, the parent + may have policy to use a signature validity interval that is + considerably longer than the child would hope for. + + A compromise between the operational constraints of the parent and + minimizing damage for the child may result in a DS signature validity + period somewhere between a week and months. + + + + +Kolkman & Gieben Expires September 8, 2009 [Page 28] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + In addition to the signature validity period, which sets a lower + bound on the number of times the zone owner will need to sign the + zone data and which sets an upper bound to the time a child is + vulnerable after key compromise, there is the TTL value on the DS + RRs. Shortening the TTL means that the authoritative servers will + see more queries. But on the other hand, a short TTL lowers the + persistence of DS RRSets in caches thereby increasing the speed with + which updated DS RRSets propagate through the DNS. + +4.4.5. (Non) Cooperating Registrars + + [OK: this is a first strawman, and is intended to start the + discussion of the issue. By no means this is intended to be a final + text.] + + The parent-child relation is often described in terms of a (thin) + registry model. Where a registry maintains the parent zone, and the + registrant (the user of the child-domain name), deals with the + registry through an intermediary called a registrar. (See [12] for a + comprehensive definition). Registrants may out-source the + maintenance of their DNS system, including the maintenance of DNSSEC + key material, to the registrar or to another third party. The entity + that has control over the DNS zone and its keys may prevent the + registrant to make a timely move to a different registrar. [OK: I + use the term registrar below while it is the operator of the DNS zone + who is the actual culprit. For instance, the case also applies when + a registrant passes a zone to another registrant. Should I just use + "DNS Administrator"?] + + Suppose that the registrant wants to move from losing registrar A to + gaining registrar B. Let us first look what would happen in a + cooperative environment. The assumption is that registrar A will not + hand off any private key material to registrar B because that would + be a trivial case. + + In a cooperating environment one could proceed with a pre-publish ZSK + rollover whereby registrar A pre-publishes the ZSK of registrar B, + combined with a double signature KSK rollover where the two + registrars exchange public keys and independently generate a + signature over the keysets that they combine and both publish in the + zone. + + In the non-cooperative case matters are more complicated. The + loosing registrar A may not cooperate and leave the data in the DNS + as is. In the extreme case registrar A may become obstructive and + publish a DNSKEY RR with a high TTL and corresponding signature + validity so that registrar A's DNSKEY, would end up in caches for, in + theory, tens of years. + + + +Kolkman & Gieben Expires September 8, 2009 [Page 29] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + The problem arises when a validator tries to validate with A's key + and there is no signature material produced with Registrars A + available in the delegation path after redelegation from registrar A + to registrar B has taken place. One could imagine a rollover + scenario where registrar B pulls all RRSIGs created by registar A and + publishes those in conjunction with its own signatures, but that + would not allow any changes in the zone content. Since a + redelegation took place the NS RRset has -- per definition-- changed + so such rollover scenario will not work. Besides if zone transfers + are not allowed by A and NSEC3 is deployed in the A's zone then + registrar B will not have certainty that all of A's RRSIGs are + transfered. + + The only viable option for the registrant is to publish its zone + unsigned and ask the registry to remove the DS pointing to registrar + A for as long as the DNSKEY of registrar A, or any of the signatures + produced by registrar A are likely to appear in caches, which as + mentioned above could in theory be for tens of years. [OK: Some + implementations limit the time data is cached. Although that is not + a protocol requirement (and may even be considered a protocol + violation) it seems that that practice may limit the impact of this + problem, is that worth mentioning?] + + [OK: This is really the point that I'm trying to make, is the above + text needed?] There is no operational methodology to work around + this business issue and proper contractual relations ships between + registrants and their registrars seem to be the only solution to cope + with these problems. + +5. Security Considerations + + DNSSEC adds data integrity to the DNS. This document tries to assess + the operational considerations to maintain a stable and secure DNSSEC + service. Not taking into account the 'data propagation' properties + in the DNS will cause validation failures and may make secured zones + unavailable to security-aware resolvers. + +6. IANA considerations + + There are no IANA considerations with respect to this document + +7. Acknowledgments + + Most of the text of this document is copied from RFC4641 [16] people + involved in that work were in random order: Rip Loomis, Olafur + Gudmundsson, Wesley Griffin, Michael Richardson, Scott Rose, Rick van + Rein, Tim McGinnis, Gilles Guette Olivier Courtay, Sam Weiler, Jelte + Jansen, Niall O'Reilly, Holger Zuleger, Ed Lewis, Hilarie Orman, + + + +Kolkman & Gieben Expires September 8, 2009 [Page 30] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + Marcos Sanz, Peter Koch, Mike StJohns, Emmar Bretherick, Adrian + Bedford, and Lindy Foster, G. Guette, and O. Courtay. + + For this version of the document we would like to acknowldge: + + o Paul Hoffman for his contribution on the choice of cryptographic + paramenters and addressing some of the trust anchor issues. + + o Jelte Jansen provided the text in Section 4.2.4 + +8. References + +8.1. Normative References + + [1] Mockapetris, P., "Domain names - concepts and facilities", + STD 13, RFC 1034, November 1987. + + [2] Mockapetris, P., "Domain names - implementation and + specification", STD 13, RFC 1035, November 1987. + + [3] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, + "DNS Security Introduction and Requirements", RFC 4033, + March 2005. + + [4] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, + "Resource Records for the DNS Security Extensions", RFC 4034, + March 2005. + + [5] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, + "Protocol Modifications for the DNS Security Extensions", + RFC 4035, March 2005. + +8.2. Informative References + + [6] Bradner, S., "Key words for use in RFCs to Indicate Requirement + Levels", BCP 14, RFC 2119, March 1997. + + [7] Ohta, M., "Incremental Zone Transfer in DNS", RFC 1995, + August 1996. + + [8] Vixie, P., "A Mechanism for Prompt Notification of Zone Changes + (DNS NOTIFY)", RFC 1996, August 1996. + + [9] Andrews, M., "Negative Caching of DNS Queries (DNS NCACHE)", + RFC 2308, March 1998. + + [10] Eastlake, D., "DNS Security Operational Considerations", + RFC 2541, March 1999. + + + +Kolkman & Gieben Expires September 8, 2009 [Page 31] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + [11] Wellington, B., "Secure Domain Name System (DNS) Dynamic + Update", RFC 3007, November 2000. + + [12] Hollenbeck, S., "Generic Registry-Registrar Protocol + Requirements", RFC 3375, September 2002. + + [13] Orman, H. and P. Hoffman, "Determining Strengths For Public + Keys Used For Exchanging Symmetric Keys", BCP 86, RFC 3766, + April 2004. + + [14] Eastlake, D., Schiller, J., and S. Crocker, "Randomness + Requirements for Security", BCP 106, RFC 4086, June 2005. + + [15] Hollenbeck, S., "Domain Name System (DNS) Security Extensions + Mapping for the Extensible Provisioning Protocol (EPP)", + RFC 4310, December 2005. + + [16] Kolkman, O. and R. Gieben, "DNSSEC Operational Practices", + RFC 4641, September 2006. + + [17] Shirey, R., "Internet Security Glossary, Version 2", RFC 4949, + August 2007. + + [18] StJohns, M., "Automated Updates of DNS Security (DNSSEC) Trust + Anchors", RFC 5011, September 2007. + + [19] Rose, S., "NIST DNSSEC workshop notes", , June 2001. + + [20] Barker, E. and J. Kelsey, "Recommendation for Random Number + Generation Using Deterministic Random Bit Generators + (Revised)", Nist Special Publication 800-90, March 2007. + + [21] Jansen, J., "Use of SHA-2 algorithms with RSA in DNSKEY and + RRSIG Resource Records for DNSSEC", + draft-ietf-dnsext-dnssec-rsasha256-05 (work in progress), + July 2008. + + [22] Hardaker, W., "Use of SHA-256 in DNSSEC Delegation Signer (DS) + Resource Records (RRs)", RFC 4509, May 2006. + + [23] Blake-Wilson, S., Nystrom, M., Hopwood, D., Mikkelsen, J., and + T. Wright, "Transport Layer Security (TLS) Extensions", + RFC 4366, April 2006. + +Appendix A. Terminology + + In this document, there is some jargon used that is defined in other + documents. In most cases, we have not copied the text from the + + + +Kolkman & Gieben Expires September 8, 2009 [Page 32] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + documents defining the terms but have given a more elaborate + explanation of the meaning. Note that these explanations should not + be seen as authoritative. + + Anchored key: A DNSKEY configured in resolvers around the globe. + This key is hard to update, hence the term anchored. + + Bogus: Also see Section 5 of [3]. An RRSet in DNSSEC is marked + "Bogus" when a signature of an RRSet does not validate against a + DNSKEY. + + Key Signing Key or KSK: A Key Signing Key (KSK) is a key that is + used exclusively for signing the apex key set. The fact that a + key is a KSK is only relevant to the signing tool. + + Key size: The term 'key size' can be substituted by 'modulus size' + throughout the document. It is mathematically more correct to use + modulus size, but as this is a document directed at operators we + feel more at ease with the term key size. + + Private and public keys: DNSSEC secures the DNS through the use of + public key cryptography. Public key cryptography is based on the + existence of two (mathematically related) keys, a public key and a + private key. The public keys are published in the DNS by use of + the DNSKEY Resource Record (DNSKEY RR). Private keys should + remain private. + + Key rollover: A key rollover (also called key supercession in some + environments) is the act of replacing one key pair with another at + the end of a key effectivity period. + + Secure Entry Point (SEP) key: A KSK that has a parental DS record + pointing to it or is configured as a trust anchor. Although not + required by the protocol, we recommend that the SEP flag [5] is + set on these keys. + + Self-signature: This only applies to signatures over DNSKEYs; a + signature made with DNSKEY x, over DNSKEY x is called a self- + signature. Note: without further information, self-signatures + convey no trust. They are useful to check the authenticity of the + DNSKEY, i.e., they can be used as a hash. + + Singing the zone file: The term used for the event where an + administrator joyfully signs its zone file while producing melodic + sound patterns. + + + + + + +Kolkman & Gieben Expires September 8, 2009 [Page 33] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + Signer: The system that has access to the private key material and + signs the Resource Record sets in a zone. A signer may be + configured to sign only parts of the zone, e.g., only those RRSets + for which existing signatures are about to expire. + + Zone Signing Key (ZSK): A key that is used for signing all data in a + zone (except, perhaps, the DNSKEY RRSet). The fact that a key is + a ZSK is only relevant to the signing tool. + + Zone administrator: The 'role' that is responsible for signing a + zone and publishing it on the primary authoritative server. + +Appendix B. Zone Signing Key Rollover How-To + + Using the pre-published signature scheme and the most conservative + method to assure oneself that data does not live in caches, here + follows the "how-to". + + Step 0: The preparation: Create two keys and publish both in your + key set. Mark one of the keys "active" and the other "published". + Use the "active" key for signing your zone data. Store the + private part of the "published" key, preferably off-line. The + protocol does not provide for attributes to mark a key as active + or published. This is something you have to do on your own, + through the use of a notebook or key management tool. + + Step 1: Determine expiration: At the beginning of the rollover make + a note of the highest expiration time of signatures in your zone + file created with the current key marked as active. Wait until + the expiration time marked in Step 1 has passed. + + Step 2: Then start using the key that was marked "published" to sign + your data (i.e., mark it "active"). Stop using the key that was + marked "active"; mark it "rolled". + + Step 3: It is safe to engage in a new rollover (Step 1) after at + least one signature validity period. + +Appendix C. Typographic Conventions + + The following typographic conventions are used in this document: + + Key notation: A key is denoted by DNSKEYx, where x is a number or an + identifier, x could be thought of as the key id. + + + + + + + +Kolkman & Gieben Expires September 8, 2009 [Page 34] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + RRSet notations: RRs are only denoted by the type. All other + information -- owner, class, rdata, and TTL -- is left out. Thus: + "example.com 3600 IN A 192.0.2.1" is reduced to "A". RRSets are a + list of RRs. A example of this would be "A1, A2", specifying the + RRSet containing two "A" records. This could again be abbreviated + to just "A". + + Signature notation: Signatures are denoted as RRSIGx(RRSet), which + means that RRSet is signed with DNSKEYx. + + Zone representation: Using the above notation we have simplified the + representation of a signed zone by leaving out all unnecessary + details such as the names and by representing all data by "SOAx" + + SOA representation: SOAs are represented as SOAx, where x is the + serial number. + + Using this notation the following signed zone: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Kolkman & Gieben Expires September 8, 2009 [Page 35] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + example.net. 86400 IN SOA ns.example.net. bert.example.net. ( + 2006022100 ; serial + 86400 ; refresh ( 24 hours) + 7200 ; retry ( 2 hours) + 3600000 ; expire (1000 hours) + 28800 ) ; minimum ( 8 hours) + 86400 RRSIG SOA 5 2 86400 20130522213204 ( + 20130422213204 14 example.net. + cmL62SI6iAX46xGNQAdQ... ) + 86400 NS a.example.net. + 86400 NS b.example.net. + 86400 RRSIG NS 5 2 86400 20130507213204 ( + 20130407213204 14 example.net. + SO5epiJei19AjXoUpFnQ ... ) + 86400 DNSKEY 256 3 5 ( + EtRB9MP5/AvOuVO0I8XDxy0... ) ; id = 14 + 86400 DNSKEY 257 3 5 ( + gsPW/Yy19GzYIY+Gnr8HABU... ) ; id = 15 + 86400 RRSIG DNSKEY 5 2 86400 20130522213204 ( + 20130422213204 14 example.net. + J4zCe8QX4tXVGjV4e1r9... ) + 86400 RRSIG DNSKEY 5 2 86400 20130522213204 ( + 20130422213204 15 example.net. + keVDCOpsSeDReyV6O... ) + 86400 RRSIG NSEC 5 2 86400 20130507213204 ( + 20130407213204 14 example.net. + obj3HEp1GjnmhRjX... ) + a.example.net. 86400 IN TXT "A label" + 86400 RRSIG TXT 5 3 86400 20130507213204 ( + 20130407213204 14 example.net. + IkDMlRdYLmXH7QJnuF3v... ) + 86400 NSEC b.example.com. TXT RRSIG NSEC + 86400 RRSIG NSEC 5 3 86400 20130507213204 ( + 20130407213204 14 example.net. + bZMjoZ3bHjnEz0nIsPMM... ) + ... + + is reduced to the following representation: + + SOA2006022100 + RRSIG14(SOA2006022100) + DNSKEY14 + DNSKEY15 + + RRSIG14(KEY) + RRSIG15(KEY) + + The rest of the zone data has the same signature as the SOA record, + + + +Kolkman & Gieben Expires September 8, 2009 [Page 36] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + i.e., an RRSIG created with DNSKEY 14. + +Appendix D. Document Editing History + + [To be removed prior to publication as an RFC] + +D.1. draft-ietf-dnsop-rfc4641-00 + + Version 0 was differs from RFC4641 in the following ways. + + o Status of this memo appropriate for I-D + + o TOC formatting differs. + + o Whitespaces, linebreaks, and pagebreaks may be slightly different + because of xml2rfc generation. + + o References slightly reordered. + + o Applied the errata from + http://www.rfc-editor.org/errata_search.php?rfc=4641 + + o Inserted trivial "IANA considertations" section. + + In other words it should not contain substantive changes in content + as intended by the workinggroup for the original RFC4641. + +D.2. version 0->1 + + Cryptography details rewritten. (See http://www.nlnetlabs.nl/svn/ + rfc4641bis/trunk/open-issues/cryptography_flawed) + + o Reference to NIST 800-90 added + + o RSA/SHA256 is being recommended in addition to RSA/SHA1. + + o Complete rewrite of Section 3.5 removing the table and suggesting + a keysize of 1024 for keys in use for less than 8 years, issued up + to at least 2015. + + o Replaced the reference to Schneiers' applied cryptograpy with a + reference to RFC4949. + + o Removed the KSK for high level zones consideration + + Applied some differentiation with respect of the use of a KSK for + parent or trust-anchor relation http://www.nlnetlabs.nl/svn/ + rfc4641bis/trunk/open-issues/differentiation_trustanchor_parent + + + +Kolkman & Gieben Expires September 8, 2009 [Page 37] + +Internet-Draft DNSSEC Operational Practices, Version 2 March 2009 + + + http://www.nlnetlabs.nl/svn/rfc4641bis/trunk/open-issues/ + rollover_assumptions + + Added Section 4.2.4 as suggested by Jelte Jansen in http:// + www.nlnetlabs.nl/svn/rfc4641bis/trunk/open-issues/Key_algorithm_roll + + Added Section 4.4.5 Issue identified by Antoin Verschuur http:// + www.nlnetlabs.nl/svn/rfc4641bis/trunk/open-issues/ + non-cooperative-registrars + + In Appendix A: ZSK does not nescessarily sign the DNSKEY RRset. + + $Id: draft-ietf-dnsop-rfc4641bis-01.txt 28 2009-03-06 14:03:57Z olaf $ + +Authors' Addresses + + Olaf M. Kolkman + NLnet Labs + Kruislaan 419 + Amsterdam 1098 VA + The Netherlands + + EMail: olaf@nlnetlabs.nl + URI: http://www.nlnetlabs.nl + + + Miek Gieben + + + EMail: miek@miek.nl + + + + + + + + + + + + + + + + + + + + + +Kolkman & Gieben Expires September 8, 2009 [Page 38] + diff --git a/contrib/zkt-1.1.2/doc/rfc4641.txt b/contrib/zkt-1.1.2/doc/rfc4641.txt new file mode 100644 index 0000000000..0a013bcba5 --- /dev/null +++ b/contrib/zkt-1.1.2/doc/rfc4641.txt @@ -0,0 +1,1963 @@ + + + + + + +Network Working Group O. Kolkman +Request for Comments: 4641 R. Gieben +Obsoletes: 2541 NLnet Labs +Category: Informational September 2006 + + + DNSSEC Operational Practices + +Status of This Memo + + This memo provides information for the Internet community. It does + not specify an Internet standard of any kind. Distribution of this + memo is unlimited. + +Copyright Notice + + Copyright (C) The Internet Society (2006). + +Abstract + + This document describes a set of practices for operating the DNS with + security extensions (DNSSEC). The target audience is zone + administrators deploying DNSSEC. + + The document discusses operational aspects of using keys and + signatures in the DNS. It discusses issues of key generation, key + storage, signature generation, key rollover, and related policies. + + This document obsoletes RFC 2541, as it covers more operational + ground and gives more up-to-date requirements with respect to key + sizes and the new DNSSEC specification. + + + + + + + + + + + + + + + + + + + + +Kolkman & Gieben Informational [Page 1] + +RFC 4641 DNSSEC Operational Practices September 2006 + + +Table of Contents + + 1. Introduction ....................................................3 + 1.1. The Use of the Term 'key' ..................................4 + 1.2. Time Definitions ...........................................4 + 2. Keeping the Chain of Trust Intact ...............................5 + 3. Keys Generation and Storage .....................................6 + 3.1. Zone and Key Signing Keys ..................................6 + 3.1.1. Motivations for the KSK and ZSK Separation ..........6 + 3.1.2. KSKs for High-Level Zones ...........................7 + 3.2. Key Generation .............................................8 + 3.3. Key Effectivity Period .....................................8 + 3.4. Key Algorithm ..............................................9 + 3.5. Key Sizes ..................................................9 + 3.6. Private Key Storage .......................................11 + 4. Signature Generation, Key Rollover, and Related Policies .......12 + 4.1. Time in DNSSEC ............................................12 + 4.1.1. Time Considerations ................................12 + 4.2. Key Rollovers .............................................14 + 4.2.1. Zone Signing Key Rollovers .........................14 + 4.2.1.1. Pre-Publish Key Rollover ..................15 + 4.2.1.2. Double Signature Zone Signing Key + Rollover ..................................17 + 4.2.1.3. Pros and Cons of the Schemes ..............18 + 4.2.2. Key Signing Key Rollovers ..........................18 + 4.2.3. Difference Between ZSK and KSK Rollovers ...........20 + 4.2.4. Automated Key Rollovers ............................21 + 4.3. Planning for Emergency Key Rollover .......................21 + 4.3.1. KSK Compromise .....................................22 + 4.3.1.1. Keeping the Chain of Trust Intact .........22 + 4.3.1.2. Breaking the Chain of Trust ...............23 + 4.3.2. ZSK Compromise .....................................23 + 4.3.3. Compromises of Keys Anchored in Resolvers ..........24 + 4.4. Parental Policies .........................................24 + 4.4.1. Initial Key Exchanges and Parental Policies + Considerations .....................................24 + 4.4.2. Storing Keys or Hashes? ............................25 + 4.4.3. Security Lameness ..................................25 + 4.4.4. DS Signature Validity Period .......................26 + 5. Security Considerations ........................................26 + 6. Acknowledgments ................................................26 + 7. References .....................................................27 + 7.1. Normative References ......................................27 + 7.2. Informative References ....................................28 + Appendix A. Terminology ...........................................30 + Appendix B. Zone Signing Key Rollover How-To ......................31 + Appendix C. Typographic Conventions ...............................32 + + + + +Kolkman & Gieben Informational [Page 2] + +RFC 4641 DNSSEC Operational Practices September 2006 + + +1. Introduction + + This document describes how to run a DNS Security (DNSSEC)-enabled + environment. It is intended for operators who have knowledge of the + DNS (see RFC 1034 [1] and RFC 1035 [2]) and want to deploy DNSSEC. + See RFC 4033 [4] for an introduction to DNSSEC, RFC 4034 [5] for the + newly introduced Resource Records (RRs), and RFC 4035 [6] for the + protocol changes. + + During workshops and early operational deployment tests, operators + and system administrators have gained experience about operating the + DNS with security extensions (DNSSEC). This document translates + these experiences into a set of practices for zone administrators. + At the time of writing, there exists very little experience with + DNSSEC in production environments; this document should therefore + explicitly not be seen as representing 'Best Current Practices'. + + The procedures herein are focused on the maintenance of signed zones + (i.e., signing and publishing zones on authoritative servers). It is + intended that maintenance of zones such as re-signing or key + rollovers be transparent to any verifying clients on the Internet. + + The structure of this document is as follows. In Section 2, we + discuss the importance of keeping the "chain of trust" intact. + Aspects of key generation and storage of private keys are discussed + in Section 3; the focus in this section is mainly on the private part + of the key(s). Section 4 describes considerations concerning the + public part of the keys. Since these public keys appear in the DNS + one has to take into account all kinds of timing issues, which are + discussed in Section 4.1. Section 4.2 and Section 4.3 deal with the + rollover, or supercession, of keys. Finally, Section 4.4 discusses + considerations on how parents deal with their children's public keys + in order to maintain chains of trust. + + The typographic conventions used in this document are explained in + Appendix C. + + Since this is a document with operational suggestions and there are + no protocol specifications, the RFC 2119 [7] language does not apply. + + This document obsoletes RFC 2541 [12] to reflect the evolution of the + underlying DNSSEC protocol since then. Changes in the choice of + cryptographic algorithms, DNS record types and type names, and the + parent-child key and signature exchange demanded a major rewrite and + additional information and explanation. + + + + + + +Kolkman & Gieben Informational [Page 3] + +RFC 4641 DNSSEC Operational Practices September 2006 + + +1.1. The Use of the Term 'key' + + It is assumed that the reader is familiar with the concept of + asymmetric keys on which DNSSEC is based (public key cryptography + [17]). Therefore, this document will use the term 'key' rather + loosely. Where it is written that 'a key is used to sign data' it is + assumed that the reader understands that it is the private part of + the key pair that is used for signing. It is also assumed that the + reader understands that the public part of the key pair is published + in the DNSKEY Resource Record and that it is the public part that is + used in key exchanges. + +1.2. Time Definitions + + In this document, we will be using a number of time-related terms. + The following definitions apply: + + o "Signature validity period" The period that a signature is valid. + It starts at the time specified in the signature inception field + of the RRSIG RR and ends at the time specified in the expiration + field of the RRSIG RR. + + o "Signature publication period" Time after which a signature (made + with a specific key) is replaced with a new signature (made with + the same key). This replacement takes place by publishing the + relevant RRSIG in the master zone file. After one stops + publishing an RRSIG in a zone, it may take a while before the + RRSIG has expired from caches and has actually been removed from + the DNS. + + o "Key effectivity period" The period during which a key pair is + expected to be effective. This period is defined as the time + between the first inception time stamp and the last expiration + date of any signature made with this key, regardless of any + discontinuity in the use of the key. The key effectivity period + can span multiple signature validity periods. + + o "Maximum/Minimum Zone Time to Live (TTL)" The maximum or minimum + value of the TTLs from the complete set of RRs in a zone. Note + that the minimum TTL is not the same as the MINIMUM field in the + SOA RR. See [11] for more information. + + + + + + + + + + +Kolkman & Gieben Informational [Page 4] + +RFC 4641 DNSSEC Operational Practices September 2006 + + +2. Keeping the Chain of Trust Intact + + Maintaining a valid chain of trust is important because broken chains + of trust will result in data being marked as Bogus (as defined in [4] + Section 5), which may cause entire (sub)domains to become invisible + to verifying clients. The administrators of secured zones have to + realize that their zone is, to verifying clients, part of a chain of + trust. + + As mentioned in the introduction, the procedures herein are intended + to ensure that maintenance of zones, such as re-signing or key + rollovers, will be transparent to the verifying clients on the + Internet. + + Administrators of secured zones will have to keep in mind that data + published on an authoritative primary server will not be immediately + seen by verifying clients; it may take some time for the data to be + transferred to other secondary authoritative nameservers and clients + may be fetching data from caching non-authoritative servers. In this + light, note that the time for a zone transfer from master to slave is + negligible when using NOTIFY [9] and incremental transfer (IXFR) [8]. + It increases when full zone transfers (AXFR) are used in combination + with NOTIFY. It increases even more if you rely on full zone + transfers based on only the SOA timing parameters for refresh. + + For the verifying clients, it is important that data from secured + zones can be used to build chains of trust regardless of whether the + data came directly from an authoritative server, a caching + nameserver, or some middle box. Only by carefully using the + available timing parameters can a zone administrator ensure that the + data necessary for verification can be obtained. + + The responsibility for maintaining the chain of trust is shared by + administrators of secured zones in the chain of trust. This is most + obvious in the case of a 'key compromise' when a trade-off between + maintaining a valid chain of trust and replacing the compromised keys + as soon as possible must be made. Then zone administrators will have + to make a trade-off, between keeping the chain of trust intact -- + thereby allowing for attacks with the compromised key -- or + deliberately breaking the chain of trust and making secured + subdomains invisible to security-aware resolvers. Also see Section + 4.3. + + + + + + + + + +Kolkman & Gieben Informational [Page 5] + +RFC 4641 DNSSEC Operational Practices September 2006 + + +3. Keys Generation and Storage + + This section describes a number of considerations with respect to the + security of keys. It deals with the generation, effectivity period, + size, and storage of private keys. + +3.1. Zone and Key Signing Keys + + The DNSSEC validation protocol does not distinguish between different + types of DNSKEYs. All DNSKEYs can be used during the validation. In + practice, operators use Key Signing and Zone Signing Keys and use the + so-called Secure Entry Point (SEP) [3] flag to distinguish between + them during operations. The dynamics and considerations are + discussed below. + + To make zone re-signing and key rollover procedures easier to + implement, it is possible to use one or more keys as Key Signing Keys + (KSKs). These keys will only sign the apex DNSKEY RRSet in a zone. + Other keys can be used to sign all the RRSets in a zone and are + referred to as Zone Signing Keys (ZSKs). In this document, we assume + that KSKs are the subset of keys that are used for key exchanges with + the parent and potentially for configuration as trusted anchors -- + the SEP keys. In this document, we assume a one-to-one mapping + between KSK and SEP keys and we assume the SEP flag to be set on all + KSKs. + +3.1.1. Motivations for the KSK and ZSK Separation + + Differentiating between the KSK and ZSK functions has several + advantages: + + o No parent/child interaction is required when ZSKs are updated. + + o The KSK can be made stronger (i.e., using more bits in the key + material). This has little operational impact since it is only + used to sign a small fraction of the zone data. Also, the KSK is + only used to verify the zone's key set, not for other RRSets in + the zone. + + o As the KSK is only used to sign a key set, which is most probably + updated less frequently than other data in the zone, it can be + stored separately from and in a safer location than the ZSK. + + o A KSK can have a longer key effectivity period. + + For almost any method of key management and zone signing, the KSK is + used less frequently than the ZSK. Once a key set is signed with the + KSK, all the keys in the key set can be used as ZSKs. If a ZSK is + + + +Kolkman & Gieben Informational [Page 6] + +RFC 4641 DNSSEC Operational Practices September 2006 + + + compromised, it can be simply dropped from the key set. The new key + set is then re-signed with the KSK. + + Given the assumption that for KSKs the SEP flag is set, the KSK can + be distinguished from a ZSK by examining the flag field in the DNSKEY + RR. If the flag field is an odd number it is a KSK. If it is an + even number it is a ZSK. + + The Zone Signing Key can be used to sign all the data in a zone on a + regular basis. When a Zone Signing Key is to be rolled, no + interaction with the parent is needed. This allows for signature + validity periods on the order of days. + + The Key Signing Key is only to be used to sign the DNSKEY RRs in a + zone. If a Key Signing Key is to be rolled over, there will be + interactions with parties other than the zone administrator. These + can include the registry of the parent zone or administrators of + verifying resolvers that have the particular key configured as secure + entry points. Hence, the key effectivity period of these keys can + and should be made much longer. Although, given a long enough key, + the key effectivity period can be on the order of years, we suggest + planning for a key effectivity on the order of a few months so that a + key rollover remains an operational routine. + +3.1.2. KSKs for High-Level Zones + + Higher-level zones are generally more sensitive than lower-level + zones. Anyone controlling or breaking the security of a zone thereby + obtains authority over all of its subdomains (except in the case of + resolvers that have locally configured the public key of a subdomain, + in which case this, and only this, subdomain wouldn't be affected by + the compromise of the parent zone). Therefore, extra care should be + taken with high-level zones, and strong keys should be used. + + The root zone is the most critical of all zones. Someone controlling + or compromising the security of the root zone would control the + entire DNS namespace of all resolvers using that root zone (except in + the case of resolvers that have locally configured the public key of + a subdomain). Therefore, the utmost care must be taken in the + securing of the root zone. The strongest and most carefully handled + keys should be used. The root zone private key should always be kept + off-line. + + Many resolvers will start at a root server for their access to and + authentication of DNS data. Securely updating the trust anchors in + an enormous population of resolvers around the world will be + extremely difficult. + + + + +Kolkman & Gieben Informational [Page 7] + +RFC 4641 DNSSEC Operational Practices September 2006 + + +3.2. Key Generation + + Careful generation of all keys is a sometimes overlooked but + absolutely essential element in any cryptographically secure system. + The strongest algorithms used with the longest keys are still of no + use if an adversary can guess enough to lower the size of the likely + key space so that it can be exhaustively searched. Technical + suggestions for the generation of random keys will be found in RFC + 4086 [14]. One should carefully assess if the random number + generator used during key generation adheres to these suggestions. + + Keys with a long effectivity period are particularly sensitive as + they will represent a more valuable target and be subject to attack + for a longer time than short-period keys. It is strongly recommended + that long-term key generation occur off-line in a manner isolated + from the network via an air gap or, at a minimum, high-level secure + hardware. + +3.3. Key Effectivity Period + + For various reasons, keys in DNSSEC need to be changed once in a + while. The longer a key is in use, the greater the probability that + it will have been compromised through carelessness, accident, + espionage, or cryptanalysis. Furthermore, when key rollovers are too + rare an event, they will not become part of the operational habit and + there is risk that nobody on-site will remember the procedure for + rollover when the need is there. + + From a purely operational perspective, a reasonable key effectivity + period for Key Signing Keys is 13 months, with the intent to replace + them after 12 months. An intended key effectivity period of a month + is reasonable for Zone Signing Keys. + + For key sizes that match these effectivity periods, see Section 3.5. + + As argued in Section 3.1.2, securely updating trust anchors will be + extremely difficult. On the other hand, the "operational habit" + argument does also apply to trust anchor reconfiguration. If a short + key effectivity period is used and the trust anchor configuration has + to be revisited on a regular basis, the odds that the configuration + tends to be forgotten is smaller. The trade-off is against a system + that is so dynamic that administrators of the validating clients will + not be able to follow the modifications. + + Key effectivity periods can be made very short, as in a few minutes. + But when replacing keys one has to take the considerations from + Section 4.1 and Section 4.2 into account. + + + + +Kolkman & Gieben Informational [Page 8] + +RFC 4641 DNSSEC Operational Practices September 2006 + + +3.4. Key Algorithm + + There are currently three different types of algorithms that can be + used in DNSSEC: RSA, DSA, and elliptic curve cryptography. The + latter is fairly new and has yet to be standardized for usage in + DNSSEC. + + RSA has been developed in an open and transparent manner. As the + patent on RSA expired in 2000, its use is now also free. + + DSA has been developed by the National Institute of Standards and + Technology (NIST). The creation of signatures takes roughly the same + time as with RSA, but is 10 to 40 times as slow for verification + [17]. + + We suggest the use of RSA/SHA-1 as the preferred algorithm for the + key. The current known attacks on RSA can be defeated by making your + key longer. As the MD5 hashing algorithm is showing cracks, we + recommend the usage of SHA-1. + + At the time of publication, it is known that the SHA-1 hash has + cryptanalysis issues. There is work in progress on addressing these + issues. We recommend the use of public key algorithms based on + hashes stronger than SHA-1 (e.g., SHA-256), as soon as these + algorithms are available in protocol specifications (see [19] and + [20]) and implementations. + +3.5. Key Sizes + + When choosing key sizes, zone administrators will need to take into + account how long a key will be used, how much data will be signed + during the key publication period (see Section 8.10 of [17]), and, + optionally, how large the key size of the parent is. As the chain of + trust really is "a chain", there is not much sense in making one of + the keys in the chain several times larger then the others. As + always, it's the weakest link that defines the strength of the entire + chain. Also see Section 3.1.1 for a discussion of how keys serving + different roles (ZSK vs. KSK) may need different key sizes. + + Generating a key of the correct size is a difficult problem; RFC 3766 + [13] tries to deal with that problem. The first part of the + selection procedure in Section 1 of the RFC states: + + 1. Determine the attack resistance necessary to satisfy the + security requirements of the application. Do this by + estimating the minimum number of computer operations that the + attacker will be forced to do in order to compromise the + + + + +Kolkman & Gieben Informational [Page 9] + +RFC 4641 DNSSEC Operational Practices September 2006 + + + security of the system and then take the logarithm base two of + that number. Call that logarithm value "n". + + A 1996 report recommended 90 bits as a good all-around choice + for system security. The 90 bit number should be increased by + about 2/3 bit/year, or about 96 bits in 2005. + + [13] goes on to explain how this number "n" can be used to calculate + the key sizes in public key cryptography. This culminated in the + table given below (slightly modified for our purpose): + + +-------------+-----------+--------------+ + | System | | | + | requirement | Symmetric | RSA or DSA | + | for attack | key size | modulus size | + | resistance | (bits) | (bits) | + | (bits) | | | + +-------------+-----------+--------------+ + | 70 | 70 | 947 | + | 80 | 80 | 1228 | + | 90 | 90 | 1553 | + | 100 | 100 | 1926 | + | 150 | 150 | 4575 | + | 200 | 200 | 8719 | + | 250 | 250 | 14596 | + +-------------+-----------+--------------+ + + The key sizes given are rather large. This is because these keys are + resilient against a trillionaire attacker. Assuming this rich + attacker will not attack your key and that the key is rolled over + once a year, we come to the following recommendations about KSK + sizes: 1024 bits for low-value domains, 1300 bits for medium-value + domains, and 2048 bits for high-value domains. + + Whether a domain is of low, medium, or high value depends solely on + the views of the zone owner. One could, for instance, view leaf + nodes in the DNS as of low value, and top-level domains (TLDs) or the + root zone of high value. The suggested key sizes should be safe for + the next 5 years. + + As ZSKs can be rolled over more easily (and thus more often), the key + sizes can be made smaller. But as said in the introduction of this + paragraph, making the ZSKs' key sizes too small (in relation to the + KSKs' sizes) doesn't make much sense. Try to limit the difference in + size to about 100 bits. + + + + + + +Kolkman & Gieben Informational [Page 10] + +RFC 4641 DNSSEC Operational Practices September 2006 + + + Note that nobody can see into the future and that these key sizes are + only provided here as a guide. Further information can be found in + [16] and Section 7.5 of [17]. It should be noted though that [16] is + already considered overly optimistic about what key sizes are + considered safe. + + One final note concerning key sizes. Larger keys will increase the + sizes of the RRSIG and DNSKEY records and will therefore increase the + chance of DNS UDP packet overflow. Also, the time it takes to + validate and create RRSIGs increases with larger keys, so don't + needlessly double your key sizes. + +3.6. Private Key Storage + + It is recommended that, where possible, zone private keys and the + zone file master copy that is to be signed be kept and used in off- + line, non-network-connected, physically secure machines only. + Periodically, an application can be run to add authentication to a + zone by adding RRSIG and NSEC RRs. Then the augmented file can be + transferred. + + When relying on dynamic update to manage a signed zone [10], be aware + that at least one private key of the zone will have to reside on the + master server. This key is only as secure as the amount of exposure + the server receives to unknown clients and the security of the host. + Although not mandatory, one could administer the DNS in the following + way. The master that processes the dynamic updates is unavailable + from generic hosts on the Internet, it is not listed in the NS RR + set, although its name appears in the SOA RRs MNAME field. The + nameservers in the NS RRSet are able to receive zone updates through + NOTIFY, IXFR, AXFR, or an out-of-band distribution mechanism. This + approach is known as the "hidden master" setup. + + The ideal situation is to have a one-way information flow to the + network to avoid the possibility of tampering from the network. + Keeping the zone master file on-line on the network and simply + cycling it through an off-line signer does not do this. The on-line + version could still be tampered with if the host it resides on is + compromised. For maximum security, the master copy of the zone file + should be off-net and should not be updated based on an unsecured + network mediated communication. + + In general, keeping a zone file off-line will not be practical and + the machines on which zone files are maintained will be connected to + a network. Operators are advised to take security measures to shield + unauthorized access to the master copy. + + + + + +Kolkman & Gieben Informational [Page 11] + +RFC 4641 DNSSEC Operational Practices September 2006 + + + For dynamically updated secured zones [10], both the master copy and + the private key that is used to update signatures on updated RRs will + need to be on-line. + +4. Signature Generation, Key Rollover, and Related Policies + +4.1. Time in DNSSEC + + Without DNSSEC, all times in the DNS are relative. The SOA fields + REFRESH, RETRY, and EXPIRATION are timers used to determine the time + elapsed after a slave server synchronized with a master server. The + Time to Live (TTL) value and the SOA RR minimum TTL parameter [11] + are used to determine how long a forwarder should cache data after it + has been fetched from an authoritative server. By using a signature + validity period, DNSSEC introduces the notion of an absolute time in + the DNS. Signatures in DNSSEC have an expiration date after which + the signature is marked as invalid and the signed data is to be + considered Bogus. + +4.1.1. Time Considerations + + Because of the expiration of signatures, one should consider the + following: + + o We suggest the Maximum Zone TTL of your zone data to be a fraction + of your signature validity period. + + If the TTL would be of similar order as the signature validity + period, then all RRSets fetched during the validity period + would be cached until the signature expiration time. Section + 7.1 of [4] suggests that "the resolver may use the time + remaining before expiration of the signature validity period of + a signed RRSet as an upper bound for the TTL". As a result, + query load on authoritative servers would peak at signature + expiration time, as this is also the time at which records + simultaneously expire from caches. + + To avoid query load peaks, we suggest the TTL on all the RRs in + your zone to be at least a few times smaller than your + signature validity period. + + o We suggest the signature publication period to end at least one + Maximum Zone TTL duration before the end of the signature validity + period. + + + + + + + +Kolkman & Gieben Informational [Page 12] + +RFC 4641 DNSSEC Operational Practices September 2006 + + + Re-signing a zone shortly before the end of the signature + validity period may cause simultaneous expiration of data from + caches. This in turn may lead to peaks in the load on + authoritative servers. + + o We suggest the Minimum Zone TTL to be long enough to both fetch + and verify all the RRs in the trust chain. In workshop + environments, it has been demonstrated [18] that a low TTL (under + 5 to 10 minutes) caused disruptions because of the following two + problems: + + 1. During validation, some data may expire before the + validation is complete. The validator should be able to + keep all data until it is completed. This applies to all + RRs needed to complete the chain of trust: DSes, DNSKEYs, + RRSIGs, and the final answers, i.e., the RRSet that is + returned for the initial query. + + 2. Frequent verification causes load on recursive nameservers. + Data at delegation points, DSes, DNSKEYs, and RRSIGs + benefit from caching. The TTL on those should be + relatively long. + + o Slave servers will need to be able to fetch newly signed zones + well before the RRSIGs in the zone served by the slave server pass + their signature expiration time. + + When a slave server is out of sync with its master and data in + a zone is signed by expired signatures, it may be better for + the slave server not to give out any answer. + + Normally, a slave server that is not able to contact a master + server for an extended period will expire a zone. When that + happens, the server will respond differently to queries for + that zone. Some servers issue SERVFAIL, whereas others turn + off the 'AA' bit in the answers. The time of expiration is set + in the SOA record and is relative to the last successful + refresh between the master and the slave servers. There exists + no coupling between the signature expiration of RRSIGs in the + zone and the expire parameter in the SOA. + + If the server serves a DNSSEC zone, then it may well happen + that the signatures expire well before the SOA expiration timer + counts down to zero. It is not possible to completely prevent + this from happening by tweaking the SOA parameters. However, + the effects can be minimized where the SOA expiration time is + equal to or shorter than the signature validity period. The + consequence of an authoritative server not being able to update + + + +Kolkman & Gieben Informational [Page 13] + +RFC 4641 DNSSEC Operational Practices September 2006 + + + a zone, whilst that zone includes expired signatures, is that + non-secure resolvers will continue to be able to resolve data + served by the particular slave servers while security-aware + resolvers will experience problems because of answers being + marked as Bogus. + + We suggest the SOA expiration timer being approximately one + third or one fourth of the signature validity period. It will + allow problems with transfers from the master server to be + noticed before the actual signature times out. We also suggest + that operators of nameservers that supply secondary services + develop 'watch dogs' to spot upcoming signature expirations in + zones they slave, and take appropriate action. + + When determining the value for the expiration parameter one has + to take the following into account: What are the chances that + all my secondaries expire the zone? How quickly can I reach an + administrator of secondary servers to load a valid zone? These + questions are not DNSSEC specific but may influence the choice + of your signature validity intervals. + +4.2. Key Rollovers + + A DNSSEC key cannot be used forever (see Section 3.3). So key + rollovers -- or supercessions, as they are sometimes called -- are a + fact of life when using DNSSEC. Zone administrators who are in the + process of rolling their keys have to take into account that data + published in previous versions of their zone still lives in caches. + When deploying DNSSEC, this becomes an important consideration; + ignoring data that may be in caches may lead to loss of service for + clients. + + The most pressing example of this occurs when zone material signed + with an old key is being validated by a resolver that does not have + the old zone key cached. If the old key is no longer present in the + current zone, this validation fails, marking the data "Bogus". + Alternatively, an attempt could be made to validate data that is + signed with a new key against an old key that lives in a local cache, + also resulting in data being marked "Bogus". + +4.2.1. Zone Signing Key Rollovers + + For "Zone Signing Key rollovers", there are two ways to make sure + that during the rollover data still cached can be verified with the + new key sets or newly generated signatures can be verified with the + keys still in caches. One schema, described in Section 4.2.1.2, uses + + + + + +Kolkman & Gieben Informational [Page 14] + +RFC 4641 DNSSEC Operational Practices September 2006 + + + double signatures; the other uses key pre-publication (Section + 4.2.1.1). The pros, cons, and recommendations are described in + Section 4.2.1.3. + +4.2.1.1. Pre-Publish Key Rollover + + This section shows how to perform a ZSK rollover without the need to + sign all the data in a zone twice -- the "pre-publish key rollover". + This method has advantages in the case of a key compromise. If the + old key is compromised, the new key has already been distributed in + the DNS. The zone administrator is then able to quickly switch to + the new key and remove the compromised key from the zone. Another + major advantage is that the zone size does not double, as is the case + with the double signature ZSK rollover. A small "how-to" for this + kind of rollover can be found in Appendix B. + + Pre-publish key rollover involves four stages as follows: + + ---------------------------------------------------------------- + initial new DNSKEY new RRSIGs DNSKEY removal + ---------------------------------------------------------------- + SOA0 SOA1 SOA2 SOA3 + RRSIG10(SOA0) RRSIG10(SOA1) RRSIG11(SOA2) RRSIG11(SOA3) + + DNSKEY1 DNSKEY1 DNSKEY1 DNSKEY1 + DNSKEY10 DNSKEY10 DNSKEY10 DNSKEY11 + DNSKEY11 DNSKEY11 + RRSIG1 (DNSKEY) RRSIG1 (DNSKEY) RRSIG1(DNSKEY) RRSIG1 (DNSKEY) + RRSIG10(DNSKEY) RRSIG10(DNSKEY) RRSIG11(DNSKEY) RRSIG11(DNSKEY) + ---------------------------------------------------------------- + + Pre-Publish Key Rollover + + initial: Initial version of the zone: DNSKEY 1 is the Key Signing + Key. DNSKEY 10 is used to sign all the data of the zone, the Zone + Signing Key. + + new DNSKEY: DNSKEY 11 is introduced into the key set. Note that no + signatures are generated with this key yet, but this does not + secure against brute force attacks on the public key. The minimum + duration of this pre-roll phase is the time it takes for the data + to propagate to the authoritative servers plus TTL value of the + key set. + + new RRSIGs: At the "new RRSIGs" stage (SOA serial 2), DNSKEY 11 is + used to sign the data in the zone exclusively (i.e., all the + signatures from DNSKEY 10 are removed from the zone). DNSKEY 10 + remains published in the key set. This way data that was loaded + + + +Kolkman & Gieben Informational [Page 15] + +RFC 4641 DNSSEC Operational Practices September 2006 + + + into caches from version 1 of the zone can still be verified with + key sets fetched from version 2 of the zone. The minimum time + that the key set including DNSKEY 10 is to be published is the + time that it takes for zone data from the previous version of the + zone to expire from old caches, i.e., the time it takes for this + zone to propagate to all authoritative servers plus the Maximum + Zone TTL value of any of the data in the previous version of the + zone. + + DNSKEY removal: DNSKEY 10 is removed from the zone. The key set, now + only containing DNSKEY 1 and DNSKEY 11, is re-signed with the + DNSKEY 1. + + The above scheme can be simplified by always publishing the "future" + key immediately after the rollover. The scheme would look as follows + (we show two rollovers); the future key is introduced in "new DNSKEY" + as DNSKEY 12 and again a newer one, numbered 13, in "new DNSKEY + (II)": + + ---------------------------------------------------------------- + initial new RRSIGs new DNSKEY + ---------------------------------------------------------------- + SOA0 SOA1 SOA2 + RRSIG10(SOA0) RRSIG11(SOA1) RRSIG11(SOA2) + + DNSKEY1 DNSKEY1 DNSKEY1 + DNSKEY10 DNSKEY10 DNSKEY11 + DNSKEY11 DNSKEY11 DNSKEY12 + RRSIG1(DNSKEY) RRSIG1 (DNSKEY) RRSIG1(DNSKEY) + RRSIG10(DNSKEY) RRSIG11(DNSKEY) RRSIG11(DNSKEY) + ---------------------------------------------------------------- + + ---------------------------------------------------------------- + new RRSIGs (II) new DNSKEY (II) + ---------------------------------------------------------------- + SOA3 SOA4 + RRSIG12(SOA3) RRSIG12(SOA4) + + DNSKEY1 DNSKEY1 + DNSKEY11 DNSKEY12 + DNSKEY12 DNSKEY13 + RRSIG1(DNSKEY) RRSIG1(DNSKEY) + RRSIG12(DNSKEY) RRSIG12(DNSKEY) + ---------------------------------------------------------------- + + Pre-Publish Key Rollover, Showing Two Rollovers + + + + + +Kolkman & Gieben Informational [Page 16] + +RFC 4641 DNSSEC Operational Practices September 2006 + + + Note that the key introduced in the "new DNSKEY" phase is not used + for production yet; the private key can thus be stored in a + physically secure manner and does not need to be 'fetched' every time + a zone needs to be signed. + +4.2.1.2. Double Signature Zone Signing Key Rollover + + This section shows how to perform a ZSK key rollover using the double + zone data signature scheme, aptly named "double signature rollover". + + During the "new DNSKEY" stage the new version of the zone file will + need to propagate to all authoritative servers and the data that + exists in (distant) caches will need to expire, requiring at least + the Maximum Zone TTL. + + Double signature ZSK rollover involves three stages as follows: + + ---------------------------------------------------------------- + initial new DNSKEY DNSKEY removal + ---------------------------------------------------------------- + SOA0 SOA1 SOA2 + RRSIG10(SOA0) RRSIG10(SOA1) RRSIG11(SOA2) + RRSIG11(SOA1) + + DNSKEY1 DNSKEY1 DNSKEY1 + DNSKEY10 DNSKEY10 DNSKEY11 + DNSKEY11 + RRSIG1(DNSKEY) RRSIG1(DNSKEY) RRSIG1(DNSKEY) + RRSIG10(DNSKEY) RRSIG10(DNSKEY) RRSIG11(DNSKEY) + RRSIG11(DNSKEY) + ---------------------------------------------------------------- + + Double Signature Zone Signing Key Rollover + + initial: Initial Version of the zone: DNSKEY 1 is the Key Signing + Key. DNSKEY 10 is used to sign all the data of the zone, the Zone + Signing Key. + + new DNSKEY: At the "New DNSKEY" stage (SOA serial 1) DNSKEY 11 is + introduced into the key set and all the data in the zone is signed + with DNSKEY 10 and DNSKEY 11. The rollover period will need to + continue until all data from version 0 of the zone has expired + from remote caches. This will take at least the Maximum Zone TTL + of version 0 of the zone. + + DNSKEY removal: DNSKEY 10 is removed from the zone. All the + signatures from DNSKEY 10 are removed from the zone. The key set, + now only containing DNSKEY 11, is re-signed with DNSKEY 1. + + + +Kolkman & Gieben Informational [Page 17] + +RFC 4641 DNSSEC Operational Practices September 2006 + + + At every instance, RRSIGs from the previous version of the zone can + be verified with the DNSKEY RRSet from the current version and the + other way around. The data from the current version can be verified + with the data from the previous version of the zone. The duration of + the "new DNSKEY" phase and the period between rollovers should be at + least the Maximum Zone TTL. + + Making sure that the "new DNSKEY" phase lasts until the signature + expiration time of the data in initial version of the zone is + recommended. This way all caches are cleared of the old signatures. + However, this duration could be considerably longer than the Maximum + Zone TTL, making the rollover a lengthy procedure. + + Note that in this example we assumed that the zone was not modified + during the rollover. New data can be introduced in the zone as long + as it is signed with both keys. + +4.2.1.3. Pros and Cons of the Schemes + + Pre-publish key rollover: This rollover does not involve signing the + zone data twice. Instead, before the actual rollover, the new key + is published in the key set and thus is available for + cryptanalysis attacks. A small disadvantage is that this process + requires four steps. Also the pre-publish scheme involves more + parental work when used for KSK rollovers as explained in Section + 4.2.3. + + Double signature ZSK rollover: The drawback of this signing scheme is + that during the rollover the number of signatures in your zone + doubles; this may be prohibitive if you have very big zones. An + advantage is that it only requires three steps. + +4.2.2. Key Signing Key Rollovers + + For the rollover of a Key Signing Key, the same considerations as for + the rollover of a Zone Signing Key apply. However, we can use a + double signature scheme to guarantee that old data (only the apex key + set) in caches can be verified with a new key set and vice versa. + Since only the key set is signed with a KSK, zone size considerations + do not apply. + + + + + + + + + + + +Kolkman & Gieben Informational [Page 18] + +RFC 4641 DNSSEC Operational Practices September 2006 + + + -------------------------------------------------------------------- + initial new DNSKEY DS change DNSKEY removal + -------------------------------------------------------------------- + Parent: + SOA0 --------> SOA1 --------> + RRSIGpar(SOA0) --------> RRSIGpar(SOA1) --------> + DS1 --------> DS2 --------> + RRSIGpar(DS) --------> RRSIGpar(DS) --------> + + + Child: + SOA0 SOA1 --------> SOA2 + RRSIG10(SOA0) RRSIG10(SOA1) --------> RRSIG10(SOA2) + --------> + DNSKEY1 DNSKEY1 --------> DNSKEY2 + DNSKEY2 --------> + DNSKEY10 DNSKEY10 --------> DNSKEY10 + RRSIG1 (DNSKEY) RRSIG1 (DNSKEY) --------> RRSIG2 (DNSKEY) + RRSIG2 (DNSKEY) --------> + RRSIG10(DNSKEY) RRSIG10(DNSKEY) --------> RRSIG10(DNSKEY) + -------------------------------------------------------------------- + + Stages of Deployment for a Double Signature Key Signing Key Rollover + + initial: Initial version of the zone. The parental DS points to + DNSKEY1. Before the rollover starts, the child will have to + verify what the TTL is of the DS RR that points to DNSKEY1 -- it + is needed during the rollover and we refer to the value as TTL_DS. + + new DNSKEY: During the "new DNSKEY" phase, the zone administrator + generates a second KSK, DNSKEY2. The key is provided to the + parent, and the child will have to wait until a new DS RR has been + generated that points to DNSKEY2. After that DS RR has been + published on all servers authoritative for the parent's zone, the + zone administrator has to wait at least TTL_DS to make sure that + the old DS RR has expired from caches. + + DS change: The parent replaces DS1 with DS2. + + DNSKEY removal: DNSKEY1 has been removed. + + The scenario above puts the responsibility for maintaining a valid + chain of trust with the child. It also is based on the premise that + the parent only has one DS RR (per algorithm) per zone. An + alternative mechanism has been considered. Using an established + trust relation, the interaction can be performed in-band, and the + removal of the keys by the child can possibly be signaled by the + parent. In this mechanism, there are periods where there are two DS + + + +Kolkman & Gieben Informational [Page 19] + +RFC 4641 DNSSEC Operational Practices September 2006 + + + RRs at the parent. Since at the moment of writing the protocol for + this interaction has not been developed, further discussion is out of + scope for this document. + +4.2.3. Difference Between ZSK and KSK Rollovers + + Note that KSK rollovers and ZSK rollovers are different in the sense + that a KSK rollover requires interaction with the parent (and + possibly replacing of trust anchors) and the ensuing delay while + waiting for it. + + A zone key rollover can be handled in two different ways: pre-publish + (Section 4.2.1.1) and double signature (Section 4.2.1.2). + + As the KSK is used to validate the key set and because the KSK is not + changed during a ZSK rollover, a cache is able to validate the new + key set of the zone. The pre-publish method would also work for a + KSK rollover. The records that are to be pre-published are the + parental DS RRs. The pre-publish method has some drawbacks for KSKs. + We first describe the rollover scheme and then indicate these + drawbacks. + + -------------------------------------------------------------------- + initial new DS new DNSKEY DS/DNSKEY removal + -------------------------------------------------------------------- + Parent: + SOA0 SOA1 --------> SOA2 + RRSIGpar(SOA0) RRSIGpar(SOA1) --------> RRSIGpar(SOA2) + DS1 DS1 --------> DS2 + DS2 --------> + RRSIGpar(DS) RRSIGpar(DS) --------> RRSIGpar(DS) + + + Child: + SOA0 --------> SOA1 SOA1 + RRSIG10(SOA0) --------> RRSIG10(SOA1) RRSIG10(SOA1) + --------> + DNSKEY1 --------> DNSKEY2 DNSKEY2 + --------> + DNSKEY10 --------> DNSKEY10 DNSKEY10 + RRSIG1 (DNSKEY) --------> RRSIG2(DNSKEY) RRSIG2 (DNSKEY) + RRSIG10(DNSKEY) --------> RRSIG10(DNSKEY) RRSIG10(DNSKEY) + -------------------------------------------------------------------- + + Stages of Deployment for a Pre-Publish Key Signing Key Rollover + + + + + + +Kolkman & Gieben Informational [Page 20] + +RFC 4641 DNSSEC Operational Practices September 2006 + + + When the child zone wants to roll, it notifies the parent during the + "new DS" phase and submits the new key (or the corresponding DS) to + the parent. The parent publishes DS1 and DS2, pointing to DNSKEY1 + and DNSKEY2, respectively. During the rollover ("new DNSKEY" phase), + which can take place as soon as the new DS set propagated through the + DNS, the child replaces DNSKEY1 with DNSKEY2. Immediately after that + ("DS/DNSKEY removal" phase), it can notify the parent that the old DS + record can be deleted. + + The drawbacks of this scheme are that during the "new DS" phase the + parent cannot verify the match between the DS2 RR and DNSKEY2 using + the DNS -- as DNSKEY2 is not yet published. Besides, we introduce a + "security lame" key (see Section 4.4.3). Finally, the child-parent + interaction consists of two steps. The "double signature" method + only needs one interaction. + +4.2.4. Automated Key Rollovers + + As keys must be renewed periodically, there is some motivation to + automate the rollover process. Consider the following: + + o ZSK rollovers are easy to automate as only the child zone is + involved. + + o A KSK rollover needs interaction between parent and child. Data + exchange is needed to provide the new keys to the parent; + consequently, this data must be authenticated and integrity must + be guaranteed in order to avoid attacks on the rollover. + +4.3. Planning for Emergency Key Rollover + + This section deals with preparation for a possible key compromise. + Our advice is to have a documented procedure ready for when a key + compromise is suspected or confirmed. + + When the private material of one of your keys is compromised it can + be used for as long as a valid trust chain exists. A trust chain + remains intact for + + o as long as a signature over the compromised key in the trust chain + is valid, + + o as long as a parental DS RR (and signature) points to the + compromised key, + + o as long as the key is anchored in a resolver and is used as a + starting point for validation (this is generally the hardest to + update). + + + +Kolkman & Gieben Informational [Page 21] + +RFC 4641 DNSSEC Operational Practices September 2006 + + + While a trust chain to your compromised key exists, your namespace is + vulnerable to abuse by anyone who has obtained illegitimate + possession of the key. Zone operators have to make a trade-off if + the abuse of the compromised key is worse than having data in caches + that cannot be validated. If the zone operator chooses to break the + trust chain to the compromised key, data in caches signed with this + key cannot be validated. However, if the zone administrator chooses + to take the path of a regular rollover, the malicious key holder can + spoof data so that it appears to be valid. + +4.3.1. KSK Compromise + + A zone containing a DNSKEY RRSet with a compromised KSK is vulnerable + as long as the compromised KSK is configured as trust anchor or a + parental DS points to it. + + A compromised KSK can be used to sign the key set of an attacker's + zone. That zone could be used to poison the DNS. + + Therefore, when the KSK has been compromised, the trust anchor or the + parental DS should be replaced as soon as possible. It is local + policy whether to break the trust chain during the emergency + rollover. The trust chain would be broken when the compromised KSK + is removed from the child's zone while the parent still has a DS + pointing to the compromised KSK (the assumption is that there is only + one DS at the parent. If there are multiple DSes this does not apply + -- however the chain of trust of this particular key is broken). + + Note that an attacker's zone still uses the compromised KSK and the + presence of a parental DS would cause the data in this zone to appear + as valid. Removing the compromised key would cause the attacker's + zone to appear as valid and the child's zone as Bogus. Therefore, we + advise not to remove the KSK before the parent has a DS to a new KSK + in place. + +4.3.1.1. Keeping the Chain of Trust Intact + + If we follow this advice, the timing of the replacement of the KSK is + somewhat critical. The goal is to remove the compromised KSK as soon + as the new DS RR is available at the parent. And also make sure that + the signature made with a new KSK over the key set with the + compromised KSK in it expires just after the new DS appears at the + parent, thus removing the old cruft in one swoop. + + The procedure is as follows: + + 1. Introduce a new KSK into the key set, keep the compromised KSK in + the key set. + + + +Kolkman & Gieben Informational [Page 22] + +RFC 4641 DNSSEC Operational Practices September 2006 + + + 2. Sign the key set, with a short validity period. The validity + period should expire shortly after the DS is expected to appear + in the parent and the old DSes have expired from caches. + + 3. Upload the DS for this new key to the parent. + + 4. Follow the procedure of the regular KSK rollover: Wait for the DS + to appear in the authoritative servers and then wait as long as + the TTL of the old DS RRs. If necessary re-sign the DNSKEY RRSet + and modify/extend the expiration time. + + 5. Remove the compromised DNSKEY RR from the zone and re-sign the + key set using your "normal" validity interval. + + An additional danger of a key compromise is that the compromised key + could be used to facilitate a legitimate DNSKEY/DS rollover and/or + nameserver changes at the parent. When that happens, the domain may + be in dispute. An authenticated out-of-band and secure notify + mechanism to contact a parent is needed in this case. + + Note that this is only a problem when the DNSKEY and or DS records + are used for authentication at the parent. + +4.3.1.2. Breaking the Chain of Trust + + There are two methods to break the chain of trust. The first method + causes the child zone to appear 'Bogus' to validating resolvers. The + other causes the child zone to appear 'insecure'. These are + described below. + + In the method that causes the child zone to appear 'Bogus' to + validating resolvers, the child zone replaces the current KSK with a + new one and re-signs the key set. Next it sends the DS of the new + key to the parent. Only after the parent has placed the new DS in + the zone is the child's chain of trust repaired. + + An alternative method of breaking the chain of trust is by removing + the DS RRs from the parent zone altogether. As a result, the child + zone would become insecure. + +4.3.2. ZSK Compromise + + Primarily because there is no parental interaction required when a + ZSK is compromised, the situation is less severe than with a KSK + compromise. The zone must still be re-signed with a new ZSK as soon + as possible. As this is a local operation and requires no + communication between the parent and child, this can be achieved + fairly quickly. However, one has to take into account that just as + + + +Kolkman & Gieben Informational [Page 23] + +RFC 4641 DNSSEC Operational Practices September 2006 + + + with a normal rollover the immediate disappearance of the old + compromised key may lead to verification problems. Also note that as + long as the RRSIG over the compromised ZSK is not expired the zone + may be still at risk. + +4.3.3. Compromises of Keys Anchored in Resolvers + + A key can also be pre-configured in resolvers. For instance, if + DNSSEC is successfully deployed the root key may be pre-configured in + most security aware resolvers. + + If trust-anchor keys are compromised, the resolvers using these keys + should be notified of this fact. Zone administrators may consider + setting up a mailing list to communicate the fact that a SEP key is + about to be rolled over. This communication will of course need to + be authenticated, e.g., by using digital signatures. + + End-users faced with the task of updating an anchored key should + always validate the new key. New keys should be authenticated out- + of-band, for example, through the use of an announcement website that + is secured using secure sockets (TLS) [21]. + +4.4. Parental Policies + +4.4.1. Initial Key Exchanges and Parental Policies Considerations + + The initial key exchange is always subject to the policies set by the + parent. When designing a key exchange policy one should take into + account that the authentication and authorization mechanisms used + during a key exchange should be as strong as the authentication and + authorization mechanisms used for the exchange of delegation + information between parent and child. That is, there is no implicit + need in DNSSEC to make the authentication process stronger than it + was in DNS. + + Using the DNS itself as the source for the actual DNSKEY material, + with an out-of-band check on the validity of the DNSKEY, has the + benefit that it reduces the chances of user error. A DNSKEY query + tool can make use of the SEP bit [3] to select the proper key from a + DNSSEC key set, thereby reducing the chance that the wrong DNSKEY is + sent. It can validate the self-signature over a key; thereby + verifying the ownership of the private key material. Fetching the + DNSKEY from the DNS ensures that the chain of trust remains intact + once the parent publishes the DS RR indicating the child is secure. + + Note: the out-of-band verification is still needed when the key + material is fetched via the DNS. The parent can never be sure + whether or not the DNSKEY RRs have been spoofed. + + + +Kolkman & Gieben Informational [Page 24] + +RFC 4641 DNSSEC Operational Practices September 2006 + + +4.4.2. Storing Keys or Hashes? + + When designing a registry system one should consider which of the + DNSKEYs and/or the corresponding DSes to store. Since a child zone + might wish to have a DS published using a message digest algorithm + not yet understood by the registry, the registry can't count on being + able to generate the DS record from a raw DNSKEY. Thus, we recommend + that registry systems at least support storing DS records. + + It may also be useful to store DNSKEYs, since having them may help + during troubleshooting and, as long as the child's chosen message + digest is supported, the overhead of generating DS records from them + is minimal. Having an out-of-band mechanism, such as a registry + directory (e.g., Whois), to find out which keys are used to generate + DS Resource Records for specific owners and/or zones may also help + with troubleshooting. + + The storage considerations also relate to the design of the customer + interface and the method by which data is transferred between + registrant and registry; Will the child zone administrator be able to + upload DS RRs with unknown hash algorithms or does the interface only + allow DNSKEYs? In the registry-registrar model, one can use the + DNSSEC extensions to the Extensible Provisioning Protocol (EPP) [15], + which allows transfer of DS RRs and optionally DNSKEY RRs. + +4.4.3. Security Lameness + + Security lameness is defined as what happens when a parent has a DS + RR pointing to a non-existing DNSKEY RR. When this happens, the + child's zone may be marked "Bogus" by verifying DNS clients. + + As part of a comprehensive delegation check, the parent could, at key + exchange time, verify that the child's key is actually configured in + the DNS. However, if a parent does not understand the hashing + algorithm used by child, the parental checks are limited to only + comparing the key id. + + Child zones should be very careful in removing DNSKEY material, + specifically SEP keys, for which a DS RR exists. + + Once a zone is "security lame", a fix (e.g., removing a DS RR) will + take time to propagate through the DNS. + + + + + + + + + +Kolkman & Gieben Informational [Page 25] + +RFC 4641 DNSSEC Operational Practices September 2006 + + +4.4.4. DS Signature Validity Period + + Since the DS can be replayed as long as it has a valid signature, a + short signature validity period over the DS minimizes the time a + child is vulnerable in the case of a compromise of the child's + KSK(s). A signature validity period that is too short introduces the + possibility that a zone is marked "Bogus" in case of a configuration + error in the signer. There may not be enough time to fix the + problems before signatures expire. Something as mundane as operator + unavailability during weekends shows the need for DS signature + validity periods longer than 2 days. We recommend an absolute + minimum for a DS signature validity period of a few days. + + The maximum signature validity period of the DS record depends on how + long child zones are willing to be vulnerable after a key compromise. + On the other hand, shortening the DS signature validity interval + increases the operational risk for the parent. Therefore, the parent + may have policy to use a signature validity interval that is + considerably longer than the child would hope for. + + A compromise between the operational constraints of the parent and + minimizing damage for the child may result in a DS signature validity + period somewhere between a week and months. + + In addition to the signature validity period, which sets a lower + bound on the number of times the zone owner will need to sign the + zone data and which sets an upper bound to the time a child is + vulnerable after key compromise, there is the TTL value on the DS + RRs. Shortening the TTL means that the authoritative servers will + see more queries. But on the other hand, a short TTL lowers the + persistence of DS RRSets in caches thereby increasing the speed with + which updated DS RRSets propagate through the DNS. + +5. Security Considerations + + DNSSEC adds data integrity to the DNS. This document tries to assess + the operational considerations to maintain a stable and secure DNSSEC + service. Not taking into account the 'data propagation' properties + in the DNS will cause validation failures and may make secured zones + unavailable to security-aware resolvers. + +6. Acknowledgments + + Most of the ideas in this document were the result of collective + efforts during workshops, discussions, and tryouts. + + At the risk of forgetting individuals who were the original + contributors of the ideas, we would like to acknowledge people who + + + +Kolkman & Gieben Informational [Page 26] + +RFC 4641 DNSSEC Operational Practices September 2006 + + + were actively involved in the compilation of this document. In + random order: Rip Loomis, Olafur Gudmundsson, Wesley Griffin, Michael + Richardson, Scott Rose, Rick van Rein, Tim McGinnis, Gilles Guette + Olivier Courtay, Sam Weiler, Jelte Jansen, Niall O'Reilly, Holger + Zuleger, Ed Lewis, Hilarie Orman, Marcos Sanz, and Peter Koch. + + Some material in this document has been copied from RFC 2541 [12]. + + Mike StJohns designed the key exchange between parent and child + mentioned in the last paragraph of Section 4.2.2 + + Section 4.2.4 was supplied by G. Guette and O. Courtay. + + Emma Bretherick, Adrian Bedford, and Lindy Foster corrected many of + the spelling and style issues. + + Kolkman and Gieben take the blame for introducing all miscakes (sic). + + While working on this document, Kolkman was employed by the RIPE NCC + and Gieben was employed by NLnet Labs. + +7. References + +7.1. Normative References + + [1] Mockapetris, P., "Domain names - concepts and facilities", STD + 13, RFC 1034, November 1987. + + [2] Mockapetris, P., "Domain names - implementation and + specification", STD 13, RFC 1035, November 1987. + + [3] Kolkman, O., Schlyter, J., and E. Lewis, "Domain Name System + KEY (DNSKEY) Resource Record (RR) Secure Entry Point (SEP) + Flag", RFC 3757, May 2004. + + [4] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, + "DNS Security Introduction and Requirements", RFC 4033, March + 2005. + + [5] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, + "Resource Records for the DNS Security Extensions", RFC 4034, + March 2005. + + [6] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, + "Protocol Modifications for the DNS Security Extensions", RFC + 4035, March 2005. + + + + + +Kolkman & Gieben Informational [Page 27] + +RFC 4641 DNSSEC Operational Practices September 2006 + + +7.2. Informative References + + [7] Bradner, S., "Key words for use in RFCs to Indicate Requirement + Levels", BCP 14, RFC 2119, March 1997. + + [8] Ohta, M., "Incremental Zone Transfer in DNS", RFC 1995, August + 1996. + + [9] Vixie, P., "A Mechanism for Prompt Notification of Zone Changes + (DNS NOTIFY)", RFC 1996, August 1996. + + [10] Wellington, B., "Secure Domain Name System (DNS) Dynamic + Update", RFC 3007, November 2000. + + [11] Andrews, M., "Negative Caching of DNS Queries (DNS NCACHE)", + RFC 2308, March 1998. + + [12] Eastlake, D., "DNS Security Operational Considerations", RFC + 2541, March 1999. + + [13] Orman, H. and P. Hoffman, "Determining Strengths For Public + Keys Used For Exchanging Symmetric Keys", BCP 86, RFC 3766, + April 2004. + + [14] Eastlake, D., Schiller, J., and S. Crocker, "Randomness + Requirements for Security", BCP 106, RFC 4086, June 2005. + + [15] Hollenbeck, S., "Domain Name System (DNS) Security Extensions + Mapping for the Extensible Provisioning Protocol (EPP)", RFC + 4310, December 2005. + + [16] Lenstra, A. and E. Verheul, "Selecting Cryptographic Key + Sizes", The Journal of Cryptology 14 (255-293), 2001. + + [17] Schneier, B., "Applied Cryptography: Protocols, Algorithms, and + Source Code in C", ISBN (hardcover) 0-471-12845-7, ISBN + (paperback) 0-471-59756-2, Published by John Wiley & Sons Inc., + 1996. + + [18] Rose, S., "NIST DNSSEC workshop notes", June 2001. + + [19] Jansen, J., "Use of RSA/SHA-256 DNSKEY and RRSIG Resource + Records in DNSSEC", Work in Progress, January 2006. + + [20] Hardaker, W., "Use of SHA-256 in DNSSEC Delegation Signer (DS) + Resource Records (RRs)", RFC 4509, May 2006. + + + + + +Kolkman & Gieben Informational [Page 28] + +RFC 4641 DNSSEC Operational Practices September 2006 + + + [21] Blake-Wilson, S., Nystrom, M., Hopwood, D., Mikkelsen, J., and + T. Wright, "Transport Layer Security (TLS) Extensions", RFC + 4366, April 2006. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Kolkman & Gieben Informational [Page 29] + +RFC 4641 DNSSEC Operational Practices September 2006 + + +Appendix A. Terminology + + In this document, there is some jargon used that is defined in other + documents. In most cases, we have not copied the text from the + documents defining the terms but have given a more elaborate + explanation of the meaning. Note that these explanations should not + be seen as authoritative. + + Anchored key: A DNSKEY configured in resolvers around the globe. + This key is hard to update, hence the term anchored. + + Bogus: Also see Section 5 of [4]. An RRSet in DNSSEC is marked + "Bogus" when a signature of an RRSet does not validate against a + DNSKEY. + + Key Signing Key or KSK: A Key Signing Key (KSK) is a key that is used + exclusively for signing the apex key set. The fact that a key is + a KSK is only relevant to the signing tool. + + Key size: The term 'key size' can be substituted by 'modulus size' + throughout the document. It is mathematically more correct to use + modulus size, but as this is a document directed at operators we + feel more at ease with the term key size. + + Private and public keys: DNSSEC secures the DNS through the use of + public key cryptography. Public key cryptography is based on the + existence of two (mathematically related) keys, a public key and a + private key. The public keys are published in the DNS by use of + the DNSKEY Resource Record (DNSKEY RR). Private keys should + remain private. + + Key rollover: A key rollover (also called key supercession in some + environments) is the act of replacing one key pair with another at + the end of a key effectivity period. + + Secure Entry Point (SEP) key: A KSK that has a parental DS record + pointing to it or is configured as a trust anchor. Although not + required by the protocol, we recommend that the SEP flag [3] is + set on these keys. + + Self-signature: This only applies to signatures over DNSKEYs; a + signature made with DNSKEY x, over DNSKEY x is called a self- + signature. Note: without further information, self-signatures + convey no trust. They are useful to check the authenticity of the + DNSKEY, i.e., they can be used as a hash. + + + + + + +Kolkman & Gieben Informational [Page 30] + +RFC 4641 DNSSEC Operational Practices September 2006 + + + Singing the zone file: The term used for the event where an + administrator joyfully signs its zone file while producing melodic + sound patterns. + + Signer: The system that has access to the private key material and + signs the Resource Record sets in a zone. A signer may be + configured to sign only parts of the zone, e.g., only those RRSets + for which existing signatures are about to expire. + + Zone Signing Key (ZSK): A key that is used for signing all data in a + zone. The fact that a key is a ZSK is only relevant to the + signing tool. + + Zone administrator: The 'role' that is responsible for signing a zone + and publishing it on the primary authoritative server. + +Appendix B. Zone Signing Key Rollover How-To + + Using the pre-published signature scheme and the most conservative + method to assure oneself that data does not live in caches, here + follows the "how-to". + + Step 0: The preparation: Create two keys and publish both in your key + set. Mark one of the keys "active" and the other "published". + Use the "active" key for signing your zone data. Store the + private part of the "published" key, preferably off-line. The + protocol does not provide for attributes to mark a key as active + or published. This is something you have to do on your own, + through the use of a notebook or key management tool. + + Step 1: Determine expiration: At the beginning of the rollover make a + note of the highest expiration time of signatures in your zone + file created with the current key marked as active. Wait until + the expiration time marked in Step 1 has passed. + + Step 2: Then start using the key that was marked "published" to sign + your data (i.e., mark it "active"). Stop using the key that was + marked "active"; mark it "rolled". + + Step 3: It is safe to engage in a new rollover (Step 1) after at + least one signature validity period. + + + + + + + + + + +Kolkman & Gieben Informational [Page 31] + +RFC 4641 DNSSEC Operational Practices September 2006 + + +Appendix C. Typographic Conventions + + The following typographic conventions are used in this document: + + Key notation: A key is denoted by DNSKEYx, where x is a number or an + identifier, x could be thought of as the key id. + + RRSet notations: RRs are only denoted by the type. All other + information -- owner, class, rdata, and TTL--is left out. Thus: + "example.com 3600 IN A 192.0.2.1" is reduced to "A". RRSets are a + list of RRs. A example of this would be "A1, A2", specifying the + RRSet containing two "A" records. This could again be abbreviated to + just "A". + + Signature notation: Signatures are denoted as RRSIGx(RRSet), which + means that RRSet is signed with DNSKEYx. + + Zone representation: Using the above notation we have simplified the + representation of a signed zone by leaving out all unnecessary + details such as the names and by representing all data by "SOAx" + + SOA representation: SOAs are represented as SOAx, where x is the + serial number. + + Using this notation the following signed zone: + + example.net. 86400 IN SOA ns.example.net. bert.example.net. ( + 2006022100 ; serial + 86400 ; refresh ( 24 hours) + 7200 ; retry ( 2 hours) + 3600000 ; expire (1000 hours) + 28800 ) ; minimum ( 8 hours) + 86400 RRSIG SOA 5 2 86400 20130522213204 ( + 20130422213204 14 example.net. + cmL62SI6iAX46xGNQAdQ... ) + 86400 NS a.iana-servers.net. + 86400 NS b.iana-servers.net. + 86400 RRSIG NS 5 2 86400 20130507213204 ( + 20130407213204 14 example.net. + SO5epiJei19AjXoUpFnQ ... ) + 86400 DNSKEY 256 3 5 ( + EtRB9MP5/AvOuVO0I8XDxy0... ) ; id = 14 + 86400 DNSKEY 257 3 5 ( + gsPW/Yy19GzYIY+Gnr8HABU... ) ; id = 15 + 86400 RRSIG DNSKEY 5 2 86400 20130522213204 ( + 20130422213204 14 example.net. + J4zCe8QX4tXVGjV4e1r9... ) + + + + +Kolkman & Gieben Informational [Page 32] + +RFC 4641 DNSSEC Operational Practices September 2006 + + + 86400 RRSIG DNSKEY 5 2 86400 20130522213204 ( + 20130422213204 15 example.net. + keVDCOpsSeDReyV6O... ) + 86400 RRSIG NSEC 5 2 86400 20130507213204 ( + 20130407213204 14 example.net. + obj3HEp1GjnmhRjX... ) + a.example.net. 86400 IN TXT "A label" + 86400 RRSIG TXT 5 3 86400 20130507213204 ( + 20130407213204 14 example.net. + IkDMlRdYLmXH7QJnuF3v... ) + 86400 NSEC b.example.com. TXT RRSIG NSEC + 86400 RRSIG NSEC 5 3 86400 20130507213204 ( + 20130407213204 14 example.net. + bZMjoZ3bHjnEz0nIsPMM... ) + ... + + is reduced to the following representation: + + SOA2006022100 + RRSIG14(SOA2006022100) + DNSKEY14 + DNSKEY15 + + RRSIG14(KEY) + RRSIG15(KEY) + + The rest of the zone data has the same signature as the SOA record, + i.e., an RRSIG created with DNSKEY 14. + + + + + + + + + + + + + + + + + + + + + + + +Kolkman & Gieben Informational [Page 33] + +RFC 4641 DNSSEC Operational Practices September 2006 + + +Authors' Addresses + + Olaf M. Kolkman + NLnet Labs + Kruislaan 419 + Amsterdam 1098 VA + The Netherlands + + EMail: olaf@nlnetlabs.nl + URI: http://www.nlnetlabs.nl + + + R. (Miek) Gieben + + EMail: miek@miek.nl + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Kolkman & Gieben Informational [Page 34] + +RFC 4641 DNSSEC Operational Practices September 2006 + + +Full Copyright Statement + + Copyright (C) The Internet Society (2006). + + This document is subject to the rights, licenses and restrictions + contained in BCP 78, and except as set forth therein, the authors + retain all their rights. + + This document and the information contained herein are provided on an + "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS + OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET + ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, + INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE + INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED + WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + +Intellectual Property + + The IETF takes no position regarding the validity or scope of any + Intellectual Property Rights or other rights that might be claimed to + pertain to the implementation or use of the technology described in + this document or the extent to which any license under such rights + might or might not be available; nor does it represent that it has + made any independent effort to identify any such rights. Information + on the procedures with respect to rights in RFC documents can be + found in BCP 78 and BCP 79. + + Copies of IPR disclosures made to the IETF Secretariat and any + assurances of licenses to be made available, or the result of an + attempt made to obtain a general license or permission for the use of + such proprietary rights by implementers or users of this + specification can be obtained from the IETF on-line IPR repository at + http://www.ietf.org/ipr. + + The IETF invites any interested party to bring to its attention any + copyrights, patents or patent applications, or other proprietary + rights that may cover technology that may be required to implement + this standard. Please address the information to the IETF at + ietf-ipr@ietf.org. + +Acknowledgement + + Funding for the RFC Editor function is provided by the IETF + Administrative Support Activity (IASA). + + + + + + + +Kolkman & Gieben Informational [Page 35] + diff --git a/contrib/zkt/doc/rfc5011.txt b/contrib/zkt-1.1.2/doc/rfc5011.txt similarity index 100% rename from contrib/zkt/doc/rfc5011.txt rename to contrib/zkt-1.1.2/doc/rfc5011.txt diff --git a/contrib/zkt/domaincmp.c b/contrib/zkt-1.1.2/domaincmp.c similarity index 100% rename from contrib/zkt/domaincmp.c rename to contrib/zkt-1.1.2/domaincmp.c diff --git a/contrib/zkt/domaincmp.h b/contrib/zkt-1.1.2/domaincmp.h similarity index 100% rename from contrib/zkt/domaincmp.h rename to contrib/zkt-1.1.2/domaincmp.h diff --git a/contrib/zkt/examples/dnssec.conf b/contrib/zkt-1.1.2/examples/dnssec.conf similarity index 100% rename from contrib/zkt/examples/dnssec.conf rename to contrib/zkt-1.1.2/examples/dnssec.conf diff --git a/contrib/zkt-1.1.2/examples/flat/core b/contrib/zkt-1.1.2/examples/flat/core new file mode 100644 index 0000000000000000000000000000000000000000..e425dff539a3665f869eda68c966509c07237534 GIT binary patch literal 294912 zcmeHw3t${&x%Q+@(giClP@von!_{J&WOHp=2qsO^CQX`bleA4Ml5BQ2$ltfjZROsr@Nr^Tj^+wbCNPDy%4s--5Rs7 zOkz~J8|iK{oj!f1k8U5+)xlBuN42jJ=`J%}MSfsZ`Q0qvOfN(_Fe<$l>B?cFd>#uh zDt&OLp($Ks3}Tb${oJUcXW5eov>q!<~x%erf2fTh|l_wesgjy7TG#ZX7&7Qa?sC2}zx$=4ZZQ+m-40}C6mmx9@k!6T%L*y7D z*ARJzn5|qE!~Yrho52m*Wv(0_{$v?{>KL=IVrDShqIi^GOGB_Tm=#+cqYk8dl}Osv zv3OLys6d@Dqca@vsUN(;bp>~PNKQl9Dv=H%w|c(`3#iL?f9&%=k{a=pS2A} zQ}kzbJvSyhUO7Az&R?7C;4`}ew4&ooFr2jnxm{Ldsi7*`-qrw*I}@cG~2p`mc^ZOIO_EzC9zKn{M|_Iw?-;|(h6 zkDx7m*W&qc{yyzh99QaRlO1OP$~`Y>{ZH-H<|DooP*)w$I%!|9UrS6M&>{==X+2Y4 z)Eam1(+V#h(EduFNA_x|pG$W1W)5h|1ADZ>f_<9vk^yZgY>n~#TJQ6FwaCDJt+9H) zHqf_E+g$#N_A{hK_U+d;zx1-^zWD_$^$wH+yYj=mS{~w?^N=61@WKIY;HP`Fn-RYg zh@3m1eIN2?fLnP{>&Y3=UPauA^3VD_Y+rv#D?~k!7tuZ(TQh8(K>t|-n)6G0wSFAW z_n{}gxK}H@Xh7?q_LBB0^i(`oJqx%T=tUXb=MQLw|M`NZpuSGnZU*iIz6p%S^K@`J zo?VTN*!k%B12(-GdYVlSLC>-2ozSnc>3mi^A3D!JgBMt2)2pG^jnSKIdL`1Yv*}Br zvwW+(66j%@UIl%PO%FrA5jun(*q%?>^j6bu7miP$d{l5M1bO*gDUO*y9`GT6_VH}4%&hF3 z+`QTObBg8_mz2(@-_e5Wt43L7Rl}~`51glTNAOw)F49>@)YCi6cSz{f@{`HaI4B@= zpHizRyxQ zXDipTbKIK9eicd+}-a_sh}Y~{RY^WP2o3cN+adUx6E`)%de z?Qg(-4a(;{HDL3%9~awg1-spG_elS{5OFW+WfwnaD`y7mZ2wrh%jQ35^S{dGZ?`Xi zJ;^*SrD%lDI@6!WYqvM*{!K@;Ct#Mt%P-khPSh-CtbL8?&;H=B`G3;%A8Y@d>Cg5| zwfXm${$uU;>i$MM?Z^8)vmCa^X)EVPW;tW+KQry@=hNW76FQ>GUAWb?1L`R}s% z(|!Otnx>rob)%n<=WA^K7s1Z*ExQXk{TprmjW++V&7bye)BpRB93NPY&*s0~=1=?M zrvJ;3yxz%MtIa>@o{{6F-3guTxf;@A`Uh?Pi){XO`-fron&%~A^JiJd3hL$*uDiL+ zP%cB9eTV&FCgL1Nd5yae=a|RiosBpp^$#J=bo!Md&U_3Ni0cP}xEpb6J+KV%ZaN@b zi}*Sts`wF4nDHRu8_akN@g6h22Jua1{6@q#oAGssZ!zN(_Wg~`tVh}A?$SZ6u*7(G zwcnJMU;Z-&|J2vx-A&7Gmz$qWam?r+@w2B%Tp0LAGf?=~6vs~VKVGi{uRjL9YfKoL z@t5hdzH8V9_M7iR+a3N5;uql`|IU5eUr|A12 zCtg10K1d(mzCKA`_v=3ARx8{GIXG@$e`M{0RC64$#y$FSY$*fkfmVR;hg;+2I>a{s zn}96<{n-wyEjwV_Y1#uYuD$BMH}C?3X2+z9p!1!2+U@VwvoHjXdmOjzA@X#J<2x-Q zmg}L9Xh$DQ?S72+&oO@wFgD>|Ojlo0fcnxWgvXZn)bQtNPa{}Vl)^z;lIZ_FRZk0Hi8p0tpfX;!bN zr)T&Av3Po{6~+gF6TN`&lr;e8+o+%n~CbZ0)C0bgBpS85rNmk z3|M)eH(eRjBBme98+$#>b!DmJ+4)M5-kx#$l~FI#?d4O~`;}QAb+cdT?WBIJ>*R=j zg|e*nGr!)iY~|bg)$lm$#CU4MRi~L_ENvWX#{|yJTxT-yXE_l5otU$A1O7}`9HD1T zy%~Dt`c{3-I$b%LZ-oV!fng5pZ{GdW1x_VdKhKMxm+kp(#oHNYM}7#TC`~Buf4+G2 zQdLRztq$3{l~I2i(#!93#ilFC!`CKLI$*!`GwWC3IP~ttpB2%b3;WaM>0N9u8{7#U zYw;W4H*&GUj{5ZS*sqxHL14qBn9uazi;>T9kbET1TnBOAVGF*pUB+H!qCLPwc3T-E z(Y!%zyEQ?NSe27bQ55zes~_2tBq|ID1HynXAPfit!hkR!3P=_ zU3G&RQU5CL>jKAfn7ltQb{~2Wd1+%{8Og7WF3YkXPx)`>{=o5+|4#W>_XqCAONp}I zey3QMdV~RC;GJZk9P>zehV8EYJ6XBZB@74y?>Yk&w#z?#rpuK-GdC|g&-Jdi>)mdE zotAgIE$>GC`i27UBD`?R#!5nO!;eDBj3*U*9YRs+lSkei=5w?OpM&F_l@&<0zsJ(O zIBEDjmhQQDLl!TGIPi{1_W`_7WIp%edn~B_AMzah2Pn5_RcTR?w<;$bm>FxGm${;< zwY)xFJFla)XkkT3WKQlpZ%$eEqSdX7x|W1vvzIPg8jTfoRaNAx9dlf+W?x5BJlyOJ zSJvdrFA96yk^0${t&20O-K{g{)YRlGEngm86$ma^*_^c^zM|E&q-IsM8tqu#-np=- zyg6@0UDs;QO3xC{^4vC8(Y#=0(C>-1%&c#{ZeE#p(VFba&aRy5NN81Vdu-9nPBqlN zur4#V)29T`?s<#R?xLc3S>@G!U$k^dSD9;3S17wVD`$m!PE&4lW^I{w{_6QFvO4Rl z%G=vI$}5*v=eQO{)nzkla>`swVvCp56g5}W&0pbP>B%aM70)g%EnnSH+OjejE}6Hu zpa6BS9-SXgZquU55?6Cq#)<_kfsWReSg_XXZf(okO;$Ucx5W`QBP_X`Mnp2ELnA zT)L=^-#z7im(S-J5;cR`biDt-{_Vy)5$ul)meiHwd{3(p`R(s%bx}vKzvq#Ftq0f) z^a6c=^%%Gx@c}@=vuCII44>_=+M>edGVK?^-h*~;0s4Rqe76JFQ$#hcSswRz;~VYc ztp{nhzt6$_G249+h-^H2>X!!o_=hhg?tfxq;(PaeIg$9mR}x=X`_)AINjsbs&p(E7JuzG&YaIa=Dh5tKId7{-zs;0|F_*gs{fs{`tIK)&h!30aY@DF&PV3_A@O|6 zAC%apKR6${;(wjz&iX&+ohR)~{CLt6&aT~041D1?r#nj)osl?{JuUIVC1)m{Jmajy zuP2|K_|eN}CmwiadZOp|=Ok`_&ThDXefA9IuuWr1+nOOfH&Ks}4&>0P?PVY4r zIqNDfc9vdsi8F83rOpqWf0=Xo)XNjaDIZAWyz+s>WzWq>ob`t*5>tNq!NkFbW+ryu zGb{1OJJJ%rTAQBO8qY}F=W{uq_(-Pnp=g%#hXvWrJ8N>BU%nvM*_D;&yy4Bf#2x45 zJ3UY3CpzDl<1Bu7ZleBAS0)<1c~xTW4+|1SH(#AN|4ScAT+&?VoU^tlkurat^E_X1 z;`z%;oNpGFCVr7J-}&cD7C8U9cY*WAlgphuepBxJ`ZEii-?_gcvF*`H=la_gCGNhr z${7k(CqBO3ow#M$;)Fj~lL*ePO)RLaOH`e`Byq*8r3u$-OP%x2tWTW&fA!88uPjd- z`2Gs#$$$8;^R%98oG(7~5$DS{T1_X5Fj26s%~|`+P~yVYurv4Oi1Vt& z?as5Cqt5@xj5%K~jXRaoIud7QbUObs(3yDclrHD?zOKX*dsjQZxp__Ehrjt~;wN`q zpZN0qA4}Y``acsl+;)SKG->kifA~N$;wk#y$w{eG-ueF&^?c)c;#|d-%ndzBpSzTl zB*pbXq+_}=WRjJhWcVi~>0=EC7JV?m^??_cx^a(=P)^3R2h6|)iy`I))S!GA@2NC) z&CFL7hw+|E+Ni5C{VAkh_xVfa%)omr_>L~#=o$MGmZO3%&_v)jX~B7OhyBL9Rg-SM zFT?k0danHLhxGS)Alspz(O+G`e8J9fD^T)I-dN=?HJWefBNr{e&O2t z!YIc)jw2eXw6D1_7Kb0--x={cqM`cn@ckolWW3Ll9$`KP=B0EE*E4Z``dK{VJtDjp zl#b6sb$a4{C4Ef!D{XJJwRyT){lPKyVB zK^PDQgaKhd7!U@80bxKG5C((+Vc@MXpyJ*D-{X-W3z^BzxDrYrNkad2R%Oi$byj7z&1?&-nc3M~>#nV?^t-b<@)s1XDqq;vp3%}YJHKdI zZM<_?URhCnw4~V+XjePin{pPFtSIh`1U=r?*41Urp_ZkU^Ou)rWyMzqI+wJqsmh4d z%=5dKFIb!zS{kd!^tzXqxFc$g@tTXmc~gQgAPfit!hkUFRv9q%Ut`|Lc&mj;K4Cx@ z_?Kg#V$9{w-%`xx?uLOkf?%8Zn}=n1ciMw^ z&t!aKZ?5rP_FLVLjQ6|lzMRxizw3SyI_tIq-u=^m?``Qvlkc_PbqD?jCq#lUAPfit z??DD+Kk^eoxiP zj0#_;*H@wjnku8UD?AIDz3sC@;cTzFvnIAMW6A8=yrrGX>*uei^3->>FU-qZvA|m# zFK;Ukdx}?-FK!B}YqDGC`-2OcGV-!2+E*;|UYF?!b^aNh;njI=m+?#Px4Lirr#?B-IAK5-5C(*ScZ>nq zx4vUkOGU!KKP3a>>|6Pv1%BAzpR&F0RHOdg_pSQA68qLs&(ZL`u!nCp_N~3P?~#3~ zN1pGzQ~grv5e9?-VL%uV2801&Ko}4PgaKhd7!U@80bxKG5C((+VL%uV2801&Ko}4P zgaKhd7!U@80bxKG5C((+VL%uV2801&Ko}4PgaKhd7!U@80bxKG5C((+VL%uV2801& zKo}4PgaKhd7!U@80bxKG5C((+VL%uV2801&Ko}4PgaKhd7!U@80bxKG5C((+VL%uV z2801&Ko}4PgaKhd7!U@80bxKG5C((+VL%uV2801&Ko}4PgaKhd7!U@80bxKG5C((+ zVL%uV2801&Ko}4PgaKhd7!U@80bxKG5C((+VL%uV2801&Ko}4PgaKhd7!U@80bxKG z5C((+VL%uV2801&Ko}4PgaKhd7!U@80bxKG5C((+VL%uV2801&Ko}4PgaKhd7!U@8 z0bxKG5C((+VL%uV2801&Ko}4PgaKhd7!U@80bxKG5C((+VL%uV2801&Ko}4PgaKhd z7!U@80bxKG5C((+VL%uV2801&Ko}4PgaKhd7!U@80bxKG5C((+VL%uV2801&Ko}4P zgaKhd7!U@80bxKG5C((+VL%uV2801&Ko}4PgaKhd7!U@80bxKG5C((+VL%uV2801& zKo}4PgaKhd7!U@80bxKG5C((+VL%uV2801&Ko}4PgaKhd7!U@80bxKG5C((+VL%uV z2801&Ko}4PgaKhd7!U@80bxKG5C((+VL%uV2801&Ko}4PgaKhd7!U@80bxKG5C((+ zVL%uV2801&Ko}4PgaKhd7!U@80bxKG5C((+VL%uV2801&Ko}4PgaKhd7!U@80bxKG z5C((+VL%uV2801&Ko}4PgaKhd7!U@80bxKG5C((+VL%uV2801&Ko}4PgaKhd7!U@8 z0bxKG5C((+VL%uV2801&Ko}4PgaKhd7!U@80bxKG5C((+VL%uV2801&Ko}4PgaKhd z7!U@80bxKG5C;Ac4D=KaYHI7CHVK6{mc6c7brdch9FAMI@nrA(-CBOdZjDk;e|Bg{ zQBEGpbnN-zc>X79+x(ra+fFo(_zMHVzE8SH zXhR5n_wLiz#Ei2+-D$6D{pqi3YR2nYH{i~CU2DvFUF!h`fWj-W{?3C9NB{#s-$!22 z)Y*_ggz5Q+1I{^+&%)To1Vc=mib{js-Y2fL-$az_h7{v>5>FN0(I=+;B)caPgpqF0E7|u3Td5JL(Xh zia5LP3dE-)j;PZ9v7@(*KIhzcNV^D_1JnXu;G@88z$RcD@LS+HVEg|Z(hfqNdK2;h zX+SaXVW0)L5l8?%zym-p@c)2a$oDtMq>mrcoWKkq7pMSM0FECX(wZUH0$%|h1hxZD z0ke?CcJ4=f>e@rvg}{|S9pDApfm?uY0Y3qL3;YFm6L{Yz4r$YXD*%>}2U!6$0PVmH zzy{#^z@xxZz{|kon-6KH0cpThKsC?=xY3pn-LjAJV=C`Cq^+#NEIz5dRAhM|>mD3k(2* zu${IJWdWJMJfIO+10;ZN13v|x0S*Eued>^Q0gwiK2&e(tfR6#61?~ra0FbA#;W60% z7w89`16~JCz2%U0HgFLz7bpUj0oMUMr`?e2fiD1G2Q~x$1N;j3J@7m*2%L5+&JQpT zs0Sjz4ZwQfi@?~n{4?s`K|AjU{tNgepaENf9|J!HegXUj_&u-_cnUawJNX_`kp{K;=Pa-Xm|ewW&9B~py$u*sMkJtS-)Ccqf z-9X`fM+-u!d)zgI^ux$U zyovgt_X6FBCn#Z0ARb9Rs3lSkYWtnI;izlz!z|p z1CVaW%?lwHAJkOD3n4Ag?py~QNC5qS>r*HXU^|^(KB)D55&3|`7m)rr$OO`EGtzr! z9{oP)3a+otd_gZO8R0tUs&hnN3%&515&cf+n+Nv{`)`3hFw06$O5Fjy@q!mL^_e|d zQfhMYF6iAa82*zcB_|(*UWhcdJvn*Oq;tAZ-|KsH|K#MPqz^)m?6=aBlFFEVvQa+s zH$d-8vg(^O$-UZ$v%I$w9=?72>y+0Z*LzEVMywedtBf^eW1T4%9=UGa+W5Mb>VYpL z^Pc&i;KB`k>Fe48=(Pat$r~}h+=b)36Z6x@Fo$7HS$RF?_B${Stv;kJggpTpeINZl ztlyqGq&*J#B=9WoB5(j01d?}R9s`cIOc%<`1hRl^AP2|=@_^YuJ}?I;$No;`v2XiVvh7E&q*#*Y+X~h( z9_#qH?S2Y<$!ZIam*IHxhv9n-IA{cXKr0XgB0wDI0&W0q25tj30CxkMfCqu^0Y3m9 z27V0u6!-=3Yv8xQAAl!-r+}w{-N4^~g8=;x1Cw!19l)u;Ilx802Z3xL510c~0n30! zz&h5klE+QkG+Ymt0y#hlPzU&cIItGz0k#590?AKczXX&3tw0yB4%h%}0=57gPV&r;VR~ zyfUqFkGFjsAMP5{KKpSV>-e~aBe(WER^61x%I}2F*O5PgW9$XCA^vONPrz<~$Mc#g zt>b+I`VcUnOkA(khGW%#hUNG+WKR;ViAm$PrGM5S?gb5My+C*Npw^Qj%^?ieAg-av_=Oo^~mzOr<{2C{WqZvYmn~~ zBkdmu8|`=he6QaAfsaC8jrxADS9ASruNDD%|AMt0(%Jq(z&*inyw&piP{-RXKM^zd zx3|9$HZ_W4@!?!Of#ZRGwDuRChGSFqX?-{kk;&M@Lbv!IIAiqrorwQqmEV8nKdyZ8 z-+d`C!)QPIkLz627ev22&&JOs*sDLbSF`ie3!aX}k5zvE^oh%FydM2$obvlmp!~#J zD1U7GyRSU)HF+c#JRQgR8OQ<06I_2sJO7&taeaRW+wE0^A8(ko%I`*bR{J^rMOLEEdJX>Be-*zm{@JgO zP5PSwgj2D=nd0B?FKezm>d{#M@ozfEwcw+vTZhA64sQKfq{-~iUk3w&WhC3o= zhF<8c;aJ>ER<=M7`QyVbj~n``aCD{avK4y76N|0#83k;o9u3FC-f)l(o2hp+1q0rd z{?*WTLXSqgW^IbH1A5FK?F@L020lc+)#D4VGFHGVL z_S*3MzQ$kRei9G?`mzq{>E*ZqaS9r-400-@``RSsT*$|Nd%AKyq{aO;PraeNa(F2G z=;GZP*Tk;rdo=D1BkOl-CqowDCgb}cxnAX-;J}BBXIo{6PXkT^&IWegyGLW(@$o&{ z>5zR_D9Rbs0o>mVznGDv;J#@1Oz8gsusqxk4e!WGQqV`j>;nUk(a;|45ab^x>QL|- z8+MxaTzFh8M+JCKm2o|E3~KiRmzE4_+hM;ZHmE%c>4YtDAJ#E=ColqAJ>D6dfw&KH zSK*+xzQ~C8m*IRqnc|4NxKDd%#h_MLKB#R*-t$pj8GO%=rSLG7M#SrY66Ad`iuEkY ztc33T^N_~0IP~qvucEBSQGXvW4dwJaIi%≤Vx5QRYByT5pI-QGLH>h~ZnWo89BUnX z3enzyKCHX?hfsHlV+Yb7f?qw-E=ArR#GSCO1s?{XC7k*0L9Opv9Pe(-9|QZe zrFdpc-Z~*~2JQq{*Y_dEFJ;7f13KKrPzy&)!!h>72j`r5*E3tcan`TziMRa6;-ss; zbBntwWqq>e>{RzFXST0gJL^;DT=&2iuKQHp>t%ncTl=YLslOeXy>aN)?`c*z8ggd?vt~@Z29VUGEr>V*}GpG~l$1 zy1&o*SP!pP$_oJ6c)eExg#h!=Ru2bzevZit0j9xzgML33aVs#5K2|#K?^g*&a_Q{RX*S%g@Ml^uOe9)APn$d34Wz z-c)t==;QzAZRz+edoQ$~*Ae?__c(pnI_kgI_^}K9zY*^hSmj#stz7?Hw~f924@^-0 z&2M3R;W~Bf^{Zfw$M!cS4QOkzo>c#P{B_r^)YOTVD%K&36b9Z?4DedyHgo#dPWj+_ z>cHe+gaKjT2nLR|_B`*19Phqi3-)@)(~7R@REK*P?gN?V!n{v(n^*@)sL!Q1hz*Dn zJtkDtLu`glY%$RbN$fDu2TANS(GN-NGBE&295kWSVC@7rOgJHl=_VpYsSaWWbi!pK zACf3EQ3gr4P1HjYjV4+liHM0VNTS=sI!Gd6Vgn@6V`38|vDw5HNTS!o4oITU#7;<} z-^4CRV!*^fNJ6PK;D98YCZd~0ZBMbOot>?6Eh$Q zmx+8xqR>PcB;htu4@oqdXoVyqCb}RA|fFxWd@*#;r6J?Nu+eAGi(P&~uQjemj z#z?^dqY&4h;>2!%7&p*vfezNr1X13cw}<`|N10u>#r1k@xR{4CkOu%K9(JjG0ECdtYhJ>8ngOFXj2xoX4=u^` zu|6Z-#~B-#BK_z%sT%9X^FZ>fXB0=KXZZY`8NqPN*c8!)0b$_Zg@NAt@V?pocsK6> zyuXF})7JR??{fTdoWg)GAPfit!hkR!3$Rewf># zKMJfj?Q3o62M`|wlCK`rp0(Luw8if*;~PzRK78%v&w_p_Fb$Y$rd?%9yWe>6oa6Kx zFYk%i?nT>kz-Qrud$jlIU(XnwJMz~d&Gqp??Hrh2#*fGOgMWVe<4Jtem@hrXU#gFUF7up@Sd7@% zSBc&I=D(+fzQFjS7va5VxE2Dei=hzUe)v&*t7I2GYEW;MO$UX4TIEz69N>pZYhTw_h0GZ3aC&2t8`kABG;Y>A!$}y4hZ4_&xKV zJCgs;%x}|QV1Aqa8uYkLpNziLY12=IZt=nL&w(C2XQcegpvP=_CiJ*XFMvMH*1iSM z&$Q`_p`T^bKMeg7k9miWKLFi*`D%W;Mh|wrR-^6q_EERzr*7q&Nd7GM@Tl|A2i<-? z{s`TE{LezSAJ1Os_VyOqD?&fj?*~EJ%@P*|gaKhd7!U@80bxKG5C((+VL%uV2801& zKo}4PgaKhd7!U@80bxKG5C+~Y2C`h4t~C6gm8oWC&&|!6>&i;c&dZsr`ut5DEpyeA zid+5Om1@oW;#^l|rW%WT;vKP*kD2SFw5vnmxav`(&0am@nsCTJOAUs@D+8exwK*JR zn!lwZ=!vQ;V=L8YI2a6f`lH7#+GtQkZN+gn#>lba1aee`RgX6w==7`1)g0~!`R1xE z{*XWFiTl-%f0c^E;Xk_}K^PDQgaKhd7!U@80bxKG5C((+VL%x8mtbK0oqX0@729|G zyP0#c#09W6~~`UHrd9Kb1xb1HynX zAPfit!hkR!3_a6I3xJ}Y&SGV{Kz z+w|{F;X_qD_|6nR$mBB*k>7CUcX;$~@tC$7;6R_DH+F9`O?vj`NQbU=w)u7GGlUX} z8IgF*tJ~XRQC&tnhP};eNN-oZZudk2x?`qGSCyDQV&scQ^^B1gE1yTVd)vaDj6^(f zT}OS{{5DpEADc$-2AhK&u~sF^EYBB@>2{Ad5@4jQtxMONyNrh60jaJ-W-$^o+?7_N zcqQJZCo2I@9zSobM4Al$Kz4qf63F47T>ifUc{7~j$jpeoG z9M)1HH)I{w`1tq^`0)c)PJn&xz@LXS_Q@H*G~hJgY@l&AzC8u0K%Pz=I0N8!)dq)# z!ucrlO-PnK06BeeZhvm1pVuSZ4XA(%$Om+P^G_l4GMjCK{ ztTXfV9B2Lw$LV*pdXFb<2I|QHpY-JzGhXOjJE%=T0>>#zj!oM!?mY`!it!GrasiFD zz;Q}fQ8vem+imlQ&F$|RJ&3mG{R!XRi=2J*?*Mk+o21lpV1AcFH~Mn|h!hOz^9P&5 zV{m=K_>Q0p1AQTM&LjC1yY=JS{J$o*u=TGW(zcjf+pi^FADeC00$hi~V|~Vf)8G2& zqWYUb?N?v1moV&pT#+qk8^1;BqU=u@(;F0J7UocEO~(GP`3&<~H2YrCMqHr82taWuIZ zzMD?K-(J?1x0ugf#__}pQBO`c&i$Rq4xU?UU2M<08Ea*Zr@Wro6L?LRtxa~+1C1X~ zcCZ(m4|c3|5maRm-$-2IpW*oKJmu)u^Hd!70k~TI=G~HIW`7-fC9!{RdJb!4j!o$QRzKf}HK%pFmc(^C zv<2v;zb)*5-evT~~81K(r0R`5M# z_Up03`wryWYUZ`}09GA0J#BK0^jUv3!2W&jo{{sz{_Vi|vfHfu@08qZ_80px2Lqvw zuCx~X43%G3&Quhvlekx*vNyNghtONvKLZ7|Y-$FoPS(3~G8rUw`@F zOCJWteP1>7f!mF;jFjX1Yvp|vd98Wq_;QMuFdz)PT?Y95bz;;<+23xVl3y4Q2801& zKo}4PgaKhd7!U@80bxKG5C((+VL%uV2801&Ko}4PgaKhd7!U@80bxKG5C((+VL%uV z2801&Ko}4PgaKhd7!U@80bxKG5C((+VL%uV2801&Ko}4PgaKhd7!U@80bxKG5C((+ zVL%uV2801&Ko}4PgaKhd7!U@80bxKG5C((+VL%uV2801&Ko}4PgaKhd7!U@80bxKG z5C((+VL%uV2801&Ko}4PgaKhd7!U@80bxKG5C((+VL%uV2801&Ko}4PgaKhd7!U@8 z0bxKG5C((+VL%uV2801&Ko}4PgaKhd7!U@80bxKG5C((+VL%uV2801&Ko}4PgaKhd z7!U@80bxKG5C((+VL%uV2801&Ko}4PgaKhd7!U@80bxKG5C((+VL%uV2801&Ko}4P zgaKhd7!U@80bxKG5C((+VL%uV2801&Ko}4PgaKhd7!U@80bxKG5C((+VL%uV2801& zKo}4PgaKhd7!U@80bxKG5C%pu@bVY;X~CAQ+jebAaa@Fy)4rYJAifIQfe#I8ry{Pb z+q$g`dgXa9X~9o!-A3D_QKcA4@6gbY1uOZ}u9q|`eksbZ;=S{CYg?K}bjv{j5AJ(}gkGz3in?<#R6KJV9TEC83p}@T!pN4TqWoEgex$JP;14vA8GhZ}W%Z zbJZ2K6`tTK&+3@Fqe;Cu9_{d7e6o@C-}-N6+Ka<;=Qu=U(RSBecb$_0Sr`~OM`L`m z&M^%^&l#`5Cfu6_*ivXZ{|8i`i_2 z#fAI23Ava(#cZyfi&^j|7tA*hIg*Ryc7uzt>GmU^t>oENi3WsAZLhYY zFx8=t6I@`MVFxA(!qVTeOqwtlMNXJ(Ys_1&{P;8a;7UH$?|(_>Lm!0A>=qYCoK0Pz8=gca~k$* zn@yc|6?RIFtAsTs(|-&6l?^ElyFb(WVSlsCDCbps!fcrs;%f17)jR0JSLvT2zWcw7CYfe^9W@c6%mJPu`vp*ha^D80!?}(qG7Og5R zD)QtuEvhVWHFssKSkMyaXl;oFYrXE)wrp>9tf{ghlw0AQvnnrp=F)lI_S|_bbK<_4 zYGhGqUdPgSRcB{WtmV3JX;yWOw|z-vyE~FsUgw*=G*VYupeT8HD;9W*_wq0ZSeE8CivM>>i!mnp2RgWwSp^i6F0K=l&qsrdxKqWW9EMqB!>vry+5^tzGuD z?nL>HW>=3)eCMB~9Od|V%vKZgalWkh-&-Ez9#%H%v+iLzKQ`g{%6|A}qh-TudZ+`} z8~3o7?;-SsvG?&MLZ8+KP-f__VDI)mt^0=d#c9ipEx7jJ6hrGUawX;$0Mz4hy7~2KKsC3~Dc#nhfSyQqs zh69hKIIMmBf4x-;$Xeg(aAYJ=Pyci8{?RELW4%W%VA?Hze0^3++#he|I+I-dnl5?tu2=Nk9U znco3h9m?ZeX6fXId3bM}b>$E2*S3In*3J6Xf98PpaB7NPF6S?f&lyvVH5|*g2hL%m zPFBX6mGNM>C2fp3UBOyCoo5ekP?!Z+?^;;pS<3-S7x~_0fX^g39`KpuLy-EwV;=5_ z>`_j{*S?>z#xILu_G>;1HXXXu-<&=zdby#k7L3c(5?30i?%+CH0mt>B*=;Guk^vs^0o3GORBcIOkaI{%Jxv_ z^F|13ShaN1RZ+U@@E#X5wvEPL&Pj3fVVvUgL)v&gds0&!kHbctd!;&*&Es5W*6||R zz`mEi=oNjOWH}tm55UGed`Fdi^x)TwHk}OpS@6quTv-nDatyr&`u^Q}bv+kcud}@a zo78>Z8!U%l{;`JEPZYxCppy7Mg`AQ&oJMkn||{?eLSa4Z$H|`{0-1c z;D76<_vt$47`C3cemq8dc`S1y?A$N4zHjs#vjz6Ca}4_+ z^Xx=g?$*5{9HaU6{gUHz;P@jc4*i&M5$Tc#kHGzw5mS_k+KPszKs=_Lq^}edj3Mfb z+|2wOm&>Kb{CHK*7rO%89r%ZZv1_OC_M7oL@$SjzjqAA|(z>2^nzlj6FKkX3wcoTF z%zUUPEtDUHe9UYY8)wzYbOzot`o=`{ z=^ms1s8D~LlIkGH#nwBw>UAFY0{S>W?@J-czts-ftoGtR((9B5uwMdhjG?RX$5?vk&o{ek9LWLryvEu&%Qn+6(`h;@E()|Ko|h8uMKP zKiVmIo__dXisR1qecGAGm;c4B+b)NVxE65;g?6hyGM(k^KpU<(>m`kGD-Zep%4bp> zGZQHea;+aH;_Kmi(DWzQD&ikNx%WU)cbPJXMzOrd0otiwcfFyrJlYRHe-i#|7rEg3 zM;h8sox$pNR{PoSE`Yyf*PV{?M>W%I{(8To{u6_bVf`q@3@53Gk?XPLS>x&0F^AVa zkI&-!WsD^(j2u()m?;@9L)uu~>hmRmSUehN>L72kFuq)zp5dE@GGeVpUh>Nr^Q((I zikjuhWO>0Be^g!35%fb2z#ls_pS7mHXQR;u=G%UU(T@*8Qs+L0`!vqCJcm5@oL_vn z=5PNW%tf&2bC_!MO{?8+XHV8@8&CFhzcRc>WP7Z@cIa(^fo)ieJg@lnY1sOV3iK(% z7;taLKK*{Fl}NkQRwXwxi(|e6W5E{q@_H_Wqz~6~U&8xn&*ObG`aBEJKHVHw?EGwc z-sA`K;aa4VAKDb$16Gnp^TWNI71rLGtaRgMBKy;L_gpPM`}(&Dd)9O2KQd{oWLXSs zqfs}mN3j~;l+`muT&bI4rnStLB zgnZ#PRnhnR_k7v7Cb$l&XFUi%o%*8o)!PqgTyL`dcOz~TSGU6Afc9?qCzkBjzJ~Nx z%zd}k?bouh^K#Z9PB0Js>6^IExUTZO`?Uinr8+F#l6)Vs59Kk>MDIf?F{7-_@ZbA(|v?kz0K-=|H-_`o?L2MN5kxL$TZ|8aYY{$4I^^kF*3KaS^| z8-Bm2$*G_oj%oD2v}~VtKJ;XyRbq^>#=5Prak0<2kTyFSpwBjaDXq30k7Rl98_u&1 zWjzA$JTd<#&GIbWD)XSpP2{gbnmT7t^ZL{yZjq>0su>-zXhtyX^#n6wO@UB`FBHQ9 zHVyYjTKpk3tyoQKSI2goG{2e_Qdd-0m8xkTwWhYHwyX%Fjhfb^Qm9AVabcUu)k#%h z)#Hr^I{p0BirO6R2>Ir!sK}3>wfNPLf0Y^zVE|`;VIIz(89msRq6ysX(n2q8X!7*dY{oku}z%SI7 ztY0fuI>#&?sET)1IS(*QDNX+grKQt{$VdKXe`Dm|j&^ZuveuUz$E-4$mx0GK>6v85 zM82Dm-^!!k12nSff34?L-3KNsESq!0^i6n&_uHe(W7=>w%<0^sGEDl$XZ7cJsh`f& z73 zaj(fV&Y>Kex{${Ep*v8v&IQtWKlI*j;vI7M@O~)A=L@m_WxWhsKh=Kekd7qi=^40= zWBz!|lxe=zp;7m<74wd^D?2OOe6EMfPvN?ZipY8TqDu6UT?VEblM(7~|$QVYk+sPs0{`8uK?K z_nR!6Hu@j!7?7-|^B5Gf+_jLp&NLjubkolAdCW6RJ=dIDXlFTApbu_aC_QGnb*<2z z0sEiL{FeXQk?NSt(Dik`%{*4OB^^DAdl||m^ef&E-440K)^6_Kd0do(-!OO{uQVPr z?eyb0Ea@@Um%Wf5Uu`_QZ@e4p`9EZmHjfQ#OPS0%l>KX87lI_fWJ|#tewql(x%g2(hS-u!ZtSHAGrdJjom{0kM zi;@>ovMdJs{K0GeRM`4H&-W(ApFeuQ#p3|yk0AVaBF_7V8=Y}@& z!a5oHVCR@%Jzv@mopu*&*7GIWBGB!7nNEy>FWqQxJ>FWqjT={nql~9Mb3A2P4EE<1Ggvq4v&K{Ua6CO?ft11ZM7pm@i3M6hexH)z!%j6F+tOx5e;|l_ifZ%= z_4meah^_Sj``;;88#kI`{^sY5=V)CRGdrF)o`Geq+o$nfD2u5_x^L4yeQnI+>Bs!r zg@a@|pSSITo_ zq0#I6MqK;jtnafXTHka0wbu8%PagufzNek*d-Z%C>9N=M3DnE=eILdcBL{x##Bm7g z`z?^1BP=`5E!X!4;mbLK>vz^i`!3k5^*wF$vDWw3fm@DYT;F328Swh&s?m;62Ls^{CZ2bvUGNkvLXW<{1V#Jv~fIP|H+PaPDtml&hcaCZc&%d?)BtKk#ay% zZn$emzu&;;Ji0&HW*;BR*6r5v9{JlE=Z_~IAMO4;cGe#`dk@A_>;cAk4{ZSLx)k+r zJmt8~_sTYP?$+`@`%J_dPstU_V!P;ktTwSuxGIr8 zW6WTj>sR&(_7|?B`EH!PF6P*TF|`Z0_^ZhduHy;jIrtZh2}mykIL^}VUc9jB#(RTI z9~G#u=VG4W`8aj)1R+LSsMWMXQoj<-u`UW$M*CB?0c-oY75sd?6>S&4vf+4 zHo;svWg`Tw0@aKH92KX58DS+c7+i@G@ zw}2;rX+OcZ1mpu1Ks^ux?gU;2E_(#$47eI72UY;Bz(YXtcDxq^{5LS^r(3t33(Nv? zf&T<<2fhVt0e%Pk3Ha`gt=oPDJOc~?(|)maTMfnMNOKtC`9%y<;X5fI(o&W7sPKGk{XyR-gy?A@DPR9IO2E?9k9flo&ra#tpr( zdz*eg8Vbiq?rV50PWH4V6)Uyp6jZ&a0RaJHF+R~b(r8Nb3 zk1wWFl$16sT2fh8URGLEQqb%P#{5ccZCOLng3_wG26uT$LH3;NJf*C$@8ErG_te!D@dDR<9RjG_=N)1?~lA)5&T>Mn@+`p zR~h4Taa_4`Gxa0WkE*t;v=Rrzw=0`Gcz2+#v}O?!{LwbWT~j^3yt1^06!FX5N?Cbr zU2XY_(t=F?`mF zJ+WB8i?S9p)S{=9S66}L>WcEx0EdCWkFp8FF;u{GT0&u9&=$w=38GAXS+?hmyDLjJi(I3m?ok_vHY{WoU#WX=6xy0^_Y9QSwm_0n{ExNSJz zgln0#(B2duvHOC-VLL8qy_`(=#GBTP#9Kz<(FpRQ+4S-Gn}*|_=yk*KxM##axTba3 zz9tYEiHAv!QO=0>iea0r%BD40!{&ICEk4R_Q#_pp*||K{Hq@!J`@!_);E25?&^&Cv zF4AI)`$v?vkS!kW9Cm86Wr%ojBFqXRO$M>7IMQN^+scWMK+`|o;u(qC8q{Sgr_1K= zGtL!@ZyAZMY8z>pC(w-J0yDaXWA+hCjA(D{AQfKpOgTTxf-Zm29;QdL}5fDt4u9Px*g`l`y>5$}=dCKQY* zrBzFfL5{la}O zIKLd7zo0PCW^^s3vZ!i7fj`u+V4gm6Sp9Da<}H2Q;a*->hF(%vR8xluM(;V1)mTl0 z^mUWb)oUxUqZ+O~Euk+X27X-erH)F(R zY0BcdhT7$|b)}2gf9;DtpFg%T9*%IG=fQ=<*~}_isV%EqT3L{#FNqt9N|qK?6_=JY zxNAzW&??5_ry7gXu!1Eguf1R()X~KWui9OQRZ(q0S`}A(;UFfeczm^*R;OYKR=lJJ z*&6D~N>P(Hx*8M&SG5N4?GR(Gw=PJ2L&Z|DCloZt!8AFP3>W!ZcaaUkFsm5qCJR<1Br*YltBZRIiCG(clTGvhk z<3%MUH8@EH9P8$Kn(&)Y{8-2sN_A3OO4pPvT@dSB)HbW715<)0%a!kP<>h(unzD0! z+5S1+>^aToz&YNgTu+{Nj@}Kb-KACf0Lft;ukNas#kksOm|wK0K;I#arF>*dWQ_VF zy1qp!DX(=`7A-HBi@s5W@xHPe+m2DY7z`A3<>)NMdi}+f)wSqr7zMn+aLjMCfQ>L# zXLUFUwrRSyL|KxprC9pNzHb(M z2>u3#zbof&-!?(n^xV)8CI1aSg1^Y(Jm{YO}7?&spZE+}0{r@Rzt1fn|l z+aK0Noq@U)*ml-GUa*d98WK-eQWgD&|EA+<%Ko9t5idlY{0$M)&wx~+^S4CQm4=3u z{%FV_Z0L-wj^X)TaKwVgeNlhBBN`epMdJ-4R{d^VS_>X%r^mwSnRu8{wWPiwE1lmf zo@D-)1ZMf)?E}9#m2KottgiwXjN?jDUg@}hGSe9B?Kdp)R~R@k1{T*W`P6f#<|K^p z!pk37vHTHJ(MA21RVeV+-7lPFw~oZO+-D@8Jz^Ra!&NhUomT31>G2J-)JaOxd6TbH zk;ZFx9ey{;e*P^;{=og`kh>tQex9_ZMoGHfk#yeFdiR5JdpzoBaKh;ebAo%-129!~26oP-H5<175OOT(x8B|W499L7F%A~l!Kr1+)Ilu7aPovD-J)16Z$#iuzPlj2v+gZKHm_bhtPp!cQpR_Q&R-qYyq zq<4M^ieC%--(h1MQBF;cZ%sn>$?->%oJo`8JCdA}CdaoYIVVq!_a-@0CdaoVIa4Rc zA4+mgnH=Ao=m`am-@^fSym2Q#?rBoeTlxA+IzB>#7j_I8k1FXcp^kKXl8aBtMkx(G zB|Yx%iYw{(K7(IL_qR4QNAb2qL#q$DEKM)R(}p)(((wR8e-b)e^|2y6ZZ?(2N`4-K zWIwUy0`f-i_oMWsoxD8>=?2&jImXh5{PEwirHy{%c@`4MuNCOaa1nrRq;pJuZ$bjk zg;g&lkq%hrg6CyD{PJP5>R`PL1pv$DdFAh5*`P+o&7hjH7?Sf8%eK#>X0m=9jF$r} zkAC*~6sjJqdY3`7{5GQAjYybEgBdJ84|KMT?Y7VF)EVgK0Ima=op$xF_|_*f@wc~D jpdVrRSaz->>>oU`HNkQbDGUe$!hkR!3 []" 1>&2 + test $# -gt 0 && echo $* 1>&2 + exit 1 +} + +if test $# -lt 3 +then + usage +fi +action="$1" +domain="$2" +zonefile="$3" +view="" +test $# -gt 3 && view="$4" + +case $action in +distkeys) + if test -n "$view" + then + echo "scp K$zone+* $server:$dir/$view/$zone/" + : scp K$zone+* $server:$dir/$view/$zone/ + else + echo "scp K$zone+* $server:$dir/$zone/" + : scp K$zone+* $server:$dir/$zone/ + fi + ;; +distribute) + if test -n "$view" + then + echo "scp $zonefile $server:$dir/$view/$domain/" + : scp $zonefile $server:$dir/$view/$domain/ + else + echo "scp $zonefile $server:$dir/$domain/" + : scp $zonefile $server:$dir/$domain/ + fi + ;; +reload) + echo "rndc $action $domain $view" + : rndc $action $domain $view + ;; +*) + usage "illegal action $action" + ;; +esac + diff --git a/contrib/zkt-1.1.2/examples/flat/dnssec.conf b/contrib/zkt-1.1.2/examples/flat/dnssec.conf new file mode 100644 index 0000000000..5384978415 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/dnssec.conf @@ -0,0 +1,45 @@ +# +# @(#) dnssec.conf T1.0rc1 (c) Feb 2005 - Mar 2010 Holger Zuleger hznet.de +# + +# dnssec-zkt options +Zonedir: "." +Recursive: True +PrintTime: False +PrintAge: True +LeftJustify: False + +# zone specific values +ResignInterval: 2d # (172800 seconds) +Sigvalidity: 6d # (518400 seconds) +Max_TTL: 8h # (28800 seconds) +Propagation: 5m # (300 seconds) +KEY_TTL: 1h # (3600 seconds) +Serialformat: incremental + +# signing key parameters +Key_Algo: RSASHA512 +KSK_lifetime: 60d # (5184000 seconds) +KSK_bits: 1300 +KSK_randfile: "/dev/urandom" +ZSK_lifetime: 2w # (1209600 seconds) +ZSK_bits: 1024 +ZSK_randfile: "/dev/urandom" +SaltBits: 24 + +# dnssec-signer options +LogFile: "zkt.log" +LogLevel: DEBUG +LogDomainDir: "." +SyslogFacility: USER +SyslogLevel: NOTICE +VerboseLog: 2 +Keyfile: "dnskey.db" +Zonefile: "zone.db" +KeySetDir: "../keysets" +DLV_Domain: "" +Sig_Pseudorand: True +Sig_GenerateDS: True +Sig_DnsKeyKSK: False +Sig_Parameter: "-n 1" +Distribute_Cmd: "./dist.sh" diff --git a/contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+007+30323.key b/contrib/zkt-1.1.2/examples/flat/dyn.example.net/Kdyn.example.net.+007+30323.key similarity index 100% rename from contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+007+30323.key rename to contrib/zkt-1.1.2/examples/flat/dyn.example.net/Kdyn.example.net.+007+30323.key diff --git a/contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+007+30323.private b/contrib/zkt-1.1.2/examples/flat/dyn.example.net/Kdyn.example.net.+007+30323.private similarity index 100% rename from contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+007+30323.private rename to contrib/zkt-1.1.2/examples/flat/dyn.example.net/Kdyn.example.net.+007+30323.private diff --git a/contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+007+52935.key b/contrib/zkt-1.1.2/examples/flat/dyn.example.net/Kdyn.example.net.+007+52935.key similarity index 100% rename from contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+007+52935.key rename to contrib/zkt-1.1.2/examples/flat/dyn.example.net/Kdyn.example.net.+007+52935.key diff --git a/contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+007+52935.private b/contrib/zkt-1.1.2/examples/flat/dyn.example.net/Kdyn.example.net.+007+52935.private similarity index 100% rename from contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+007+52935.private rename to contrib/zkt-1.1.2/examples/flat/dyn.example.net/Kdyn.example.net.+007+52935.private diff --git a/contrib/zkt-1.1.2/examples/flat/dyn.example.net/dnskey.db b/contrib/zkt-1.1.2/examples/flat/dyn.example.net/dnskey.db new file mode 100644 index 0000000000..d16eb9b617 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/dyn.example.net/dnskey.db @@ -0,0 +1,23 @@ +; +; !!! Don't edit this file by hand. +; !!! It will be generated by zkt-signer. +; +; Last generation time Mar 02 2010 10:59:46 +; + +; *** List of Key Signing Keys *** +; dyn.example.net. tag=52935 algo=NSEC3RSASHA1 generated Feb 21 2010 19:43:15 +dyn.example.net. 3600 IN DNSKEY 257 3 7 ( + AwEAAeqEDYgA5lns1VsMJiZfTWMEguameVmOoBYx8s1uLzmS/3APsh1e + WCeoBgAjRry1tpM/bPowyuygE4H0LpzNQLm9RbjDmpDN8Gwi3AjEnG4H + CT58TuAVxjiefN+vb1pvyFlAL58YOkuGf9tG/NJMNc+XrULAU1ey2dT9 + Fh+SCVO3 + ) ; key id = 52935 + +; *** List of Zone Signing Keys *** +; dyn.example.net. tag=30323 algo=NSEC3RSASHA1 generated Feb 21 2010 19:43:15 +dyn.example.net. 3600 IN DNSKEY 256 3 7 ( + AwEAAfqG0rb9Ear+Pv7xBg9lc9czF+2YUa8Ris63E/oRRGQEH5U/ZS3A + xz3aOhPFKzAAhjfaG3vTNW3Wl4bl4ITFZrk= + ) ; key id = 30323 + diff --git a/contrib/zkt-1.1.2/examples/flat/dyn.example.net/dnssec.conf b/contrib/zkt-1.1.2/examples/flat/dyn.example.net/dnssec.conf new file mode 100644 index 0000000000..c3be73e563 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/dyn.example.net/dnssec.conf @@ -0,0 +1,3 @@ +Key_Algo: NSEC3RSASHA1 # (Algorithm ID 7) +KSK_lifetime: 60d # (5184000 seconds) +KSK_bits: 1024 diff --git a/contrib/zkt/examples/flat/dyn.example.net/zktlog-dyn.example.net. b/contrib/zkt-1.1.2/examples/flat/dyn.example.net/zktlog-dyn.example.net. similarity index 100% rename from contrib/zkt/examples/flat/dyn.example.net/zktlog-dyn.example.net. rename to contrib/zkt-1.1.2/examples/flat/dyn.example.net/zktlog-dyn.example.net. diff --git a/contrib/zkt-1.1.2/examples/flat/dyn.example.net/zone.db b/contrib/zkt-1.1.2/examples/flat/dyn.example.net/zone.db new file mode 100644 index 0000000000..e002576928 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/dyn.example.net/zone.db @@ -0,0 +1,135 @@ +; File written on Thu Feb 25 23:42:29 2010 +; dnssec_signzone version 9.7.0 +dyn.example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. ( + 18 ; serial + 43200 ; refresh (12 hours) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 7200 RRSIG SOA 7 3 7200 20100303214229 ( + 20100225214229 30323 dyn.example.net. + Ih9WgRBKZVDT3zJR9eFcB0VKU0o2G7h13XHZ + W6j2Jr1H4Db5IC1xiHXq+hI9UMkVQA3fu1Ub + +tjqAJE+y3hUFg== ) + 7200 NS ns1.example.net. + 7200 NS ns2.example.net. + 7200 RRSIG NS 7 3 7200 20100227180048 ( + 20100221180048 30323 dyn.example.net. + uvTn2MCWjTfS/piH3kKEmF1gPoeN8jIdcFFJ + 5t3b8RIwjorD81gWIRmzkGDE59hoL4mMvEnO + 32sAi8qkYhvBOA== ) + 3600 DNSKEY 256 3 7 ( + AwEAAfqG0rb9Ear+Pv7xBg9lc9czF+2YUa8R + is63E/oRRGQEH5U/ZS3Axz3aOhPFKzAAhjfa + G3vTNW3Wl4bl4ITFZrk= + ) ; key id = 30323 + 3600 DNSKEY 257 3 7 ( + AwEAAeqEDYgA5lns1VsMJiZfTWMEguameVmO + oBYx8s1uLzmS/3APsh1eWCeoBgAjRry1tpM/ + bPowyuygE4H0LpzNQLm9RbjDmpDN8Gwi3AjE + nG4HCT58TuAVxjiefN+vb1pvyFlAL58YOkuG + f9tG/NJMNc+XrULAU1ey2dT9Fh+SCVO3 + ) ; key id = 52935 + 3600 RRSIG DNSKEY 7 3 3600 20100227180048 ( + 20100221180048 30323 dyn.example.net. + je5kBhDdp9b9fjH/lJ1o9WDBL2YxZ+6UNuF9 + zNbeeDlfBHe7XlTGw9MHyvZh46wx2OUmLoGM + DFhPfIwUwtttUA== ) + 3600 RRSIG DNSKEY 7 3 3600 20100227180048 ( + 20100221180048 52935 dyn.example.net. + MuyIUCa3XlttWuSnaQegQnRgTrTsx0Mj4EGI + fwtZs2H3L079Y/brqMvtlIGxtlr9meLg43oo + jX1w48ilerzf1PwYhUVpFefZTgmClK0h2ej4 + Ho9Qh4/6snesVj06kWsQDkhuVs58zHmhRtEy + P4YlqP/R1CAk166RhwSmGuSx1O8= ) + 0 NSEC3PARAM 1 0 10 76931F + 0 RRSIG NSEC3PARAM 7 3 0 20100227180048 ( + 20100221180048 30323 dyn.example.net. + LGD8bq/sX9yvDUpmyaRczfTshrR6T9HmQ5/a + MwMSY+5LDAD/YdwtpVF7uNwdMa6ydJFQW37u + Rma0TxEqKPGPyQ== ) +localhost.dyn.example.net. 7200 IN A 127.0.0.1 + 7200 RRSIG A 7 4 7200 20100227180048 ( + 20100221180048 30323 dyn.example.net. + SHLL1lIJZaEGKphkFm3NShS6H33mBnwwACkH + eF3JE5vWwTuT7hffdJlwcahYQfcr3egPv64d + iyCNYNjdvlJpsg== ) +ns1.dyn.example.net. 7200 IN A 1.0.0.5 + 7200 RRSIG A 7 4 7200 20100227180048 ( + 20100221180048 30323 dyn.example.net. + 6PF5dGgOJdolEyxrHqyA66BFLrUORQLZvVBw + 9fX9uGWWKiu6yRR3i4LwIkQ+VelTpCbTsLh4 + gm+rcSMFNeOtxA== ) + 7200 AAAA 2001:db8::53 + 7200 RRSIG AAAA 7 4 7200 20100227180048 ( + 20100221180048 30323 dyn.example.net. + dk1DfG0y9qjCi3VD4e9B1NGKWEig7q8hFdaR + 3hElCIzGlflvgHRiE7iTJxDMB+kTA0by4BMZ + yssUuXP2FMlB2g== ) +ns2.dyn.example.net. 7200 IN A 1.2.0.6 + 7200 RRSIG A 7 4 7200 20100227180048 ( + 20100221180048 30323 dyn.example.net. + Ei5VGwE7CNBQ7ZOHpyKZXtuC8I7lusZ4d+gx + MwpLROH+6OSu26x2ScPdwg1qpZ5Mui01ss6O + IcJL36PRqAM26A== ) +x.dyn.example.net. 7200 IN A 1.2.3.4 + 7200 RRSIG A 7 4 7200 20100227180048 ( + 20100221180048 30323 dyn.example.net. + ieiExNeDjeucDjtMVj0F9kwIsL0ngZfAmEU/ + /UlYe8/8pg2NzFulOviI09ekgOOnMfcnb4n4 + /pRIkFddCEOt0g== ) +y.dyn.example.net. 7200 IN A 1.2.3.5 + 7200 RRSIG A 7 4 7200 20100227180048 ( + 20100221180048 30323 dyn.example.net. + NfDUCrArDXCTPrTpiesQYCoZ039YE/KwlN25 + EZ9vOVt6dE2R9KkAWezkdY9zDmJMGTN1XYI/ + vgd56J8B5Y/uQQ== ) +z.dyn.example.net. 7200 IN A 1.2.3.6 + 7200 RRSIG A 7 4 7200 20100227180048 ( + 20100221180048 30323 dyn.example.net. + VH3BsA8JLlqmL0xkXgXlPXT0xfRcdFy7vPYh + 27exw16LDbQF15KjkHvUJ+Bkei/SmRa20Dll + Yy536Dj+ar5ABQ== ) +A54T6DKFVU4QCAFFNJ0KEU0FH0I4OJSN.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F AJHVGTICN6K0VDA53GCHFMT219SRRQLM A RRSIG + 7200 RRSIG NSEC3 7 4 7200 20100227180048 ( + 20100221180048 30323 dyn.example.net. + 9BhZcQdLwRPU/Dz38uMis/nCcddyhKEm0Zb+ + Mhh3V3OsGI202cebTaxbwVEbQQOeowpUmf8l + AmK/cNX7+IS2rw== ) +AJHVGTICN6K0VDA53GCHFMT219SRRQLM.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F FQ7RBG86KRMACA1NAAKP2KQRQALBA0C7 A RRSIG + 7200 RRSIG NSEC3 7 4 7200 20100227180048 ( + 20100221180048 30323 dyn.example.net. + lVyEaxejO5qFlyyBp8gYyQnG+DkIm8vofj+B + SuTxalc2l+TYen1RnSTeeXfMqc9YpGu4SCaG + Fyznu1K88oUhMg== ) +FQ7RBG86KRMACA1NAAKP2KQRQALBA0C7.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F I7A7A184GGMI35K1E3IR650LKO7NOB5R A AAAA RRSIG + 7200 RRSIG NSEC3 7 4 7200 20100227180048 ( + 20100221180048 30323 dyn.example.net. + 577WZnTQemStx+ciON9rEGXAGnU7C0KLjrFL + VyhocnBnNtxJS8eRMSWvb9XuYCMNhYKOurtt + Ar4qh4VW1+unmA== ) +I7A7A184GGMI35K1E3IR650LKO7NOB5R.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F IMQ912BREQP1POLAH3RMONG3UED541AS A RRSIG + 7200 RRSIG NSEC3 7 4 7200 20100227180048 ( + 20100221180048 30323 dyn.example.net. + +PKntiPlw2om9e0KJX/L2VxSCbxL95eIV2f+ + 5YBMq3npDguHaUiBwan8Vsm+aNsdr1NDDLY/ + HdJzEfVmSNGs7Q== ) +IMQ912BREQP1POLAH3RMONG3UED541AS.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F S3USV4M1HLVJ8F88EDSG8N9PVQRQ20N7 A RRSIG + 7200 RRSIG NSEC3 7 4 7200 20100227180048 ( + 20100221180048 30323 dyn.example.net. + smsg35snQ9PpeG2r8ZGxBl44pwSReh/1rIil + u/n8aa5nKbBpkqtbcc7q1OpUgb1Q7+Tl/wes + kB6bohsRdrwEJA== ) +S3USV4M1HLVJ8F88EDSG8N9PVQRQ20N7.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F T320G5LC07QE1BLR074KORIJTG9DPTI9 A RRSIG + 7200 RRSIG NSEC3 7 4 7200 20100227180048 ( + 20100221180048 30323 dyn.example.net. + XalRIESpdeVK1aNbwu9ym2Spk981Y127rKua + xsoals0Zn2tTjF9wpOYVGVOto3FcWBbyKD1g + 69BTRlv634UIOw== ) +T320G5LC07QE1BLR074KORIJTG9DPTI9.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F A54T6DKFVU4QCAFFNJ0KEU0FH0I4OJSN NS SOA RRSIG DNSKEY NSEC3PARAM + 7200 RRSIG NSEC3 7 4 7200 20100227180048 ( + 20100221180048 30323 dyn.example.net. + D3xq+CkK/a8YSbh9o8WwWnenjDQ3weVdtZ0x + i6bOv3iRITOfCRjYgbeIYtjMFb1rZwgCPD40 + JQgGu5mx1TjnGA== ) diff --git a/contrib/zkt-1.1.2/examples/flat/dyn.example.net/zone.db.dsigned b/contrib/zkt-1.1.2/examples/flat/dyn.example.net/zone.db.dsigned new file mode 100644 index 0000000000..24511a5e08 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/dyn.example.net/zone.db.dsigned @@ -0,0 +1,135 @@ +; File written on Tue Mar 2 10:59:46 2010 +; dnssec_signzone version 9.7.0 +dyn.example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. ( + 19 ; serial + 43200 ; refresh (12 hours) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 7200 RRSIG SOA 7 3 7200 20100308085946 ( + 20100302085946 30323 dyn.example.net. + eNZruaQkUB/jteZtRkZ957BX65zjXIGaKlkf + Bq0XW8OgyHYCvJiB7waJYyiWKeQskp0Z90JF + 34WMUztuTvWUTA== ) + 7200 NS ns1.example.net. + 7200 NS ns2.example.net. + 7200 RRSIG NS 7 3 7200 20100308085946 ( + 20100302085946 30323 dyn.example.net. + obQoowLwuBixnopoSvUsXvwveB7Pqmeblt2S + 5SXo7ztPNcM1hTdWfIEwRDpQ2DhOfGYi0Ov0 + xEmMlPheVZkW6g== ) + 3600 DNSKEY 256 3 7 ( + AwEAAfqG0rb9Ear+Pv7xBg9lc9czF+2YUa8R + is63E/oRRGQEH5U/ZS3Axz3aOhPFKzAAhjfa + G3vTNW3Wl4bl4ITFZrk= + ) ; key id = 30323 + 3600 DNSKEY 257 3 7 ( + AwEAAeqEDYgA5lns1VsMJiZfTWMEguameVmO + oBYx8s1uLzmS/3APsh1eWCeoBgAjRry1tpM/ + bPowyuygE4H0LpzNQLm9RbjDmpDN8Gwi3AjE + nG4HCT58TuAVxjiefN+vb1pvyFlAL58YOkuG + f9tG/NJMNc+XrULAU1ey2dT9Fh+SCVO3 + ) ; key id = 52935 + 3600 RRSIG DNSKEY 7 3 3600 20100308085946 ( + 20100302085946 30323 dyn.example.net. + 4xQy+G1g8IHVp3NTxHtUIaz/G+h6+ce4SRum + bftLFS9rXV13wSa761J1YoDYx8lj98IDBuED + 94980qJWjgNfdw== ) + 3600 RRSIG DNSKEY 7 3 3600 20100308085946 ( + 20100302085946 52935 dyn.example.net. + VmL0mzUoBzSX+5gB/9MsHUFWBbHrVoyMUjnw + mR7FyrZMfNgz4rf6J2bZ8a8zYGvSXEBrangQ + kkPlxuvNxzn2s+Ji+crfUNa2ZFzRKA8BBczU + 0WLETC5QKonjiAzofCcP15OPN4H18y9WMfE/ + wU0oPhcd8d31Ckf2jPaSdTS8NMk= ) + 0 NSEC3PARAM 1 0 10 76931F + 0 RRSIG NSEC3PARAM 7 3 0 20100308085946 ( + 20100302085946 30323 dyn.example.net. + GSTGjHni3oZ1Nod57kXFkxcOiKXTzjfJ0PDy + hjDfzYS1QKtKA6LzkaBzyl5HK+Yy3DOcep7G + dj7VJG8bsa9S/A== ) +localhost.dyn.example.net. 7200 IN A 127.0.0.1 + 7200 RRSIG A 7 4 7200 20100308085946 ( + 20100302085946 30323 dyn.example.net. + N5t+OxMeH2rozoIM1ZtXUpnpSep3Qd1J/KUE + LjkisP6KvmwVhkbdcv44KbgS5aR16RJOlFdW + +ilc8QpZ4bvqlQ== ) +ns1.dyn.example.net. 7200 IN A 1.0.0.5 + 7200 RRSIG A 7 4 7200 20100308085946 ( + 20100302085946 30323 dyn.example.net. + 2DoRBkfIQEBmEeo2Z02SA329ebgp2lFQ2Ykl + Qe5S+J6ZMjVdZyjW8XqBCiqEg6fNbQyUFn3X + pSVvabUPjJpHWA== ) + 7200 AAAA 2001:db8::53 + 7200 RRSIG AAAA 7 4 7200 20100308085946 ( + 20100302085946 30323 dyn.example.net. + XD+JHAergnT3NDQqEUGv52GNdcF1U1SitccE + y5iL4Dk0qVu+uEA4TVupnMhwOK+wl8759Yw/ + SF6h6CzzKx0Eiw== ) +ns2.dyn.example.net. 7200 IN A 1.2.0.6 + 7200 RRSIG A 7 4 7200 20100308085946 ( + 20100302085946 30323 dyn.example.net. + S+CpXVolhedS2bFTNdoNAPd+T2Bi/5iKVcKJ + 9S27k/tpifBNVjAQPktM9iya60upXxuOkHqt + /uuF4iTlh9Yukw== ) +x.dyn.example.net. 7200 IN A 1.2.3.4 + 7200 RRSIG A 7 4 7200 20100308085946 ( + 20100302085946 30323 dyn.example.net. + Fb+8g0K+/6ZkXctNOprGKyJC1Y5pFizibI3o + k2E6aDN8hUJ5FK/1fkRl5IQ7HDpAUZviWaQp + j9tfr9r9xW0bMw== ) +y.dyn.example.net. 7200 IN A 1.2.3.5 + 7200 RRSIG A 7 4 7200 20100308085946 ( + 20100302085946 30323 dyn.example.net. + S1l/dM/Ez91B4Py7mI/GESjgqccGIwi9clyc + Vj3S40uF4dGaAgxoCDS0pMvyS0k7ir0g1qbK + /csopbL0wHSaVg== ) +z.dyn.example.net. 7200 IN A 1.2.3.6 + 7200 RRSIG A 7 4 7200 20100308085946 ( + 20100302085946 30323 dyn.example.net. + SgorWJQS6SiDvv6KRmWQEcUaaCkMCHZDcSMx + JiOT84ygkUBCzwTykQskoNtbUSIfAASU3lE7 + e31RZotcxlkirQ== ) +A54T6DKFVU4QCAFFNJ0KEU0FH0I4OJSN.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F AJHVGTICN6K0VDA53GCHFMT219SRRQLM A RRSIG + 7200 RRSIG NSEC3 7 4 7200 20100308085946 ( + 20100302085946 30323 dyn.example.net. + hp879kZpD/Qe+d4FoanRewI4CXMuTOMcao5G + S7quT3mr+Mgi1nrSSz+/IBhlzCipziFjY42a + TNt8FoYo9Z8irw== ) +AJHVGTICN6K0VDA53GCHFMT219SRRQLM.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F FQ7RBG86KRMACA1NAAKP2KQRQALBA0C7 A RRSIG + 7200 RRSIG NSEC3 7 4 7200 20100308085946 ( + 20100302085946 30323 dyn.example.net. + 1MC5bqNXkVG4gaFKJQJBG7v4ZKOht6EJEkUZ + nAwTF2Nw5mWFFMBbOwVMtbJFA+ewHrebB6cK + FitvPi3yLDW8aA== ) +FQ7RBG86KRMACA1NAAKP2KQRQALBA0C7.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F I7A7A184GGMI35K1E3IR650LKO7NOB5R A AAAA RRSIG + 7200 RRSIG NSEC3 7 4 7200 20100308085946 ( + 20100302085946 30323 dyn.example.net. + 7Y+yhH11EojLDu43C8dCuD6D0F4RZYUt9J0+ + KUfRVUMhftYsMl6G2qgkfsgJE+FG1Nj/nI+b + pO7VSJGfV5Za4A== ) +I7A7A184GGMI35K1E3IR650LKO7NOB5R.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F IMQ912BREQP1POLAH3RMONG3UED541AS A RRSIG + 7200 RRSIG NSEC3 7 4 7200 20100308085946 ( + 20100302085946 30323 dyn.example.net. + K0ggT6yH7z1YshOb08se84cRWvWWeQFdMTDG + XhA/2UEamfE1NHetPuYzJZQdrVPeX3tgjCjS + Jmb3YuSE1XD3zQ== ) +IMQ912BREQP1POLAH3RMONG3UED541AS.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F S3USV4M1HLVJ8F88EDSG8N9PVQRQ20N7 A RRSIG + 7200 RRSIG NSEC3 7 4 7200 20100308085946 ( + 20100302085946 30323 dyn.example.net. + mQoG3VBXfi7u2+zlmJttsGaStP3WvDPDQ99T + l2ha4zmpZPd1JUKHMXYTLTlUuWAq7BcS9MUn + hfhXcmSEr96K1Q== ) +S3USV4M1HLVJ8F88EDSG8N9PVQRQ20N7.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F T320G5LC07QE1BLR074KORIJTG9DPTI9 A RRSIG + 7200 RRSIG NSEC3 7 4 7200 20100308085946 ( + 20100302085946 30323 dyn.example.net. + 0/TWe9HMZiA+yW0oLHkYKeIXrrXU/1ec8XDy + cbZM1IGPjHlMEjKKorZgx983FuiyKFLa97+3 + bB3abnKo7e2yRQ== ) +T320G5LC07QE1BLR074KORIJTG9DPTI9.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F A54T6DKFVU4QCAFFNJ0KEU0FH0I4OJSN NS SOA RRSIG DNSKEY NSEC3PARAM + 7200 RRSIG NSEC3 7 4 7200 20100308085946 ( + 20100302085946 30323 dyn.example.net. + BXRjHUGEmoz1cMAXSCmfFVe6+qCYVyivjeAT + 7hPcfB8iS2ck8Sq/CjOAKBu0BeSBim+9Oduu + kKNL3thgyMPcug== ) diff --git a/contrib/zkt-1.1.2/examples/flat/dyn.example.net/zone.org b/contrib/zkt-1.1.2/examples/flat/dyn.example.net/zone.org new file mode 100644 index 0000000000..c536fc8744 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/dyn.example.net/zone.org @@ -0,0 +1,30 @@ +;----------------------------------------------------------------- +; +; @(#) dyn.example.net/zone.org +; +;----------------------------------------------------------------- + +$TTL 7200 + +@ IN SOA ns1.example.net. hostmaster.example.net. ( + 1 ; Serial + 43200 ; Refresh + 1800 ; Retry + 2W ; Expire + 7200 ) ; Minimum + + IN NS ns1.example.net. + IN NS ns2.example.net. + +ns1 IN A 1.0.0.5 + IN AAAA 2001:db8::53 +ns2 IN A 1.2.0.6 + +localhost IN A 127.0.0.1 + +x IN A 1.2.3.4 +y IN A 1.2.3.5 +z IN A 1.2.3.6 + +$INCLUDE dnskey.db + diff --git a/contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+02957.key b/contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+02957.key new file mode 100644 index 0000000000..0c30120724 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+02957.key @@ -0,0 +1,3 @@ +;% generationtime=20110125190230 +;% lifetime=63d +example.net. IN DNSKEY 256 3 8 BQEAAAAB7desjYpHAzsGmTzPFFuG4KGIG7ne8tII7DIMRIFaxuSYbQz0 kwC61utqnqzcgCXJQiKJxpKBt/Ikaf2K4JW0gQ== diff --git a/contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+02957.published b/contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+02957.published new file mode 100644 index 0000000000..8ffbe72315 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+02957.published @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 8 (RSASHA256) +Modulus: 7desjYpHAzsGmTzPFFuG4KGIG7ne8tII7DIMRIFaxuSYbQz0kwC61utqnqzcgCXJQiKJxpKBt/Ikaf2K4JW0gQ== +PublicExponent: AQAAAAE= +PrivateExponent: IVO4lg5Ev/f/GpSRfYuXmUMH3qrv5Cr+ZAMqT+xGNJdyvlMAVV0ZDZehj/ar8brkm+sdrJ3LepVTEz0vLXPCgQ== +Prime1: /Ru1X3jzyO19+aLhf/Hsu0WOdjn0MAWzKx0KwWPkxcs= +Prime2: 8I9Q89DvF0qZqkF9kVzZ4B1LYdHz3uhKaxD40vu4xWM= +Exponent1: fSAVRShndbuiQZtsVHyekvPH4Xjl1dJ3hF03O4InOAc= +Exponent2: JJDvU+0J0KXaBArxDjoblXTKWVC3kGnLR+2AEpxei7k= +Coefficient: RviZPpnVpS30oBPH1freoUgcXJ4bKnivP41BUxcVh4U= diff --git a/contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+21605.key b/contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+21605.key new file mode 100644 index 0000000000..2dc28991da --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+21605.key @@ -0,0 +1,3 @@ +;% generationtime=20110125091121 +;% lifetime=84d +example.net. IN DNSKEY 256 3 8 BQEAAAABvX6JNSNXHzrqpKi2REOwcsAuGjWI1VCJlz1NzV/pIt9PqGnJ DqtlV3vxuy7fAu85Z5Syaikiyx/z2uT4VMCvxw== diff --git a/contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+21605.private b/contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+21605.private new file mode 100644 index 0000000000..6cb1da9021 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+21605.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 8 (RSASHA256) +Modulus: vX6JNSNXHzrqpKi2REOwcsAuGjWI1VCJlz1NzV/pIt9PqGnJDqtlV3vxuy7fAu85Z5Syaikiyx/z2uT4VMCvxw== +PublicExponent: AQAAAAE= +PrivateExponent: a77DD9J85SYlVi2lIKdzfHFkqtTFvQjTiLih+sx3lnhefQ5N20ABJVpTMwMOoA5tiDanSmKkk7O+GJXvI6E+KQ== +Prime1: 7S87u5BoQFYbGZzGaBPAqznZt7X1g2J/qop4W9rziy0= +Prime2: zIbOBuf2onI1ThmHXGPQEdQoFoJx3GqTkYjzUQQOL0M= +Exponent1: YfyQEtL2twRiwb8RIlKR3OE/rhnfqZYr9dwgRa0qjAU= +Exponent2: x73r1pDdvUShLs8hvmY0soX6a2Dcbokdf1D82/iCDU8= +Coefficient: 1r/5mih7lqQx4ZIEcr8TmQWMscwDGk3eERsFuSYGt0c= diff --git a/contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+52101.key b/contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+52101.key new file mode 100644 index 0000000000..8dca89403c --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+52101.key @@ -0,0 +1,3 @@ +;% generationtime=20100924112635 +;% lifetime=365d +example.net. IN DNSKEY 257 3 8 BQEAAAABC6qZRCQRp2qnmxvWal1kergOJ1xQ5wGD+HZFLEvsvD8sU0i1 BGJoeDK5N/07S7s0aYVdIViQ1/CmpqBgahnlOKAoMO3eYnTuFRE7HqJK 1CSN2+nvN1m+miz+vfSPSOLeP2u8GAwIJmq/gb78AWStvW6HAXrDfaiq vqb4MDZCvplachhyHfngVLFYI22tyivUmzN/pRBePYGQ1nVsK1cPYDPp 4Q== diff --git a/contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+52101.private b/contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+52101.private new file mode 100644 index 0000000000..d95a4f6c29 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+52101.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 8 (RSASHA256) +Modulus: C6qZRCQRp2qnmxvWal1kergOJ1xQ5wGD+HZFLEvsvD8sU0i1BGJoeDK5N/07S7s0aYVdIViQ1/CmpqBgahnlOKAoMO3eYnTuFRE7HqJK1CSN2+nvN1m+miz+vfSPSOLeP2u8GAwIJmq/gb78AWStvW6HAXrDfaiqvqb4MDZCvplachhyHfngVLFYI22tyivUmzN/pRBePYGQ1nVsK1cPYDPp4Q== +PublicExponent: AQAAAAE= +PrivateExponent: A3MjVh+KkQuwpnsGnr/xPRs8PfwUIDu7NYQVKpQAttLnZPOEXsjPniy3QuBpIMnnBCbxYaOV0ctiYQOx6vU8qprrSD8OfXXI8OhBNgExvw/Bsfki3MQINAHX0wY9juuIoMLKdqcMpsUC6ILE4FSkcc+jVFbTrDqjQgDDykkpABrlG1SUz51hLOZMAz2vu8QE8m57LaPUPpRhNPf4J2dDfkX/KQ== +Prime1: A3lFNBrVdcJBUq0ekPjtEZ0xCOTgSgUHAB+KJkdpiB0tV0jYf1Yaj7Kr98pKIM8jaZOhQnEKhAD947h4XG6IuxgraCNWonOyt5Yo9WjXFHzK0w== +Prime2: A1vFf9Tp7MxblYWLsFUsMZxXVRxPpeoGtwmNm24k5bUPpH6/B7Yd8DcE6O3cYyHcShq8sZcuOuPhNkGwgg7IMRABXcLyCXqoEKvy0nhnbKCf+w== +Exponent1: AQKRURkK7K15jiVVpw4nhd7Qtck1GkZon10UCQ5p2iE+weL+qhzi5L9u5mXLVaeGffwGkMkU6wvj5KSAuEiJr08+AxWfLy3Tf1fbiaiimPGDNQ== +Exponent2: AfnXuwDet4BuUGa8EHswqADRk0XeWtxztKQ48YOh5Q5/3rauIIMm+6ERfu0gWfnkYaRNamKSXMDVC5PUQHT33u0gGnopMipao6xICXGxbrGhCQ== +Coefficient: AYM1htjFUUAPKrVoajGJF+wLlQHBR3vrylKNpT5IFqr6Qczw54kfhx9n/18vIvtGIpj07xSEIfgBf+itZIRxPOwphkwaJXmHZKpYHpEvdqiyjA== diff --git a/contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+56360.depreciated b/contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+56360.depreciated new file mode 100644 index 0000000000..b9d28076dd --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+56360.depreciated @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 8 (RSASHA256) +Modulus: 2IOedrEUxH0Mxn3f24ZP9b5r+SHcFyFZ2vXNIqmuILVO40MrW+R4H0UsQURAfKTFZeka2EsC7CEIyuEgkloDBQ== +PublicExponent: AQAAAAE= +PrivateExponent: FzC3Jdpl35o/UUyvZ/7sc8BRpfDuIgMnHA1a9WwxZz20Tqki3snE/Nz4ePNNv/5LGrzFlOnPtEd1GT2biUKzVQ== +Prime1: /4YvvO0nbMJxZ4dHbYKl2pGe0hSgEUYnTNnuVbSEKrM= +Prime2: 2OrV7XGOYCMXr/WIrD0NCBnqU1tsizPQNMIjwXuuV2c= +Exponent1: 63ub+oH78z6TercHscYOS7HpYttDzC1YV3oupGyRNDs= +Exponent2: A4HpxW8K6ivUb2RbKDBaze8ivr5u41hJPsbn4FQzB3E= +Coefficient: Lz1Gg/PtC9HOrhFORXlzzkzb+5PeFIGq43mtGx7oAUo= diff --git a/contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+56360.key b/contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+56360.key new file mode 100644 index 0000000000..db374735ca --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/example.net/Kexample.net.+008+56360.key @@ -0,0 +1,3 @@ +;% generationtime=20100924112635 +;% lifetime=84d +example.net. IN DNSKEY 256 3 8 BQEAAAAB2IOedrEUxH0Mxn3f24ZP9b5r+SHcFyFZ2vXNIqmuILVO40Mr W+R4H0UsQURAfKTFZeka2EsC7CEIyuEgkloDBQ== diff --git a/contrib/zkt-1.1.2/examples/flat/example.net/dnskey.db b/contrib/zkt-1.1.2/examples/flat/example.net/dnskey.db new file mode 100644 index 0000000000..07ef6ee945 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/example.net/dnskey.db @@ -0,0 +1,36 @@ +; +; !!! Don't edit this file by hand. +; !!! It will be generated by zkt-signer. +; +; Last generation time Jan 25 2011 20:02:30 +; + +; *** List of Key Signing Keys *** +; example.net. tag=52101 algo=RSASHA256 generated Sep 24 2010 13:26:35 +example.net. 14400 IN DNSKEY 257 3 8 ( + BQEAAAABC6qZRCQRp2qnmxvWal1kergOJ1xQ5wGD+HZFLEvsvD8sU0i1 + BGJoeDK5N/07S7s0aYVdIViQ1/CmpqBgahnlOKAoMO3eYnTuFRE7HqJK + 1CSN2+nvN1m+miz+vfSPSOLeP2u8GAwIJmq/gb78AWStvW6HAXrDfaiq + vqb4MDZCvplachhyHfngVLFYI22tyivUmzN/pRBePYGQ1nVsK1cPYDPp + 4Q== + ) ; key id = 52101 + +; *** List of Zone Signing Keys *** +; example.net. tag=21605 algo=RSASHA256 generated Jan 25 2011 19:39:25 +example.net. 14400 IN DNSKEY 256 3 8 ( + BQEAAAABvX6JNSNXHzrqpKi2REOwcsAuGjWI1VCJlz1NzV/pIt9PqGnJ + DqtlV3vxuy7fAu85Z5Syaikiyx/z2uT4VMCvxw== + ) ; key id = 21605 + +; example.net. tag=56360 algo=RSASHA256 generated Jan 25 2011 19:39:25 +example.net. 14400 IN DNSKEY 256 3 8 ( + BQEAAAAB2IOedrEUxH0Mxn3f24ZP9b5r+SHcFyFZ2vXNIqmuILVO40Mr + W+R4H0UsQURAfKTFZeka2EsC7CEIyuEgkloDBQ== + ) ; key id = 56360 + +; example.net. tag=2957 algo=RSASHA256 generated Jan 25 2011 20:02:30 +example.net. 14400 IN DNSKEY 256 3 8 ( + BQEAAAAB7desjYpHAzsGmTzPFFuG4KGIG7ne8tII7DIMRIFaxuSYbQz0 + kwC61utqnqzcgCXJQiKJxpKBt/Ikaf2K4JW0gQ== + ) ; key id = 2957 + diff --git a/contrib/zkt/examples/flat/example.net/dnssec.conf b/contrib/zkt-1.1.2/examples/flat/example.net/dnssec.conf similarity index 73% rename from contrib/zkt/examples/flat/example.net/dnssec.conf rename to contrib/zkt-1.1.2/examples/flat/example.net/dnssec.conf index ea85a8b7b1..aaef586834 100644 --- a/contrib/zkt/examples/flat/example.net/dnssec.conf +++ b/contrib/zkt-1.1.2/examples/flat/example.net/dnssec.conf @@ -1,2 +1,3 @@ Key_Algo: RSASHA256 # (Algorithm ID 8) NSEC3: OPTOUT +ZSKpermanent: true diff --git a/contrib/zkt/examples/flat/example.net/z.db b/contrib/zkt-1.1.2/examples/flat/example.net/z.db similarity index 100% rename from contrib/zkt/examples/flat/example.net/z.db rename to contrib/zkt-1.1.2/examples/flat/example.net/z.db diff --git a/contrib/zkt/examples/flat/example.net/zktlog-example.net. b/contrib/zkt-1.1.2/examples/flat/example.net/zktlog-example.net. similarity index 52% rename from contrib/zkt/examples/flat/example.net/zktlog-example.net. rename to contrib/zkt-1.1.2/examples/flat/example.net/zktlog-example.net. index 3363cabe43..a205675b97 100644 --- a/contrib/zkt/examples/flat/example.net/zktlog-example.net. +++ b/contrib/zkt-1.1.2/examples/flat/example.net/zktlog-example.net. @@ -272,3 +272,241 @@ 2010-03-11 23:53:27.856: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 67AA7F -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1" 2010-03-11 23:53:27.920: debug: Cmd dnssec-signzone return: "zone.db.signed" 2010-03-11 23:53:27.920: debug: Signing completed after 0s. +2010-07-05 08:15:24.179: debug: Check RFC5011 status +2010-07-05 08:15:24.179: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-07-05 08:15:24.179: debug: Check KSK status +2010-07-05 08:15:24.179: warning: "example.net.": lifetime of key signing key 8406 exceeded since 4w5d12h49m44s +2010-07-05 08:15:24.179: debug: Check ZSK status +2010-07-05 08:15:24.179: debug: Lifetime(1209600 +/-150 sec) of active key 36257 exceeded (8081384 sec) +2010-07-05 08:15:24.179: debug: ->waiting for published key +2010-07-05 08:15:24.179: notice: "example.net.": lifetime of zone signing key 36257 exceeded since 11w2d12h49m44s: ZSK rollover deferred: waiting for published key +2010-07-05 08:15:24.179: debug: New key for publishing needed +2010-07-05 08:15:24.278: debug: ->creating new key 48476 +2010-07-05 08:15:24.278: info: "example.net.": new key 48476 generated for publishing +2010-07-05 08:15:24.278: debug: Re-signing necessary: Modfied zone key set +2010-07-05 08:15:24.278: notice: "example.net.": re-signing triggered: Modfied zone key set +2010-07-05 08:15:24.278: debug: Writing key file "./example.net/dnskey.db" +2010-07-05 08:15:24.278: debug: Incrementing serial number in file "./example.net/zone.db" +2010-07-05 08:15:24.278: debug: Signing zone "example.net." +2010-07-05 08:15:24.278: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 5816F0 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1" +2010-07-05 08:15:24.315: debug: Cmd dnssec-signzone return: "zone.db.signed" +2010-07-05 08:15:24.315: debug: Signing completed after 0s. +2010-07-05 08:15:28.174: debug: Check RFC5011 status +2010-07-05 08:15:28.174: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-07-05 08:15:28.174: debug: Check KSK status +2010-07-05 08:15:28.174: warning: "example.net.": lifetime of key signing key 8406 exceeded since 4w5d12h49m48s +2010-07-05 08:15:28.174: debug: Check ZSK status +2010-07-05 08:15:28.174: debug: Lifetime(1209600 +/-150 sec) of active key 36257 exceeded (8081388 sec) +2010-07-05 08:15:28.174: debug: ->waiting for published key +2010-07-05 08:15:28.174: notice: "example.net.": lifetime of zone signing key 36257 exceeded since 11w2d12h49m48s: ZSK rollover deferred: waiting for published key +2010-07-05 08:15:28.174: debug: Re-signing not necessary! +2010-07-05 08:15:28.174: debug: Check if there is a parent file to copy +2010-07-05 08:15:58.502: debug: Check RFC5011 status +2010-07-05 08:15:58.502: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-07-05 08:15:58.503: debug: Check KSK status +2010-07-05 08:15:58.503: warning: "example.net.": lifetime of key signing key 8406 exceeded since 4w5d12h50m18s +2010-07-05 08:15:58.503: debug: Check ZSK status +2010-07-05 08:15:58.503: debug: Lifetime(1209600 +/-150 sec) of active key 36257 exceeded (8081418 sec) +2010-07-05 08:15:58.503: debug: ->waiting for published key +2010-07-05 08:15:58.503: notice: "example.net.": lifetime of zone signing key 36257 exceeded since 11w2d12h50m18s: ZSK rollover deferred: waiting for published key +2010-07-05 08:15:58.503: debug: Re-signing not necessary! +2010-07-05 08:15:58.503: debug: Check if there is a parent file to copy +2010-07-05 08:16:04.937: debug: Check RFC5011 status +2010-07-05 08:16:04.937: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-07-05 08:16:04.937: debug: Check KSK status +2010-07-05 08:16:04.937: warning: "example.net.": lifetime of key signing key 8406 exceeded since 4w5d12h50m24s +2010-07-05 08:16:04.937: debug: Check ZSK status +2010-07-05 08:16:04.937: debug: Lifetime(1209600 +/-150 sec) of active key 36257 exceeded (8081424 sec) +2010-07-05 08:16:04.937: debug: ->waiting for published key +2010-07-05 08:16:04.937: notice: "example.net.": lifetime of zone signing key 36257 exceeded since 11w2d12h50m24s: ZSK rollover deferred: waiting for published key +2010-07-05 08:16:04.937: debug: Re-signing necessary: Option -f +2010-07-05 08:16:04.937: notice: "example.net.": re-signing triggered: Option -f +2010-07-05 08:16:04.937: debug: Writing key file "./example.net/dnskey.db" +2010-07-05 08:16:04.937: debug: Incrementing serial number in file "./example.net/zone.db" +2010-07-05 08:16:04.937: debug: Signing zone "example.net." +2010-07-05 08:16:04.937: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 C58544 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1" +2010-07-05 08:16:04.993: debug: Cmd dnssec-signzone return: "zone.db.signed" +2010-07-05 08:16:04.993: debug: Signing completed after 0s. +2010-07-05 08:16:33.604: debug: Check RFC5011 status +2010-07-05 08:16:33.604: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-07-05 08:16:33.604: debug: Check KSK status +2010-07-05 08:16:33.604: warning: "example.net.": lifetime of key signing key 8406 exceeded since 4w5d12h50m53s +2010-07-05 08:16:33.604: debug: Check ZSK status +2010-07-05 08:16:33.604: debug: Lifetime(1209600 +/-150 sec) of active key 36257 exceeded (8081453 sec) +2010-07-05 08:16:33.604: debug: ->waiting for published key +2010-07-05 08:16:33.604: notice: "example.net.": lifetime of zone signing key 36257 exceeded since 11w2d12h50m53s: ZSK rollover deferred: waiting for published key +2010-07-05 08:16:33.604: debug: Re-signing necessary: Option -f +2010-07-05 08:16:33.604: notice: "example.net.": re-signing triggered: Option -f +2010-07-05 08:16:33.604: debug: Writing key file "./example.net/dnskey.db" +2010-07-05 08:16:33.605: debug: Incrementing serial number in file "./example.net/zone.db" +2010-07-05 08:16:33.605: debug: Signing zone "example.net." +2010-07-05 08:16:33.605: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 FCB8E2 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1" +2010-07-05 08:16:33.648: debug: Cmd dnssec-signzone return: "zone.db.signed" +2010-07-05 08:16:33.648: debug: Signing completed after 0s. +2010-07-30 01:30:55.411: debug: Check RFC5011 status +2010-07-30 01:30:55.411: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-07-30 01:30:55.411: debug: Check KSK status +2010-07-30 01:30:55.411: debug: Check ZSK status +2010-07-30 01:30:55.411: debug: Lifetime(1209600 +/-150 sec) of active key 36257 exceeded (2130473 sec) +2010-07-30 01:30:55.411: debug: ->depreciate it +2010-07-30 01:30:55.411: debug: ->activate published key 48476 +2010-07-30 01:30:55.411: notice: "example.net.": lifetime of zone signing key 36257 exceeded: ZSK rollover done +2010-07-30 01:30:55.411: debug: New key for publishing needed +2010-07-30 01:30:55.493: debug: ->creating new key 1775 +2010-07-30 01:30:55.493: info: "example.net.": new key 1775 generated for publishing +2010-07-30 01:30:55.493: debug: Re-signing necessary: Modfied zone key set +2010-07-30 01:30:55.493: notice: "example.net.": re-signing triggered: Modfied zone key set +2010-07-30 01:30:55.493: debug: Writing key file "./example.net/dnskey.db" +2010-07-30 01:30:55.493: debug: Incrementing serial number in file "./example.net/zone.db" +2010-07-30 01:30:55.493: debug: Signing zone "example.net." +2010-07-30 01:30:55.494: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 3723BA -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1" +2010-07-30 01:30:55.563: debug: Cmd dnssec-signzone return: "zone.db.signed" +2010-07-30 01:30:55.563: debug: Signing completed after 0s. +2010-08-26 22:52:09.539: debug: Check RFC5011 status +2010-08-26 22:52:09.539: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-08-26 22:52:09.539: debug: Check KSK status +2010-08-26 22:52:09.539: debug: Check ZSK status +2010-08-26 22:52:09.539: debug: Lifetime(29100 sec) of depreciated key 36257 exceeded (2409674 sec) +2010-08-26 22:52:09.539: info: "example.net.": old ZSK 36257 removed +2010-08-26 22:52:09.572: debug: ->remove it +2010-08-26 22:52:09.572: debug: Lifetime(1209600 +/-150 sec) of active key 48476 exceeded (2409674 sec) +2010-08-26 22:52:09.572: debug: ->depreciate it +2010-08-26 22:52:09.572: debug: ->activate published key 1775 +2010-08-26 22:52:09.572: notice: "example.net.": lifetime of zone signing key 48476 exceeded: ZSK rollover done +2010-08-26 22:52:09.572: debug: New key for publishing needed +2010-08-26 22:52:09.640: debug: ->creating new key 26477 +2010-08-26 22:52:09.640: info: "example.net.": new key 26477 generated for publishing +2010-08-26 22:52:09.640: debug: Re-signing necessary: Modfied zone key set +2010-08-26 22:52:09.640: notice: "example.net.": re-signing triggered: Modfied zone key set +2010-08-26 22:52:09.640: debug: Writing key file "./example.net/dnskey.db" +2010-08-26 22:52:09.641: debug: Incrementing serial number in file "./example.net/zone.db" +2010-08-26 22:52:09.641: debug: Signing zone "example.net." +2010-08-26 22:52:09.641: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 2F41F9 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1" +2010-08-26 22:52:09.704: debug: Cmd dnssec-signzone return: "zone.db.signed" +2010-08-26 22:52:09.704: debug: Signing completed after 0s. +2010-08-26 22:56:02.938: debug: Check RFC5011 status +2010-08-26 22:56:02.938: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-08-26 22:56:02.938: debug: Check KSK status +2010-08-26 22:56:02.938: debug: Check ZSK status +2010-08-26 22:56:02.938: debug: Re-signing not necessary! +2010-08-26 22:56:02.938: debug: Check if there is a parent file to copy +2010-08-26 23:06:00.593: debug: Check RFC5011 status +2010-08-26 23:06:00.593: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-08-26 23:06:00.593: debug: Check KSK status +2010-08-26 23:06:00.593: debug: Check ZSK status +2010-08-26 23:06:00.593: debug: New key for publishing needed +2010-08-26 23:06:00.631: debug: ->creating new key 18026 +2010-08-26 23:06:00.631: info: "example.net.": new key 18026 generated for publishing +2010-08-26 23:06:00.631: debug: Re-signing necessary: Modfied zone key set +2010-08-26 23:06:00.631: notice: "example.net.": re-signing triggered: Modfied zone key set +2010-08-26 23:06:00.631: debug: Writing key file "./example.net/dnskey.db" +2010-08-26 23:06:00.631: debug: Incrementing serial number in file "./example.net/zone.db" +2010-08-26 23:06:00.631: debug: Signing zone "example.net." +2010-08-26 23:06:00.631: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 5EA89E -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1" +2010-08-26 23:06:00.672: debug: Cmd dnssec-signzone return: "zone.db.signed" +2010-08-26 23:06:00.672: debug: Signing completed after 0s. +2010-08-26 23:11:33.808: debug: Check RFC5011 status +2010-08-26 23:11:33.808: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-08-26 23:11:33.809: debug: Check KSK status +2010-08-26 23:11:33.809: debug: Check ZSK status +2010-08-26 23:11:33.809: debug: Re-signing not necessary! +2010-08-26 23:11:33.809: debug: Check if there is a parent file to copy +2010-08-26 23:12:51.012: debug: Check RFC5011 status +2010-08-26 23:12:51.012: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-08-26 23:12:51.012: debug: Check KSK status +2010-08-26 23:12:51.012: debug: Check ZSK status +2010-08-26 23:12:51.012: debug: Re-signing not necessary! +2010-08-26 23:12:51.012: debug: Check if there is a parent file to copy +2010-08-26 23:23:47.886: debug: Check RFC5011 status +2010-08-26 23:23:47.886: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-08-26 23:23:47.886: debug: Check KSK status +2010-08-26 23:23:47.886: debug: Check ZSK status +2010-08-26 23:23:47.886: debug: Re-signing not necessary! +2010-08-26 23:23:47.886: debug: Check if there is a parent file to copy +2010-08-26 23:50:15.724: debug: Check RFC5011 status +2010-08-26 23:50:15.724: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-08-26 23:50:15.724: debug: Check KSK status +2010-08-26 23:50:15.724: debug: Check ZSK status +2010-08-26 23:50:15.725: debug: Re-signing not necessary! +2010-08-26 23:50:15.725: debug: Check if there is a parent file to copy +2010-08-26 23:50:55.124: debug: Check RFC5011 status +2010-08-26 23:50:55.124: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-08-26 23:50:55.124: debug: Check KSK status +2010-08-26 23:50:55.124: debug: Check ZSK status +2010-08-26 23:50:55.124: debug: Re-signing not necessary! +2010-08-26 23:50:55.124: debug: Check if there is a parent file to copy +2010-08-26 23:51:46.719: debug: Check RFC5011 status +2010-08-26 23:51:46.719: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-08-26 23:51:46.719: debug: Check KSK status +2010-08-26 23:51:46.719: debug: Check ZSK status +2010-08-26 23:51:46.719: debug: Re-signing not necessary! +2010-08-26 23:51:46.719: debug: Check if there is a parent file to copy +2010-08-26 23:54:22.824: debug: Check RFC5011 status +2010-08-26 23:54:22.824: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-08-26 23:54:22.824: debug: Check KSK status +2010-08-26 23:54:22.824: debug: Check ZSK status +2010-08-26 23:54:22.824: debug: Re-signing not necessary! +2010-08-26 23:54:22.825: debug: Check if there is a parent file to copy +2010-08-26 23:55:00.018: debug: Check RFC5011 status +2010-08-26 23:55:00.018: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-08-26 23:55:00.018: debug: Check KSK status +2010-08-26 23:55:00.018: debug: Check ZSK status +2010-08-26 23:55:00.018: debug: New key for pre-publishing needed +2010-08-26 23:55:00.110: debug: ->creating new key 18293 +2010-08-26 23:55:00.110: info: "example.net.": new key 18293 generated for pre-publishing +2010-08-26 23:55:00.110: debug: Re-signing necessary: Modfied zone key set +2010-08-26 23:55:00.110: notice: "example.net.": re-signing triggered: Modfied zone key set +2010-08-26 23:55:00.110: debug: Writing key file "./example.net/dnskey.db" +2010-08-26 23:55:00.110: debug: Incrementing serial number in file "./example.net/zone.db" +2010-08-26 23:55:00.110: debug: Signing zone "example.net." +2010-08-26 23:55:00.111: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 EBE919 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1" +2010-08-26 23:55:00.168: debug: Cmd dnssec-signzone return: "zone.db.signed" +2010-08-26 23:55:00.169: debug: Signing completed after 0s. +2010-08-26 23:56:17.466: debug: Check RFC5011 status +2010-08-26 23:56:17.466: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-08-26 23:56:17.466: debug: Check KSK status +2010-08-26 23:56:17.466: debug: Check ZSK status +2010-08-26 23:56:17.466: debug: Re-signing necessary: Modfied zone key set +2010-08-26 23:56:17.466: notice: "example.net.": re-signing triggered: Modfied zone key set +2010-08-26 23:56:17.466: debug: Writing key file "./example.net/dnskey.db" +2010-08-26 23:56:17.467: debug: Incrementing serial number in file "./example.net/zone.db" +2010-08-26 23:56:17.467: debug: Signing zone "example.net." +2010-08-26 23:56:17.467: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 A876E5 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1" +2010-08-26 23:56:17.531: debug: Cmd dnssec-signzone return: "zone.db.signed" +2010-08-26 23:56:17.531: debug: Signing completed after 0s. +2010-08-26 23:57:00.178: debug: Check RFC5011 status +2010-08-26 23:57:00.178: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-08-26 23:57:00.178: debug: Check KSK status +2010-08-26 23:57:00.178: debug: Check ZSK status +2010-08-26 23:57:00.178: debug: Re-signing not necessary! +2010-08-26 23:57:00.178: debug: Check if there is a parent file to copy +2010-10-21 14:01:35.546: debug: Check RFC5011 status +2010-10-21 14:01:35.546: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-10-21 14:01:35.546: debug: Check KSK status +2010-10-21 14:01:35.546: debug: Check ZSK status +2010-10-21 14:01:35.546: debug: Re-signing necessary: re-signing interval (2d) reached +2010-10-21 14:01:35.546: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached +2010-10-21 14:01:35.546: debug: Writing key file "./example.net/dnskey.db" +2010-10-21 14:01:35.607: debug: Incrementing serial number in file "./example.net/zone.db" +2010-10-21 14:01:35.607: debug: Signing zone "example.net." +2010-10-21 14:01:35.607: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 9FC981 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1" +2010-10-21 14:01:35.761: debug: Cmd dnssec-signzone return: "zone.db.signed" +2010-10-21 14:01:35.761: debug: Signing completed after 0s. +2010-10-21 14:02:09.209: debug: Check RFC5011 status +2010-10-21 14:02:09.209: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-10-21 14:02:09.209: debug: Check KSK status +2010-10-21 14:02:09.209: debug: Check ZSK status +2010-10-21 14:02:09.209: debug: Re-signing not necessary! +2010-10-21 14:02:09.209: debug: Check if there is a parent file to copy +2010-10-21 14:05:36.170: debug: Check RFC5011 status +2010-10-21 14:05:36.170: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-10-21 14:05:36.170: debug: Check KSK status +2010-10-21 14:05:36.170: debug: Check ZSK status +2010-10-21 14:05:36.170: debug: Re-signing not necessary! +2010-10-21 14:05:36.170: debug: Check if there is a parent file to copy +2010-10-21 14:30:43.892: debug: Check RFC5011 status +2010-10-21 14:30:43.892: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-10-21 14:30:43.892: debug: Check KSK status +2010-10-21 14:30:43.892: debug: Check ZSK status +2010-10-21 14:30:43.892: debug: Re-signing not necessary! +2010-10-21 14:30:43.892: debug: Check if there is a parent file to copy diff --git a/contrib/zkt-1.1.2/examples/flat/example.net/zone.db b/contrib/zkt-1.1.2/examples/flat/example.net/zone.db new file mode 100644 index 0000000000..1dda246202 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/example.net/zone.db @@ -0,0 +1,43 @@ +;----------------------------------------------------------------- +; +; @(#) example.net/zone.db +; +;----------------------------------------------------------------- + +$TTL 7200 + +; Ensure that the serial number below is left +; justified in a field of at least 10 chars!! +; 0123456789; +; It's also possible to use the date format e.g. 2005040101 +@ IN SOA ns1.example.net. hostmaster.example.net. ( + 386 ; Serial + 43200 ; Refresh + 1800 ; Retry + 2W ; Expire + 7200 ) ; Minimum + + IN NS ns1.example.net. + IN NS ns2.example.net. + +ns1 IN A 1.0.0.5 + IN AAAA 2001:db8::53 +ns2 IN A 1.2.0.6 + +localhost IN A 127.0.0.1 + +a IN A 1.2.3.1 +b IN MX 10 a +;c IN A 1.2.3.2 +d IN A 1.2.3.3 + IN AAAA 2001:0db8::3 + +; Delegation to secure zone; The DS resource record will +; be added by dnssec-signzone automatically if the +; keyset-sub.example.net file is present (run dnssec-signzone +; with option -g or use the dnssec-signer tool) ;-) +sub IN NS ns1.example.net. + +; this file will contain all the zone keys +$INCLUDE dnskey.db + diff --git a/contrib/zkt-1.1.2/examples/flat/example.net/zone.db.signed b/contrib/zkt-1.1.2/examples/flat/example.net/zone.db.signed new file mode 100644 index 0000000000..8f45df3387 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/example.net/zone.db.signed @@ -0,0 +1,169 @@ +; File written on Thu Oct 21 14:01:35 2010 +; dnssec_signzone version 9.7.2-P2 +example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. ( + 384 ; serial + 43200 ; refresh (12 hours) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 7200 RRSIG SOA 8 2 7200 20101027110135 ( + 20101021110135 56360 example.net. + f+HC41CGvNmlXSvPzzMbtVreNYKWyBhvbeb+ + NUSvbBfuSlVt6VbyPUBYSe5Vg1QJO3YKu0ZR + Pw5Y9TNCaWqZCA== ) + 7200 NS ns1.example.net. + 7200 NS ns2.example.net. + 7200 RRSIG NS 8 2 7200 20101027110135 ( + 20101021110135 56360 example.net. + aQpW5SQJ8Yx7++QWtRWMDoV+3OPjgTRC0PQC + zns3MTbpk2wIlhE7hqty+b+1EktEoMzmx73u + 5Fu0OPKO+2PS5w== ) + 3600 DNSKEY 256 3 8 ( + BQEAAAAB2IOedrEUxH0Mxn3f24ZP9b5r+SHc + FyFZ2vXNIqmuILVO40MrW+R4H0UsQURAfKTF + Zeka2EsC7CEIyuEgkloDBQ== + ) ; key id = 56360 + 3600 DNSKEY 257 3 8 ( + BQEAAAABC6qZRCQRp2qnmxvWal1kergOJ1xQ + 5wGD+HZFLEvsvD8sU0i1BGJoeDK5N/07S7s0 + aYVdIViQ1/CmpqBgahnlOKAoMO3eYnTuFRE7 + HqJK1CSN2+nvN1m+miz+vfSPSOLeP2u8GAwI + Jmq/gb78AWStvW6HAXrDfaiqvqb4MDZCvpla + chhyHfngVLFYI22tyivUmzN/pRBePYGQ1nVs + K1cPYDPp4Q== + ) ; key id = 52101 + 3600 RRSIG DNSKEY 8 2 3600 20101027110135 ( + 20101021110135 52101 example.net. + BlWP6PoxZFRZoLav7/+yPEgNIss17oxEJZtB + rVSiVb0BfwhL96KJ1uIOhK9r1+Tj8w3Ed7Oi + pocSTkZueV3OxFkBgSQAgc1JeUQTOVKYe80L + UFjl7UzV0eITIV1DE/QqWTBBblxjXF3Egy6O + 6/9IrD65LWOGnLFFOSUZQ9IU8jFX/zqq5FWQ + Sta2/tQkzhq5F42qw3dRBNsoUC1bQ38UsYSk + SQ== ) + 3600 RRSIG DNSKEY 8 2 3600 20101027110135 ( + 20101021110135 56360 example.net. + VXJh+xZt8/5Eeo8oQyI89nXGJ0bWeBN25kpw + asam+qpoKsH6g8qJRyL3mEwIFOaud2mlQx9y + cdv42Vf3kfY71w== ) + 0 NSEC3PARAM 1 0 10 9FC981 + 0 RRSIG NSEC3PARAM 8 2 0 20101027110135 ( + 20101021110135 56360 example.net. + Fr4DrVORiEYUVCBmlRzjcEaKQ2VymMiMeJfd + gSWJzTzXbcuBbXDCfBRdph96Nz1xFvdOWvFn + xXxVOXW996AfEw== ) +a.example.net. 7200 IN A 1.2.3.1 + 7200 RRSIG A 8 3 7200 20101027110135 ( + 20101021110135 56360 example.net. + ZAuaFsvYdV1i4EqIgQoSzpkhMFJpJOOPIG9h + RXTT+LAUSFjOrFx2ovSgnySSiUV/LOsIV7bj + 08ZkIzSPYKi4Ow== ) +b.example.net. 7200 IN MX 10 a.example.net. + 7200 RRSIG MX 8 3 7200 20101027110135 ( + 20101021110135 56360 example.net. + SEIMAVtIT/2TGxkS2NFMRQfrUROKO1pbxYcS + FHImCGhWILb1E7qQ0saLi9QTMftCwRmYtJ4w + aDwAukjuLXOAnA== ) +d.example.net. 7200 IN A 1.2.3.3 + 7200 RRSIG A 8 3 7200 20101027110135 ( + 20101021110135 56360 example.net. + 1URwzkjdIhBCBtBWV9aUhJQ3yFwqwgscvcVN + 9dvNqH5g7xLz+maqdeva065z0AkO5Et/9809 + tm/0X2g0wQcoMQ== ) + 7200 AAAA 2001:db8::3 + 7200 RRSIG AAAA 8 3 7200 20101027110135 ( + 20101021110135 56360 example.net. + fIUOcVYR9Ut+iWzE+R3N01bzLJ0gpSI1E0y0 + cqEGpaU8mbgwnm4tAh57GKs8XZBbLEOH2zO8 + 5WTEjWHpKjqx3Q== ) +localhost.example.net. 7200 IN A 127.0.0.1 + 7200 RRSIG A 8 3 7200 20101027110135 ( + 20101021110135 56360 example.net. + iIfD1pCP+uHs1RarezGlZZhoyQ6R+3K3s6ba + xZZ5JCremDhFYPeMinRMjZSPos2QyEM1aHI8 + 2gXlxcb/y4+XRA== ) +ns1.example.net. 7200 IN A 1.0.0.5 + 7200 RRSIG A 8 3 7200 20101027110135 ( + 20101021110135 56360 example.net. + xBwgaFNo7+s4n4KnyZPR+1CESNVvXwUZHroC + dkEcLo8EF7+rbzFdDooJvD8wzlpy2nhwjLOL + ZxIfgZfNgkVXBw== ) + 7200 AAAA 2001:db8::53 + 7200 RRSIG AAAA 8 3 7200 20101027110135 ( + 20101021110135 56360 example.net. + uSuzZH2J+pwcP1PKKgrdJrwyvh1kpWBsprgd + 9h59q9HYKR56LPx/3iuW7oCAO5fBFTp9pvcK + BI6f+4cs1Qpp6g== ) +ns2.example.net. 7200 IN A 1.2.0.6 + 7200 RRSIG A 8 3 7200 20101027110135 ( + 20101021110135 56360 example.net. + N+U/A0VJU9HWwk1j0CJtUN7Nw9g0A3oNeKP1 + 7YJ1p0H6QvgRHDe9w8oX3iCg+IEBS9oLdTer + DXsbWVlZNXjTSw== ) +sub.example.net. 7200 IN NS ns1.example.net. + 7200 DS 855 7 1 ( + 338E1808511D3E533F1C6B1DF27E0AABA8CC + 6FE8 ) + 7200 DS 855 7 2 ( + C07C1F2004ED12D40EEC82E4358BD8D2EDC1 + 99C8E6126DD293A8E402E591C98A ) + 7200 DS 33176 10 1 ( + B7D045F9D7176BD0D00AF389856D18C0E361 + C443 ) + 7200 DS 33176 10 2 ( + 627102FACA12A10C88F6C67915B720CC6888 + 7CF1C10BC3E8EB864160F1965A18 ) + 7200 RRSIG DS 8 3 7200 20101027110135 ( + 20101021110135 56360 example.net. + N8A1y3qpsaJ0lP6d2I1y8YEuda7c2GY1kuCt + 9Mdao6oh7tL6XP2b/ELIBo6fsghfuW1KZfou + WkTbI4/HV5732g== ) +0SFBC13DNQA2CKBS24U09GPJMGD5QCF2.example.net. 7200 IN NSEC3 1 1 10 9FC981 16DIB0QP1341N7TSMI2MGCQ2MDNP6TFO NS SOA RRSIG DNSKEY NSEC3PARAM + 7200 RRSIG NSEC3 8 3 7200 20101027110135 ( + 20101021110135 56360 example.net. + irEoMAQ1uehoU51rEkuM20++pBX8iPrFzQZk + 4VAe0AXbeMBphSh3oBB0I3p7w4UGXLuYR7MW + bDPNteuoui5QmQ== ) +16DIB0QP1341N7TSMI2MGCQ2MDNP6TFO.example.net. 7200 IN NSEC3 1 1 10 9FC981 222FFA4JCL3KC4NLGH9R685ISJKB205Q MX RRSIG + 7200 RRSIG NSEC3 8 3 7200 20101027110135 ( + 20101021110135 56360 example.net. + 1rCPDG0uz8PbKQ98WLlu1R39HhKOrfjory5r + tTi/e3RA2IAksL8ZQaVW+EyRzLGSDM7TtciM + UEgK/utbE0WlqQ== ) +222FFA4JCL3KC4NLGH9R685ISJKB205Q.example.net. 7200 IN NSEC3 1 1 10 9FC981 AMEE10EPLHBGI9Q6ICVFSNVP2U0D0TVB A RRSIG + 7200 RRSIG NSEC3 8 3 7200 20101027110135 ( + 20101021110135 56360 example.net. + 1jS0RwIW59DFCr2d+ghFW8yFdcaGJDCQFgVh + pNiTIijvvyiObt7EqfJJ5PPV8CqJsZEiIoh+ + JRDEuSSrKCU6eA== ) +AMEE10EPLHBGI9Q6ICVFSNVP2U0D0TVB.example.net. 7200 IN NSEC3 1 1 10 9FC981 BOS6983BFUCMFRIQF1QMC1U4AU37TR6O A AAAA RRSIG + 7200 RRSIG NSEC3 8 3 7200 20101027110135 ( + 20101021110135 56360 example.net. + OHYj80ju8hKFNSDNj//yDIXgTKM2NUyRO2cs + K1knzM/3L/GvmEm5nvHNepxj+surAl6mmaiT + k2wl4DOdTml60w== ) +BOS6983BFUCMFRIQF1QMC1U4AU37TR6O.example.net. 7200 IN NSEC3 1 1 10 9FC981 D8S4S8KU5O1TCASTGO9FEHHGUGO696U4 A AAAA RRSIG + 7200 RRSIG NSEC3 8 3 7200 20101027110135 ( + 20101021110135 56360 example.net. + HwT0gQ7fVc5TYTc/SDQw9zMPmlSwlEW3cmVk + mjIQANQPFi597frcuVt26xAoUB71TXgGp+62 + 3y2MyRs66kCrNg== ) +D8S4S8KU5O1TCASTGO9FEHHGUGO696U4.example.net. 7200 IN NSEC3 1 1 10 9FC981 DBLIJ0LAN19DVGU1E46BJ9R9SN5BRETC NS DS RRSIG + 7200 RRSIG NSEC3 8 3 7200 20101027110135 ( + 20101021110135 56360 example.net. + R/YtEmQgd+tHTNQ8itKrFhy880QLYTpAVaER + 0dd9vITUKHG7Fhr67ACkWBOEec+d9kiL76cH + DHrDGZ+wKksLxg== ) +DBLIJ0LAN19DVGU1E46BJ9R9SN5BRETC.example.net. 7200 IN NSEC3 1 1 10 9FC981 H108GFD5147KMF1CLFQLQQBNSD733MPQ A RRSIG + 7200 RRSIG NSEC3 8 3 7200 20101027110135 ( + 20101021110135 56360 example.net. + KTPX36NTHepXsZoUGwBTq6Qt86mSF4Z0hlaP + HbhF9A+BJwLx+Sg0ifX0qobfMwh+BZZQZ8E3 + nSSyA5sIJWL39Q== ) +H108GFD5147KMF1CLFQLQQBNSD733MPQ.example.net. 7200 IN NSEC3 1 1 10 9FC981 0SFBC13DNQA2CKBS24U09GPJMGD5QCF2 A RRSIG + 7200 RRSIG NSEC3 8 3 7200 20101027110135 ( + 20101021110135 56360 example.net. + dmGULq6gwCxRscDm0oCeFD6RnDkXWtaw85DO + UGwgczRooNDBkbD608EJgqDT+ds0IGwZazGq + ufB2hCiFNnNjyg== ) diff --git a/contrib/zkt-1.1.2/examples/flat/keysets/dlvset-sub.example.net. b/contrib/zkt-1.1.2/examples/flat/keysets/dlvset-sub.example.net. new file mode 100644 index 0000000000..5a70921e17 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/keysets/dlvset-sub.example.net. @@ -0,0 +1,4 @@ +sub.example.net.dlv.trusted-keys.de. IN DLV 42834 7 1 9660E85E9542C823D4E9860D778350AA5D8904E9 +sub.example.net.dlv.trusted-keys.de. IN DLV 42834 7 2 1337FB51C697B7CD20C8D6BBC498310588C78B3595FB53F35C871DBF EC86DAAE +sub.example.net.dlv.trusted-keys.de. IN DLV 48516 7 1 CC5E20F75F02BE11BC040960669A3F5058F30DC0 +sub.example.net.dlv.trusted-keys.de. IN DLV 48516 7 2 D124B0B50CF51780707FFBF91DC305617832C09E21F32F28B8A88EFB E1F03ACE diff --git a/contrib/zkt-1.1.2/examples/flat/keysets/dsset-dyn.example.net. b/contrib/zkt-1.1.2/examples/flat/keysets/dsset-dyn.example.net. new file mode 100644 index 0000000000..79b3a0d664 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/keysets/dsset-dyn.example.net. @@ -0,0 +1,2 @@ +dyn.example.net. IN DS 52935 7 1 C8B16DDC8AFC66AFAB2E9BB5DD6D047A393870A9 +dyn.example.net. IN DS 52935 7 2 56D089B139FEB68FB9D09038920E51DF067C4FCFE62D6C67C61395BC 24E7D425 diff --git a/contrib/zkt-1.1.2/examples/flat/keysets/dsset-example.net. b/contrib/zkt-1.1.2/examples/flat/keysets/dsset-example.net. new file mode 100644 index 0000000000..d473f2a844 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/keysets/dsset-example.net. @@ -0,0 +1,2 @@ +example.net. IN DS 52101 8 1 F362C7CD57C0D663B783B763564C00C40A85AA69 +example.net. IN DS 52101 8 2 0F94D302E97BBAFD0495E7C13B2428E8597084604053183DE9C8C4C3 EF2FAED1 diff --git a/contrib/zkt-1.1.2/examples/flat/keysets/dsset-sub.example.net. b/contrib/zkt-1.1.2/examples/flat/keysets/dsset-sub.example.net. new file mode 100644 index 0000000000..0ea7b3b917 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/keysets/dsset-sub.example.net. @@ -0,0 +1,4 @@ +sub.example.net. IN DS 855 7 1 338E1808511D3E533F1C6B1DF27E0AABA8CC6FE8 +sub.example.net. IN DS 855 7 2 C07C1F2004ED12D40EEC82E4358BD8D2EDC199C8E6126DD293A8E402 E591C98A +sub.example.net. IN DS 33176 10 1 B7D045F9D7176BD0D00AF389856D18C0E361C443 +sub.example.net. IN DS 33176 10 2 627102FACA12A10C88F6C67915B720CC68887CF1C10BC3E8EB864160 F1965A18 diff --git a/contrib/zkt-1.1.2/examples/flat/keysets/keyset-dyn.example.net. b/contrib/zkt-1.1.2/examples/flat/keysets/keyset-dyn.example.net. new file mode 100644 index 0000000000..8d1b1d55c2 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/keysets/keyset-dyn.example.net. @@ -0,0 +1,8 @@ +$ORIGIN . +dyn.example.net 7200 IN DNSKEY 257 3 7 ( + AwEAAeqEDYgA5lns1VsMJiZfTWMEguameVmO + oBYx8s1uLzmS/3APsh1eWCeoBgAjRry1tpM/ + bPowyuygE4H0LpzNQLm9RbjDmpDN8Gwi3AjE + nG4HCT58TuAVxjiefN+vb1pvyFlAL58YOkuG + f9tG/NJMNc+XrULAU1ey2dT9Fh+SCVO3 + ) ; key id = 52935 diff --git a/contrib/zkt-1.1.2/examples/flat/keysets/keyset-example.net. b/contrib/zkt-1.1.2/examples/flat/keysets/keyset-example.net. new file mode 100644 index 0000000000..4c5f301de1 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/keysets/keyset-example.net. @@ -0,0 +1,10 @@ +$ORIGIN . +example.net 7200 IN DNSKEY 257 3 8 ( + BQEAAAABC6qZRCQRp2qnmxvWal1kergOJ1xQ + 5wGD+HZFLEvsvD8sU0i1BGJoeDK5N/07S7s0 + aYVdIViQ1/CmpqBgahnlOKAoMO3eYnTuFRE7 + HqJK1CSN2+nvN1m+miz+vfSPSOLeP2u8GAwI + Jmq/gb78AWStvW6HAXrDfaiqvqb4MDZCvpla + chhyHfngVLFYI22tyivUmzN/pRBePYGQ1nVs + K1cPYDPp4Q== + ) ; key id = 52101 diff --git a/contrib/zkt-1.1.2/examples/flat/keysets/keyset-sub.example.net. b/contrib/zkt-1.1.2/examples/flat/keysets/keyset-sub.example.net. new file mode 100644 index 0000000000..29b0bcfc40 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/keysets/keyset-sub.example.net. @@ -0,0 +1,15 @@ +$ORIGIN . +sub.example.net 7200 IN DNSKEY 257 3 7 ( + AwEAAcN4oi+shB1ZNhIXtSBuhAJKDp95Bc4H + 3MyhMxUos7VWVrsAxNK8u900fdubtofcoLR4 + FAoaPpX7LhQ1OPh+9RR4VIYrwilGkf2ZtZh0 + URwOruYqvJAIf6ZTxyakaUaY5m0ABl1learg + +XhjBHcMz3Lvx4Opnw5qsM+vnqJT15vd + ) ; key id = 855 + 7200 IN DNSKEY 257 3 10 ( + BQEAAAABug/pvRR/mv4qDN3gWFRiir/6UNpn + uBuVC4z7xeaNk/KdvcdDibLrSZaGfcq7no3c + PvRsJ/U7S6VvYXFZNaXvqJ66ZGcCtImIoaCZ + IQboz3hFelJb/62KqZWcj1anv7+LmfYpuA1U + JCWpFriWYhzuT3q98lG/c7XqiX79Ytoy6P0= + ) ; key id = 33176 diff --git a/contrib/zkt-1.1.2/examples/flat/named.conf b/contrib/zkt-1.1.2/examples/flat/named.conf new file mode 100644 index 0000000000..f672fc6315 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/named.conf @@ -0,0 +1,111 @@ +/***************************************************************** +** +** #(@) named.conf (c) 6. May 2004 (hoz) +** +*****************************************************************/ + +/***************************************************************** +** logging options +*****************************************************************/ +logging { + channel "named-log" { + file "/var/log/named" versions 3 size 2m; + print-time yes; + print-category yes; + print-severity yes; + severity info; + }; + channel "resolver-log" { + file "/var/log/named"; + print-time yes; + print-category yes; + print-severity yes; + severity debug 1; + }; + channel "dnssec-log" { +# file "/var/log/named-dnssec" ; + file "/var/log/named" ; + print-time yes; + print-category yes; + print-severity yes; + severity debug 3; + }; + category "dnssec" { "dnssec-log"; }; + category "default" { "named-log"; }; + category "resolver" { "resolver-log"; }; + category "client" { "resolver-log"; }; + category "queries" { "resolver-log"; }; +}; + +/***************************************************************** +** name server options +*****************************************************************/ +options { + directory "."; + + dump-file "/var/log/named_dump.db"; + statistics-file "/var/log/named.stats"; + + listen-on-v6 { any; }; + + query-source address * port 53; + transfer-source * port 53; + notify-source * port 53; + + recursion yes; + dnssec-enable yes; + edns-udp-size 4096; + +# dnssec-lookaside "." trust-anchor "trusted-keys.de."; + + querylog yes; + +}; + +/***************************************************************** +** include shared secrets... +*****************************************************************/ +/** for control sessions ... **/ +controls { + inet 127.0.0.1 + allow { localhost; }; + inet ::1 + allow { localhost; }; +}; + +/***************************************************************** +** ... and trusted_keys +*****************************************************************/ +# include "trusted-keys.conf" ; + +/***************************************************************** +** root server hints and required 127 stuff +*****************************************************************/ +zone "." in { + type hint; + file "root.hint"; +}; + +zone "localhost" in { + type master; + file "localhost.zone"; +}; + +zone "0.0.127.in-addr.ARPA" in { + type master; + file "127.0.0.zone"; +}; + +#include "zone.conf"; + +zone "example.NET." in { + type master; + file "example.net/zone.db.signed"; + zone-statistics yes; +}; + +zone "sub.example.NET." in { + type master; + file "sub.example.net/zone.db.signed"; + zone-statistics no; +}; diff --git a/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+005+24183.key b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+005+24183.key new file mode 100644 index 0000000000..c887acefec --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+005+24183.key @@ -0,0 +1,3 @@ +;% generationtime=20110125091121 +;% lifetime=365d +sub.example.net. IN DNSKEY 257 3 5 BQEAAAABCwsLhN2Fe4nAorCoXf8CU2c4QqxPyNDVOoGrOSw/u883bF0w hFeEDwQjnHD5xMwNvMk8gNJnxv2kp6lgUcx7CgC08VQD2ko9e4zLSvoR WqFZ57LXKDpKdNLuVHDA6RObDX1PG0wjeWTa2lXshlhGgnGnrQhnCjYl nnCCxgKdxwvRdLRpnqnpGCHRtj9THHOlkJuAC6bor4qlNlODIcDFBsFf +Q== diff --git a/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+005+24183.private b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+005+24183.private new file mode 100644 index 0000000000..e959a857db --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+005+24183.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: CwsLhN2Fe4nAorCoXf8CU2c4QqxPyNDVOoGrOSw/u883bF0whFeEDwQjnHD5xMwNvMk8gNJnxv2kp6lgUcx7CgC08VQD2ko9e4zLSvoRWqFZ57LXKDpKdNLuVHDA6RObDX1PG0wjeWTa2lXshlhGgnGnrQhnCjYlnnCCxgKdxwvRdLRpnqnpGCHRtj9THHOlkJuAC6bor4qlNlODIcDFBsFf+Q== +PublicExponent: AQAAAAE= +PrivateExponent: BEip8I3ZrAekBP8C78C/uCkGVPhLKRUmRzrtHIw+v1winCPwresHjn3RYzkG1ZRe+976t472XQK7hTqUjCRz6sHdboDr9JB3XX3szZc8oIRN+mE4ubolYA6KsKsXNPFZCR/njFe9q6pgW83o9KFls3zmERI2Au4dgahvMBurAQd0ALgnDeWQ9D6sHduUVsE9y8QNj2ePxwMoqaa7z2YLNjNHgQ== +Prime1: A5oDBCAqjh1f1jvQp1QSlnnwcU8TkS3bZHvWsD2Mb8IDpUvEHgPtLk8B1mxOQ37X9r7Acv8qLaQghBNSKE/eQtI9xboJhzqAEXlGn3FMPHMJSQ== +Prime2: AxDwhsYfyz+524Ox+PF4S1RvKidLrFg+W+xvSxmX5hoFPtUVM6Rg5o1Gszb41YrRhOUOTu0EUg3s68F/H90Y8Z3upU5joDfDYt5irPEaIOjRMQ== +Exponent1: Af2chU+hAR/vDAfC+sRSYF/b6A8OgpV66oTymQ3vd9Epy0HtSPo6Pbp7ocI9NC0gXX8RpshsWuGY0Vp9Q1iNg/k0GcxNlmBhVbEICfUovKikQQ== +Exponent2: AeaYvLF2gEOPhE2A6SVd/wavTtozTK7MHUvGzxhUrzcQpr6Q9J+jt1KuQFy12SXtEx5Ksmb9X8HM8wSYp4LWoWDUT3dr6vm81TXk282DtDMPsQ== +Coefficient: Af+eH8CX1yPFLO/zkmGfl6O0jbTlaMLyCpVat/gcnuP99Njpir9T66c0AUYplmAU39gRp/Fes5v4Zg0k3oqMKDETqIDUAzLAw/jPtG4lleP93Q== diff --git a/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+005+44660.key b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+005+44660.key new file mode 100644 index 0000000000..ced83af67f --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+005+44660.key @@ -0,0 +1,3 @@ +;% generationtime=20110125091121 +;% lifetime=84d +sub.example.net. IN DNSKEY 256 3 5 BQEAAAABn6df/D+TwBypmBlabmitCSWnYLJFa/8Kk3W7Zj+ODS/kJA6s QZIQiLUK0sd/dM+A8+qAVlgwgQDxkAiuwrc7Lw== diff --git a/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+005+44660.private b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+005+44660.private new file mode 100644 index 0000000000..06e5bf5878 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+005+44660.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: n6df/D+TwBypmBlabmitCSWnYLJFa/8Kk3W7Zj+ODS/kJA6sQZIQiLUK0sd/dM+A8+qAVlgwgQDxkAiuwrc7Lw== +PublicExponent: AQAAAAE= +PrivateExponent: PG5iufxb7TEulI2ByOZ0XgY2PTGWg0S7yN4ac+sXC290afYP5ZHDaq95YVQk99951eB9qshc1kSZ/NBD+fNa+Q== +Prime1: zDTjPGm+Np3hO4B5bz3KJgFqi1KwsU7ZQ+lj+M91G9s= +Prime2: yCWuBVdxUKUebhrEcaLc7SRVXXxqtlzBOIF+o/oOSD0= +Exponent1: yEjJnrWAGD79aaNqjzo2vCM3Cnfl7KxZxIXSdRisHXc= +Exponent2: gJhrWsLDkyZq42RRAt7Krhvc0CUF0w50uzn6X8yqjLE= +Coefficient: LgMQFUiUSrbRtwKnzWmOo94ssIVB91TQIVQSVuuqvHQ= diff --git a/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+00855.key b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+00855.key new file mode 100644 index 0000000000..29f7116891 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+00855.key @@ -0,0 +1,3 @@ +;% generationtime=20100924112625 +;% lifetime=7d +sub.example.net. IN DNSKEY 257 3 7 AwEAAcN4oi+shB1ZNhIXtSBuhAJKDp95Bc4H3MyhMxUos7VWVrsAxNK8 u900fdubtofcoLR4FAoaPpX7LhQ1OPh+9RR4VIYrwilGkf2ZtZh0URwO ruYqvJAIf6ZTxyakaUaY5m0ABl1learg+XhjBHcMz3Lvx4Opnw5qsM+v nqJT15vd diff --git a/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+00855.private b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+00855.private new file mode 100644 index 0000000000..e3eec9739a --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+00855.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 7 (NSEC3RSASHA1) +Modulus: w3iiL6yEHVk2Ehe1IG6EAkoOn3kFzgfczKEzFSiztVZWuwDE0ry73TR925u2h9ygtHgUCho+lfsuFDU4+H71FHhUhivCKUaR/Zm1mHRRHA6u5iq8kAh/plPHJqRpRpjmbQAGXWV5quD5eGMEdwzPcu/Hg6mfDmqwz6+eolPXm90= +PublicExponent: AQAB +PrivateExponent: fNWHzqaAYTXeIEPfuuyZhdTB7fqeSGwhCNZSB0tNKZwQG7FsAaHi4GxrjFqvgajXQSoGskT8f1BAp0suLRT3cpKH/FXeYknuwGMETTKk+4zZ7LAcSqU6b/dQptYdBJK1IdwMJjEAf5XT5y3OpPUbcm+o/9KxuepPsxXpQnu8rUk= +Prime1: 8xZNFTO8y0gbq93Qo9Hg0BVxrR9byVBVg++p/7n5Qvr+bftE7FQ0OGbRCYksSf00jPbVBdzfn1IxlQL7Gipomw== +Prime2: zdrP9WaH7jYWbBuTEnsPDDcE1wHBNer2bHtGCvD6FFpCahP8zq//p2OvYEvljxXe2gqbzYASaeMd7c8EZeEo5w== +Exponent1: HjMxFGc/F0o4FdwS5adXdMKVQtrYfmQ6m4+U4S5rp0Sjg2pqH6o+aptrcPHXzMFmW/T2dioApjyB6G9cXt3R7Q== +Exponent2: ftqygGVYqsEF/ETZ0u+mjD5zaxOXvuQ2Sw+EUEXDtjsQ5lG+3peykbJqZosewZgWpoMXFAIyVrIwxVVnPmkMTQ== +Coefficient: GZcwPOtNNbsqM2Qw1oS9m4/rPwYp6iwDcSSnypmn1jliaDMZOEiHqEUZ223khlhJxlW21kQAtZGgL2kX1LETaQ== diff --git a/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+34493.key b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+34493.key new file mode 100644 index 0000000000..6953e1918b --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+34493.key @@ -0,0 +1,3 @@ +;% generationtime=20100924112625 +;% lifetime=3d +sub.example.net. IN DNSKEY 256 3 7 AwEAAa5bMLD0fx/ZGgiuhgslScPhm3c3sbLKn5Kc9w63+VBcq5Bg9td+ pME6uVtNvvAsgjoE2ORcqULqPp6ITd7VpTE= diff --git a/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+34493.private b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+34493.private new file mode 100644 index 0000000000..882df30742 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+34493.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 7 (NSEC3RSASHA1) +Modulus: rlswsPR/H9kaCK6GCyVJw+Gbdzexssqfkpz3Drf5UFyrkGD2136kwTq5W02+8CyCOgTY5FypQuo+nohN3tWlMQ== +PublicExponent: AQAB +PrivateExponent: p+LU2r9CnWcOA2gRWDAafEwDx+LP74nd523PEtQhc7eA9YL1d0w5DsxNUbGp1a2fuYCO/V1jew7E/PQkBOEHQQ== +Prime1: 1S2btDM6sqSVM66/V5x8T3d6tqLxZz/+0hP2064u68k= +Prime2: 0WE3l1yD6SzCKYaCHRdmOvMvzwcoooHOFu7nIqIv0ik= +Exponent1: SoSn4gTqZtoLYcabEkgcWDb+yWsKEbqYG91osbQ4qKk= +Exponent2: QHZO2DHqhtJ54LEBxBUdK08NzA5nK0kNezAIRzhpwqk= +Coefficient: c6ICoCH4ZQeCVuEn5HwBof93cBjc0A4s5AIOw3YhmYE= diff --git a/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+55983.key b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+55983.key new file mode 100644 index 0000000000..3c2afbd8d5 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+55983.key @@ -0,0 +1,3 @@ +;% generationtime=20101127101703 +;% lifetime=7d +sub.example.net. IN DNSKEY 257 3 7 AwEAAbv0XLM9qAEncwc4HjBamccNu/z+gPmnsp4bFEdz6YgPtSSIdUA+ OChIBJg2fADBupHsmibB5E6IVHcuKO0OF4uiSv4FSk9p/2mioI9RxeSR xGQ6gds3DJBN8sw86LH8BjLynqY/Jw/D3BudvcDHJtz7HtCH0mNEL9eG hjzq+GW/ diff --git a/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+55983.private b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+55983.private new file mode 100644 index 0000000000..ef53614a57 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+55983.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 7 (NSEC3RSASHA1) +Modulus: u/Rcsz2oASdzBzgeMFqZxw27/P6A+aeynhsUR3PpiA+1JIh1QD44KEgEmDZ8AMG6keyaJsHkTohUdy4o7Q4Xi6JK/gVKT2n/aaKgj1HF5JHEZDqB2zcMkE3yzDzosfwGMvKepj8nD8PcG529wMcm3Pse0IfSY0Qv14aGPOr4Zb8= +PublicExponent: AQAB +PrivateExponent: I3QCkGTO7fjM/82cFC7i1uNGVICFP5JcZOpitt+sa1fbKVr8EvQpj5+WDkgot9PTJ3dj1G+6av3YQOraGW0RD5hVfuuJD3B10e7wVuaYRwA1uF/Lj0UTjag5d1KV0L38Zj73jEhA50ZAqDKNykwV3Ir4mVlIH0t4AINYrL84vCE= +Prime1: +H9jAgtRG+/Co4e+ef8JKkiwFlM3deV1PUa8EjvnLuY5g3de+RARJQ5stDdHPik4xaau3sQB/5atI4zxDTqBNw== +Prime2: waELRgLV2acQzUQu1zbGWqucgItEmx1bg9SJhKatJpAA0dBGvU42rOMA+eKm47uRY2CZkNaJneiQFFbbIW2juQ== +Exponent1: j3Sq6aEy39fYG6Pf2HndBqYT0a+U0uD2f7t4E2a1naOXDEg7cblOzH+5TYij/kS525DQXxX0uWJ47Y8OEb72nQ== +Exponent2: iBfYI6I0iqF5Fr04qv2N1wbNni/Ezb2JqBQHgBvikbsfSFk6jy3dEhEPi5M5t9EK9C1eYkXYPgvK0PDnXgyAyQ== +Coefficient: oZYj4nmY+QE6/sOjBelpaEm7BgGasIIZqQN2D3DBpiVUmQDtJ6XTcpcdZ14IVsTIijvS7mXM+hzbCH/UG/pL0Q== diff --git a/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+59870.key b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+59870.key new file mode 100644 index 0000000000..c17531fe28 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+59870.key @@ -0,0 +1,3 @@ +;% generationtime=20101127101703 +;% lifetime=3d +sub.example.net. IN DNSKEY 256 3 7 AwEAAcbKVFdrzJmGoQCMYf9vwxdKrGrLk86OqVHVlXAwoHgdGpAjsga0 FenJ7FwC4eqAxK0dUC86/dUX/YUFz0fBLo0= diff --git a/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+59870.private b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+59870.private new file mode 100644 index 0000000000..ffa2fc4736 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+007+59870.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 7 (NSEC3RSASHA1) +Modulus: xspUV2vMmYahAIxh/2/DF0qsasuTzo6pUdWVcDCgeB0akCOyBrQV6cnsXALh6oDErR1QLzr91Rf9hQXPR8EujQ== +PublicExponent: AQAB +PrivateExponent: nuTaxYXE5HJX/rg3HJWYuuVVK4fNfS1K6b5u1F4J5fbzBR+NZnWpRWMG3qQ9rlMp1jZOKCKfmJPjrYpahjbQAQ== +Prime1: +Ns6U9aZkGqxp+tfNwwCueu6zyIyQZKgLGVPcEZpbK0= +Prime2: zH8uZiJTrlY39Az3+eiTMS4SGgBxAWeXlMC4DUrCJWE= +Exponent1: +CZrwERDNy4dX2ums5aHdWvqCTh5UsfqbrrLfxLHd7U= +Exponent2: Rz5Hu+1ZmfMPq0aZXcdZAFk8lTJyLDsa5AgAFyFkYgE= +Coefficient: Rf2NFyo0bBow/KT2fAww0ePV8X24wk2Y/TPKWn8a99Y= diff --git a/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+010+07987.key b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+010+07987.key new file mode 100644 index 0000000000..a8af5c78e0 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+010+07987.key @@ -0,0 +1,3 @@ +;% generationtime=20101021120536 +;% lifetime=3d +sub.example.net. IN DNSKEY 256 3 10 BQEAAAABn8UTQYIEkX5bd7hPSpQ1VPJKNxl6iRQVozij1a5r4LcRPK3v mvMhZCOIvD3A1iym6hGnwkUHbmzpQx7W+J9uZbCtMA+NjnEwqR7Ac4WO 4ZJPovWjQhDpHuZzy6++9X5BY6GS2KSB6k5YE7Rtuc5SY+fIZhQnZ7Si fjGNJVWF98k= diff --git a/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+010+07987.private b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+010+07987.private new file mode 100644 index 0000000000..a8d924e16c --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+010+07987.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 10 (RSASHA512) +Modulus: n8UTQYIEkX5bd7hPSpQ1VPJKNxl6iRQVozij1a5r4LcRPK3vmvMhZCOIvD3A1iym6hGnwkUHbmzpQx7W+J9uZbCtMA+NjnEwqR7Ac4WO4ZJPovWjQhDpHuZzy6++9X5BY6GS2KSB6k5YE7Rtuc5SY+fIZhQnZ7SifjGNJVWF98k= +PublicExponent: AQAAAAE= +PrivateExponent: JGn91bZcjzq8WiGhHg5kIsbDfb5kSpjhqbAypDkYPpby4T2Hd6rDqhRZMEZH5o7mC9tuzwwaY0jp7uZKiy0IZ62IqAUAsj/u1pjWh1TWQ7XrOIxkd2dNgkvvJ1sm7aAoDaSi/MrwinaFaqHoO0zmpMosBNL1parHedn5yWxeZQE= +Prime1: 0ANDDIRnVYwNkuKYZ+TbawYq7DLdixk3L01nNt8BHts7Q8WXACfj3dfHO3qB/dT/xxbUDYWMOTGQXpXN2p5SoQ== +Prime2: xKCziYPsyGD2yezOC9Awvy2vfb1Ev5zYAdXLSsbuy3sOGSJp7QiTuE+wazyUbkhhaKu5FpBnMdmFQgY2YK08KQ== +Exponent1: SxN8PWTIv5haN0Mz4DE+9lN9qCxEqeuu9644AcD4w1GvgQEKN+nR5nYHhrSAgjQchD0G52sTVAAg9RVjSN/RgQ== +Exponent2: CgqfFKLaSOmao8l4vmFyWjc1VWKSVHaVEOwYCqwFeXceni/OaN4ba5aXxhqxavj+M4/w2kURppUms00lkrv3QQ== +Coefficient: nnIoXkPAvUfT5ypPCg4sM+OnZ38I4BlIdnjrWcNl340TG83bSH4mdf9mkIfvjpBBue9fHQ7WPRnawIUiU3/iNQ== diff --git a/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+010+33176.key b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+010+33176.key new file mode 100644 index 0000000000..73a16fd959 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+010+33176.key @@ -0,0 +1,3 @@ +;% generationtime=20101021113820 +;% lifetime=7d +sub.example.net. IN DNSKEY 257 3 10 BQEAAAABug/pvRR/mv4qDN3gWFRiir/6UNpnuBuVC4z7xeaNk/KdvcdD ibLrSZaGfcq7no3cPvRsJ/U7S6VvYXFZNaXvqJ66ZGcCtImIoaCZIQbo z3hFelJb/62KqZWcj1anv7+LmfYpuA1UJCWpFriWYhzuT3q98lG/c7Xq iX79Ytoy6P0= diff --git a/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+010+33176.private b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+010+33176.private new file mode 100644 index 0000000000..b62d1620c0 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/sub.example.net/Ksub.example.net.+010+33176.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 10 (RSASHA512) +Modulus: ug/pvRR/mv4qDN3gWFRiir/6UNpnuBuVC4z7xeaNk/KdvcdDibLrSZaGfcq7no3cPvRsJ/U7S6VvYXFZNaXvqJ66ZGcCtImIoaCZIQboz3hFelJb/62KqZWcj1anv7+LmfYpuA1UJCWpFriWYhzuT3q98lG/c7XqiX79Ytoy6P0= +PublicExponent: AQAAAAE= +PrivateExponent: IFVOvH94pIiUBAq8ix/GuYg0kLLpKFM0iBQ+j8OmyiZIKQUDSWSP7IU7UMFgh2DELdzwF6cTqBO5gjbesotzPvPny1/isM7N8Z1FN7j4/zBTDAXVHMYdcIZEC+UZkCEu6g206BnCCsLSQm1gcDFxkaqYtSD+I/dJ82YeWVM66OU= +Prime1: 5hNJZCTszlcCQvDmXffAjt3oV4qDd1HJDcknvcmtimRqVFIDgK8UcCD2DMI1PBA+SmPSSiSU3mo4y/YKjXBvQw== +Prime2: zwcHpDKsA5Pr9e+KcjFmZbNTCEqY2GiABxvOcmuqYvLf5pkjTkEiZm3pn23/eypzjpxnyDFzk6NM0HkKQkMivw== +Exponent1: ZDECG7FYUKBEtvsq1t1lNUkyH9LAYl1eEt1rpnPXXK/JDSy5tMQeq4iCJY8hy+BE/WlxYQQ3OUENqhvhLgtC6Q== +Exponent2: FifCGPMN4sIq/+rZC/F4AfEe8f0ZmTshsfVilVVkqUnavPahK9kk2jSEInk50CKpMqNCywF+fer/77+mxW7fCQ== +Coefficient: yvTbE7YdfrvskUqVo+/KjEH3cu0oYl99AshpIOeBaQ5sNJtuZzHA6UEnVY0rc5Apli7sRVSsrJSZSqBeD6hMdQ== diff --git a/contrib/zkt-1.1.2/examples/flat/sub.example.net/dlvset-sub.example.net. b/contrib/zkt-1.1.2/examples/flat/sub.example.net/dlvset-sub.example.net. new file mode 100644 index 0000000000..b9d0017467 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/sub.example.net/dlvset-sub.example.net. @@ -0,0 +1,2 @@ +sub.example.net.dlv.trusted-keys.de. IN DLV 48516 7 1 CC5E20F75F02BE11BC040960669A3F5058F30DC0 +sub.example.net.dlv.trusted-keys.de. IN DLV 48516 7 2 D124B0B50CF51780707FFBF91DC305617832C09E21F32F28B8A88EFB E1F03ACE diff --git a/contrib/zkt-1.1.2/examples/flat/sub.example.net/dnskey.db b/contrib/zkt-1.1.2/examples/flat/sub.example.net/dnskey.db new file mode 100644 index 0000000000..c6ed4e8f0d --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/sub.example.net/dnskey.db @@ -0,0 +1,68 @@ +; +; !!! Don't edit this file by hand. +; !!! It will be generated by zkt-signer. +; +; Last generation time Jan 25 2011 20:02:30 +; + +; *** List of Key Signing Keys *** +; sub.example.net. tag=855 algo=NSEC3RSASHA1 generated Sep 24 2010 13:26:25 +sub.example.net. 14400 IN DNSKEY 257 3 7 ( + AwEAAcN4oi+shB1ZNhIXtSBuhAJKDp95Bc4H3MyhMxUos7VWVrsAxNK8 + u900fdubtofcoLR4FAoaPpX7LhQ1OPh+9RR4VIYrwilGkf2ZtZh0URwO + ruYqvJAIf6ZTxyakaUaY5m0ABl1learg+XhjBHcMz3Lvx4Opnw5qsM+v + nqJT15vd + ) ; key id = 855 + +; sub.example.net. tag=33176 algo=RSASHA512 generated Oct 21 2010 13:38:20 +sub.example.net. 14400 IN DNSKEY 257 3 10 ( + BQEAAAABug/pvRR/mv4qDN3gWFRiir/6UNpnuBuVC4z7xeaNk/KdvcdD + ibLrSZaGfcq7no3cPvRsJ/U7S6VvYXFZNaXvqJ66ZGcCtImIoaCZIQbo + z3hFelJb/62KqZWcj1anv7+LmfYpuA1UJCWpFriWYhzuT3q98lG/c7Xq + iX79Ytoy6P0= + ) ; key id = 33176 + +; sub.example.net. tag=55983 algo=NSEC3RSASHA1 generated Nov 27 2010 11:17:03 +sub.example.net. 14400 IN DNSKEY 257 3 7 ( + AwEAAbv0XLM9qAEncwc4HjBamccNu/z+gPmnsp4bFEdz6YgPtSSIdUA+ + OChIBJg2fADBupHsmibB5E6IVHcuKO0OF4uiSv4FSk9p/2mioI9RxeSR + xGQ6gds3DJBN8sw86LH8BjLynqY/Jw/D3BudvcDHJtz7HtCH0mNEL9eG + hjzq+GW/ + ) ; key id = 55983 + +; sub.example.net. tag=24183 algo=RSASHA1 generated Jan 25 2011 10:11:21 +sub.example.net. 14400 IN DNSKEY 257 3 5 ( + BQEAAAABCwsLhN2Fe4nAorCoXf8CU2c4QqxPyNDVOoGrOSw/u883bF0w + hFeEDwQjnHD5xMwNvMk8gNJnxv2kp6lgUcx7CgC08VQD2ko9e4zLSvoR + WqFZ57LXKDpKdNLuVHDA6RObDX1PG0wjeWTa2lXshlhGgnGnrQhnCjYl + nnCCxgKdxwvRdLRpnqnpGCHRtj9THHOlkJuAC6bor4qlNlODIcDFBsFf + +Q== + ) ; key id = 24183 + +; *** List of Zone Signing Keys *** +; sub.example.net. tag=34493 algo=NSEC3RSASHA1 generated Sep 24 2010 13:26:25 +sub.example.net. 14400 IN DNSKEY 256 3 7 ( + AwEAAa5bMLD0fx/ZGgiuhgslScPhm3c3sbLKn5Kc9w63+VBcq5Bg9td+ + pME6uVtNvvAsgjoE2ORcqULqPp6ITd7VpTE= + ) ; key id = 34493 + +; sub.example.net. tag=7987 algo=RSASHA512 generated Oct 21 2010 14:05:36 +sub.example.net. 14400 IN DNSKEY 256 3 10 ( + BQEAAAABn8UTQYIEkX5bd7hPSpQ1VPJKNxl6iRQVozij1a5r4LcRPK3v + mvMhZCOIvD3A1iym6hGnwkUHbmzpQx7W+J9uZbCtMA+NjnEwqR7Ac4WO + 4ZJPovWjQhDpHuZzy6++9X5BY6GS2KSB6k5YE7Rtuc5SY+fIZhQnZ7Si + fjGNJVWF98k= + ) ; key id = 7987 + +; sub.example.net. tag=59870 algo=NSEC3RSASHA1 generated Nov 27 2010 11:17:03 +sub.example.net. 14400 IN DNSKEY 256 3 7 ( + AwEAAcbKVFdrzJmGoQCMYf9vwxdKrGrLk86OqVHVlXAwoHgdGpAjsga0 + FenJ7FwC4eqAxK0dUC86/dUX/YUFz0fBLo0= + ) ; key id = 59870 + +; sub.example.net. tag=44660 algo=RSASHA1 generated Jan 25 2011 10:11:21 +sub.example.net. 14400 IN DNSKEY 256 3 5 ( + BQEAAAABn6df/D+TwBypmBlabmitCSWnYLJFa/8Kk3W7Zj+ODS/kJA6s + QZIQiLUK0sd/dM+A8+qAVlgwgQDxkAiuwrc7Lw== + ) ; key id = 44660 + diff --git a/contrib/zkt-1.1.2/examples/flat/sub.example.net/dnssec.conf b/contrib/zkt-1.1.2/examples/flat/sub.example.net/dnssec.conf new file mode 100644 index 0000000000..f1f8dec394 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/sub.example.net/dnssec.conf @@ -0,0 +1,7 @@ +ResignInterval: 1d # (86400 seconds) +SigValidity: 2d # (172800 seconds) +MaximumTTL: 90s # (90 seconds) +KSKlifetime: 1w # (604800 seconds) +KSKbits: 1024 +ZSKlifetime: 3d # (259200 seconds) +NSEC3: On # (On|Off|OptOut) diff --git a/contrib/zkt-1.1.2/examples/flat/sub.example.net/maxhexsalt b/contrib/zkt-1.1.2/examples/flat/sub.example.net/maxhexsalt new file mode 100644 index 0000000000..94bc5aff31 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/sub.example.net/maxhexsalt @@ -0,0 +1 @@ +1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDE \ No newline at end of file diff --git a/contrib/zkt-1.1.2/examples/flat/sub.example.net/maxhexsalt+1 b/contrib/zkt-1.1.2/examples/flat/sub.example.net/maxhexsalt+1 new file mode 100644 index 0000000000..6f1f3b5ccb --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/sub.example.net/maxhexsalt+1 @@ -0,0 +1 @@ +1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDE1 \ No newline at end of file diff --git a/contrib/zkt-1.1.2/examples/flat/sub.example.net/zktlog-sub.example.net. b/contrib/zkt-1.1.2/examples/flat/sub.example.net/zktlog-sub.example.net. new file mode 100644 index 0000000000..e40bdad4fe --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/sub.example.net/zktlog-sub.example.net. @@ -0,0 +1,48 @@ +2010-10-21 14:01:35.486: debug: Check RFC5011 status +2010-10-21 14:01:35.486: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-10-21 14:01:35.486: debug: Check KSK status +2010-10-21 14:01:35.486: debug: Check ZSK status +2010-10-21 14:01:35.486: debug: No active ZSK found: generate new one +2010-10-21 14:01:35.495: error: sub.example.net.": can't generate new ZSK +2010-10-21 14:01:35.495: debug: Re-signing necessary: Modfied zone key set +2010-10-21 14:01:35.496: notice: "sub.example.net.": re-signing triggered: Modfied zone key set +2010-10-21 14:01:35.496: debug: Writing key file "./sub.example.net/dnskey.db" +2010-10-21 14:01:35.496: debug: Incrementing serial number in file "./sub.example.net/zone.db" +2010-10-21 14:01:35.496: debug: Signing zone "sub.example.net." +2010-10-21 14:01:35.496: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 9FC981 -C -g -p -d ../keysets -o sub.example.net. -e +172800 zone.db K*.private 2>&1" +2010-10-21 14:01:35.546: debug: Cmd dnssec-signzone return: "dnssec-signzone: fatal: DNSSEC completeness test failed." +2010-10-21 14:01:35.546: error: "sub.example.net.": signing failed! +2010-10-21 14:02:09.146: debug: Check RFC5011 status +2010-10-21 14:02:09.146: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-10-21 14:02:09.146: debug: Check KSK status +2010-10-21 14:02:09.146: debug: Check ZSK status +2010-10-21 14:02:09.146: debug: No active ZSK found: generate new one +2010-10-21 14:02:09.156: error: sub.example.net.": can't generate new ZSK +2010-10-21 14:02:09.156: debug: Re-signing necessary: Modified keys +2010-10-21 14:02:09.156: notice: "sub.example.net.": re-signing triggered: Modified keys +2010-10-21 14:02:09.156: debug: Writing key file "./sub.example.net/dnskey.db" +2010-10-21 14:02:09.157: debug: Incrementing serial number in file "./sub.example.net/zone.db" +2010-10-21 14:02:09.157: debug: Signing zone "sub.example.net." +2010-10-21 14:02:09.157: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 BD326D -C -g -p -d ../keysets -o sub.example.net. -e +172800 zone.db K*.private 2>&1" +2010-10-21 14:02:09.208: debug: Cmd dnssec-signzone return: "dnssec-signzone: fatal: DNSSEC completeness test failed." +2010-10-21 14:02:09.208: error: "sub.example.net.": signing failed! +2010-10-21 14:05:35.988: debug: Check RFC5011 status +2010-10-21 14:05:35.988: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-10-21 14:05:35.988: debug: Check KSK status +2010-10-21 14:05:35.988: debug: Check ZSK status +2010-10-21 14:05:35.988: debug: No active ZSK found: generate new one +2010-10-21 14:05:36.091: info: "sub.example.net.": generated new ZSK 7987 +2010-10-21 14:05:36.091: debug: Re-signing necessary: Modfied zone key set +2010-10-21 14:05:36.091: notice: "sub.example.net.": re-signing triggered: Modfied zone key set +2010-10-21 14:05:36.091: debug: Writing key file "./sub.example.net/dnskey.db" +2010-10-21 14:05:36.091: debug: Incrementing serial number in file "./sub.example.net/zone.db" +2010-10-21 14:05:36.091: debug: Signing zone "sub.example.net." +2010-10-21 14:05:36.091: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 75DE06 -C -g -p -d ../keysets -o sub.example.net. -e +172800 zone.db K*.private 2>&1" +2010-10-21 14:05:36.170: debug: Cmd dnssec-signzone return: "zone.db.signed" +2010-10-21 14:05:36.170: debug: Signing completed after 0s. +2010-10-21 14:30:43.892: debug: Check RFC5011 status +2010-10-21 14:30:43.892: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2010-10-21 14:30:43.892: debug: Check KSK status +2010-10-21 14:30:43.892: debug: Check ZSK status +2010-10-21 14:30:43.892: debug: Re-signing not necessary! +2010-10-21 14:30:43.892: debug: Check if there is a parent file to copy diff --git a/contrib/zkt-1.1.2/examples/flat/sub.example.net/zone.db b/contrib/zkt-1.1.2/examples/flat/sub.example.net/zone.db new file mode 100644 index 0000000000..837535bcb2 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/sub.example.net/zone.db @@ -0,0 +1,25 @@ +;----------------------------------------------------------------- +; +; @(#) sub.example.net/zone.db +; +;----------------------------------------------------------------- + +$TTL 7200 + +@ IN SOA ns1.example.net. hostmaster.example.net. ( + 8 ; Serial + 86400 ; Refresh (RIPE recommendation if NOTIFY is used) + 1800 ; Retry + 2W ; Expire + 7200 ) ; Minimum + + + IN NS ns1.example.net. + +$INCLUDE dnskey.db + +localhost IN A 127.0.0.1 + +a IN A 1.2.3.4 +b IN A 1.2.3.5 +c IN A 1.2.3.6 diff --git a/contrib/zkt-1.1.2/examples/flat/sub.example.net/zone.db.signed b/contrib/zkt-1.1.2/examples/flat/sub.example.net/zone.db.signed new file mode 100644 index 0000000000..4745d6b4f1 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/sub.example.net/zone.db.signed @@ -0,0 +1,216 @@ +; File written on Thu Oct 21 14:05:36 2010 +; dnssec_signzone version 9.7.2-P2 +sub.example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. ( + 6 ; serial + 86400 ; refresh (1 day) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 7200 RRSIG SOA 7 3 7200 20101023110536 ( + 20101021110536 34493 sub.example.net. + MgaHCyEt33DXRMiHMpZr4x52phpp8hdqu05a + bcQ7E2KGxpvsH8DtBDixo0WV73qDM45XT8mA + 9xLn3HBRSXP8Ag== ) + 7200 RRSIG SOA 10 3 7200 20101023110536 ( + 20101021110536 7987 sub.example.net. + H3B12qsYiBhrloBItfIOkakV6kUfFEhdplBv + T4n0rVihInOkC6SssFEMbe69rGvMgnzL8aCX + rIsYDT7z0fCD5mvdFJ+rsYFCAW35nlZil9Lc + xB27U+lMIngODjHiNShtjEXtKaQPKxbvbgSX + nkZ0joeWdMIEYhihgCvWc+A1mv4= ) + 7200 NS ns1.example.net. + 7200 RRSIG NS 7 3 7200 20101023110536 ( + 20101021110536 34493 sub.example.net. + QAt2BZsV7nxer/TFQLtQ/Xp8TYwiqqkmAcLa + pLf8wBWMXFTxz3O29QF+RBSdmLqeoCgW+Q5g + ygScSISe5nvKfw== ) + 7200 RRSIG NS 10 3 7200 20101023110536 ( + 20101021110536 7987 sub.example.net. + cZHqQnIA/fTFZx6LroJNWj9jPLxrnZtTHvlp + NqkTbLG5uu/+sljkOUOqHVqK9ubUESkRNP3u + Nl/oROMcgISsDWRcEOu4Vc48zBn/90vJK5WY + ZcXeGcp34pFMK7/03vEH4U1tZKc7Guvm3reh + gcfNBotu57wvctbjlqq3DM4axwI= ) + 3600 DNSKEY 256 3 7 ( + AwEAAa5bMLD0fx/ZGgiuhgslScPhm3c3sbLK + n5Kc9w63+VBcq5Bg9td+pME6uVtNvvAsgjoE + 2ORcqULqPp6ITd7VpTE= + ) ; key id = 34493 + 3600 DNSKEY 256 3 10 ( + BQEAAAABn8UTQYIEkX5bd7hPSpQ1VPJKNxl6 + iRQVozij1a5r4LcRPK3vmvMhZCOIvD3A1iym + 6hGnwkUHbmzpQx7W+J9uZbCtMA+NjnEwqR7A + c4WO4ZJPovWjQhDpHuZzy6++9X5BY6GS2KSB + 6k5YE7Rtuc5SY+fIZhQnZ7SifjGNJVWF98k= + ) ; key id = 7987 + 3600 DNSKEY 257 3 7 ( + AwEAAcN4oi+shB1ZNhIXtSBuhAJKDp95Bc4H + 3MyhMxUos7VWVrsAxNK8u900fdubtofcoLR4 + FAoaPpX7LhQ1OPh+9RR4VIYrwilGkf2ZtZh0 + URwOruYqvJAIf6ZTxyakaUaY5m0ABl1learg + +XhjBHcMz3Lvx4Opnw5qsM+vnqJT15vd + ) ; key id = 855 + 3600 DNSKEY 257 3 10 ( + BQEAAAABug/pvRR/mv4qDN3gWFRiir/6UNpn + uBuVC4z7xeaNk/KdvcdDibLrSZaGfcq7no3c + PvRsJ/U7S6VvYXFZNaXvqJ66ZGcCtImIoaCZ + IQboz3hFelJb/62KqZWcj1anv7+LmfYpuA1U + JCWpFriWYhzuT3q98lG/c7XqiX79Ytoy6P0= + ) ; key id = 33176 + 3600 RRSIG DNSKEY 7 3 3600 20101023110536 ( + 20101021110536 855 sub.example.net. + NcmO3PoVofXHe6EbmnSCkr4eTfuTkdtEQQWv + 8pbHY0Ze8NR4ISjzJf1zC4U4fJsYeS9AUL5A + 2l6qEWoY8cbPRdDnf2iKfHKTllXFubM6EtYF + aKmK38BU1Ldh6jdcJ0bFUN4cMPVhX9BA+yTM + Hm0EdYZvC6QICrlQBdJuyzS3FSA= ) + 3600 RRSIG DNSKEY 7 3 3600 20101023110536 ( + 20101021110536 34493 sub.example.net. + GLVb5YgQWtP2bHWBihGhCymm9P7pjDdN9s0c + 9nK6Pi8OWoa2uK7k/ebVXDNc/yBI/hp5Xsxs + x332lhi8AdMW3Q== ) + 3600 RRSIG DNSKEY 10 3 3600 20101023110536 ( + 20101021110536 7987 sub.example.net. + UwnLE8FmOtd0DbTXzv9QJZigJThWAw29ov6N + HnSI4cO4pyFRjiGee7+/u4DfKFUkzQp2ySIW + +jhGsF/b2TEpLyLSwY/r8iDhO0GkaU5t/tzr + wCX7HCmr6VAJaPpZhf/xLEh7pbB60jQmiHXy + 4tEfQtpkPx6ncQ95lcoN2ia43Ow= ) + 3600 RRSIG DNSKEY 10 3 3600 20101023110536 ( + 20101021110536 33176 sub.example.net. + HclPEAN+ii66jqPzYE4hbSnUNg1/xFfM0R/a + iVh40da5Wre0GzzfYouOdJegJoyDGsz+xEzN + g+RiUYFDg2cK9Y7HqX3T3nEtMMavRbb+4q93 + PRk0kZ9H/xjSqK+qTipCMz6IubOXZjzvK+sB + VOxv3uzhmR8WmKoVraB5uDeK+vA= ) + 0 NSEC3PARAM 1 0 10 75DE06 + 0 RRSIG NSEC3PARAM 7 3 0 20101023110536 ( + 20101021110536 34493 sub.example.net. + hPzjAlPJldxukEVzgVKHbJdGI/0M5JhvfOu5 + +s5+5mst1tp6goSpOxdyklpBSC4eJmPFQk2A + gWenAJCHr6s5NQ== ) + 0 RRSIG NSEC3PARAM 10 3 0 20101023110536 ( + 20101021110536 7987 sub.example.net. + hEjMFl/Znyvr73gN4fAvWHsy2Sxlga8L6xu+ + IffQTRiA0itHseM2G4TfAZju7g9HmFxSsCZO + EKdn3WwsyxBD0mfaBdHSaNrQu6EttiMyoMVu + WhiitsOAXB1iHRzE21jfZJpQSFBHPiNMCz1F + cQoRlBqYUWeyRMJN+wEHthuSpl0= ) +a.sub.example.net. 7200 IN A 1.2.3.4 + 7200 RRSIG A 7 4 7200 20101023110536 ( + 20101021110536 34493 sub.example.net. + oGoHPU1IgTXwKhHef6Dsq7X2r1eRbSK+8fsD + zPGfmYo4BMKBrTPiKvTapulXIWxNslLbJhoq + Mx3prAl4n0JbBw== ) + 7200 RRSIG A 10 4 7200 20101023110536 ( + 20101021110536 7987 sub.example.net. + ePqwuNrBwH2rkAFoHR1nHCIc9Daz/Hsze5R0 + x9p2GXujziIuvLPz9G7DpytY+pDpJr9m0djG + J1jcceazK11q53FN9gby2Tv39hEoyaySEoiy + cv1ArJaeppfeUgJmBp6GsHznz6amGXG0vig3 + 4I6tdWpwfbl+rnOUDAf5AIxUHEE= ) +b.sub.example.net. 7200 IN A 1.2.3.5 + 7200 RRSIG A 7 4 7200 20101023110536 ( + 20101021110536 34493 sub.example.net. + X2X5/rztMhu0Es2A7dsENoAf/sCTahSa6cPL + M4j/r9ofiV+tQDn8cnfnrArA5d9/wND+5Iv+ + /O1GOzwOhzhLHg== ) + 7200 RRSIG A 10 4 7200 20101023110536 ( + 20101021110536 7987 sub.example.net. + TxLKcfmsmHovdKvzgmqTOI5x1ve4VrLNxXnv + 0cBflqfHTTVH6glO1nsC9q15wI4xt3INq6fp + /+CRhIASy63i1UA5PPQ4UgxcgOTEuSgu51XJ + SVvxBatjzTVPWO5K+bNJRz9O7sDbFbKLuSIv + 94ZmQIpBERh5pLglmYESwcCwv/U= ) +c.sub.example.net. 7200 IN A 1.2.3.6 + 7200 RRSIG A 7 4 7200 20101023110536 ( + 20101021110536 34493 sub.example.net. + S1BC7yaofioxw9W6lH5EXOjGrj0nSCdbnwcX + orVRkaWq4Ic8rDsvmlL70UMLUwwUKv7cmUEH + 61KhLHI6L7bk0Q== ) + 7200 RRSIG A 10 4 7200 20101023110536 ( + 20101021110536 7987 sub.example.net. + NRiWhJ8oTAyyJUiJI9bBWDG/OzF0dQ6WqBES + pJq5LyN10EeHSX96xcgPHMdGw9VGqep1e9G4 + B+sYfmcsET7LdUNncyKS8Plvs/9rO7QW2lfE + S0gnoCmLe8PK8Z33Bh8k/tXjJjB5GpYCwXnn + WnBuKZk6KL6yr/BRz7SpmYYn7zY= ) +localhost.sub.example.net. 7200 IN A 127.0.0.1 + 7200 RRSIG A 7 4 7200 20101023110536 ( + 20101021110536 34493 sub.example.net. + jYhG4Tp8AxSnwl9bFIzNcLHj+MMi2QY8cW+U + Mbw2++3fDsDyrzV9qOAkemUTeTw+wX/z7Iu8 + wtPCTzy6oKPZew== ) + 7200 RRSIG A 10 4 7200 20101023110536 ( + 20101021110536 7987 sub.example.net. + F03HIz1yPabXrvyaByqN6tvGCThqI/FVZXl1 + l5oSJJ4gGE9wjtbgSbyMnQQ09Vp/FxZD5nk0 + zWYJXSyJCi1eWD3CV1xp6zbl2Z5jh6X70qpq + Z8mAj+tt8gFrlvR49doEnIKtz7Nupmk8VM0Q + ir091k0On6d6xkAaG2DdB6Cd8IY= ) +E23J36747M9QAHTBMRSQ0EHB5D8JF31O.sub.example.net. 7200 IN NSEC3 1 0 10 75DE06 GMMG72L8KNTF7A2QLCMLH1I5RG5V8RKK A RRSIG + 7200 RRSIG NSEC3 7 4 7200 20101023110536 ( + 20101021110536 34493 sub.example.net. + YnvMl6XcqOZq4T/nz688NADoYegQu6Ct1+wU + Abx5vuVLb5CkwK6cGTPazni2xZnNTiXiIi87 + dzLHGQTaup4xxg== ) + 7200 RRSIG NSEC3 10 4 7200 20101023110536 ( + 20101021110536 7987 sub.example.net. + P/8DdSZU4Ag3ibdsalE+FBDa7+a0W4R/jB5a + pqvmkox4fZB20k8MrMxn8hbHJOxFD4FAdOrm + Bc+ut45HYx4c0wE3WekmuBIkS5gWWGsvCqji + hquZMORyZjT9Tk/VezHXuJ9jMA4vCuPbqTsX + Y2liJS0Vzrr6rssF5Mz36OQrG/w= ) +GMMG72L8KNTF7A2QLCMLH1I5RG5V8RKK.sub.example.net. 7200 IN NSEC3 1 0 10 75DE06 H856ATS51TP5R6A4PJ4H623HBD22MMP8 A RRSIG + 7200 RRSIG NSEC3 7 4 7200 20101023110536 ( + 20101021110536 34493 sub.example.net. + IHxHqJw0w0yzAdM9Dc0wdH9t9vdqXO9Xxx7/ + CSyL+852/nuflS/a/+AwDyZhuMwqKR021/Jm + 0E2bTZvH8qNuGA== ) + 7200 RRSIG NSEC3 10 4 7200 20101023110536 ( + 20101021110536 7987 sub.example.net. + VssB9MTMT6Meh7pVOF0aWcpx6PLRR7z97Jf4 + LeWFPhw3w5BTWff4BL45omopYaMCDamqirYa + zmhlKyqE7qEtGop8fUiNmFdK5+cPhhGGVbhV + B+k7ZWC5H9fwI61owUG2btP+oLaOgJejXLqr + 27EnZ8aE2bmGdYcN1Ji8QtRWaXQ= ) +H856ATS51TP5R6A4PJ4H623HBD22MMP8.sub.example.net. 7200 IN NSEC3 1 0 10 75DE06 T9JU0DUS5QPJR2HUCAOK4CTRF8OFCVCJ A RRSIG + 7200 RRSIG NSEC3 7 4 7200 20101023110536 ( + 20101021110536 34493 sub.example.net. + LKo4fE/ql/oQCkZeNxNcT6o/201bdnpEvreO + EcOTjUGfGiJ5KCUH4dSz8aQFdVwBfJEmA0v1 + NpjbLSeDJ2ArNg== ) + 7200 RRSIG NSEC3 10 4 7200 20101023110536 ( + 20101021110536 7987 sub.example.net. + ePRVEMqfub0TQ7NciAg+PXzIBa2CJ8226mqn + wuSymuImvb5TJ6uwNX1b17WJ3XrXxE/mBbZ6 + LqpU3KNEsi0hb3mx9atSy9d3/oAi/A1QeC78 + y/LxyyYoIgoBrnQ6AF7zsqX1SWz+DjFl8E58 + uaZnYfL0q6RbGZ5cJxu1bhPw1Vo= ) +T9JU0DUS5QPJR2HUCAOK4CTRF8OFCVCJ.sub.example.net. 7200 IN NSEC3 1 0 10 75DE06 V5QI8VK5I93U0UCL19L7B0SU5SVTJQS7 NS SOA RRSIG DNSKEY NSEC3PARAM + 7200 RRSIG NSEC3 7 4 7200 20101023110536 ( + 20101021110536 34493 sub.example.net. + BZ8wR07wrdenmmNFWKhMGckWQwZlfVuZhULf + 4VZfWLo+8NFhDk6MjdVV3QrpEsF5XhR8r+0V + ZxU2ZsHWpcYbsw== ) + 7200 RRSIG NSEC3 10 4 7200 20101023110536 ( + 20101021110536 7987 sub.example.net. + TnOhLkcIl30DqXTbGMarRvLPfGbv/HHBG44E + 07Gpcq2M/+nbPW8A35sHsaalTi7Jdr870mk8 + XvvgUzoLlm200ssnGX+PAfzz7MyISqO2XBaa + k54+2A3V20Aecgk0sjkG8uS1vIcWmXqXUxcp + JpkNIio9S/WjTX85sVo+ug3qDYQ= ) +V5QI8VK5I93U0UCL19L7B0SU5SVTJQS7.sub.example.net. 7200 IN NSEC3 1 0 10 75DE06 E23J36747M9QAHTBMRSQ0EHB5D8JF31O A RRSIG + 7200 RRSIG NSEC3 7 4 7200 20101023110536 ( + 20101021110536 34493 sub.example.net. + VDvPAecgBeCvTDTaE7zA4TQR5jgOBTmygaWd + GyxEI9uOCXAocdMjrfNq+c/SIymog6CYXCcT + hbdOetaD3duYJw== ) + 7200 RRSIG NSEC3 10 4 7200 20101023110536 ( + 20101021110536 7987 sub.example.net. + BuJnVwod8SlcTwNnb8RPmhPDsycpRpmD69BZ + 778M9p3BvHkYyr8xbWP8+OmhO880V3dRdpqx + Hq0tyvarF8SVN8J7jMCZ1W9V2NxiLp50S/rN + sDkl9l4LzSClgELSeNTFdyA/22asyYZ5XO6N + t/f5BtsYe9W80n87cnAOmbAUIgg= ) diff --git a/contrib/zkt-1.1.2/examples/flat/zkt-ls b/contrib/zkt-1.1.2/examples/flat/zkt-ls new file mode 120000 index 0000000000..c513980564 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/zkt-ls @@ -0,0 +1 @@ +../zkt-ls.sh \ No newline at end of file diff --git a/contrib/zkt-1.1.2/examples/flat/zkt-signer b/contrib/zkt-1.1.2/examples/flat/zkt-signer new file mode 120000 index 0000000000..b5f367de78 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/zkt-signer @@ -0,0 +1 @@ +../zkt-signer.sh \ No newline at end of file diff --git a/contrib/zkt-1.1.2/examples/flat/zkt.log b/contrib/zkt-1.1.2/examples/flat/zkt.log new file mode 100644 index 0000000000..c9d749c876 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/zkt.log @@ -0,0 +1,423 @@ +2010-02-07 13:53:47.881: notice: ------------------------------------------------------------ +2010-02-07 13:53:47.881: notice: running ../../zkt-signer -v -v +2010-02-07 13:53:47.883: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-02-07 13:53:48.304: debug: +2010-02-07 13:53:48.304: debug: parsing zone "example.net." in dir "./example.net" +2010-02-07 13:53:48.305: debug: +2010-02-07 13:53:48.305: notice: end of run: 0 errors occured +2010-02-07 13:54:03.463: notice: ------------------------------------------------------------ +2010-02-07 13:54:03.464: notice: running ../../zkt-signer -r -v -v +2010-02-07 13:54:03.465: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-02-07 13:54:03.466: debug: +2010-02-07 13:54:03.466: debug: parsing zone "example.net." in dir "./example.net" +2010-02-07 13:54:03.466: debug: +2010-02-07 13:54:03.466: notice: end of run: 0 errors occured +2010-02-07 13:54:07.953: notice: ------------------------------------------------------------ +2010-02-07 13:54:07.953: notice: running ../../zkt-signer -f -r -v -v +2010-02-07 13:54:07.955: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-02-07 13:54:08.019: debug: +2010-02-07 13:54:08.019: debug: parsing zone "example.net." in dir "./example.net" +2010-02-07 13:54:08.139: debug: +2010-02-07 13:54:08.139: notice: end of run: 0 errors occured +2010-02-07 14:06:27.666: notice: ------------------------------------------------------------ +2010-02-07 14:06:27.666: notice: running ../../zkt-signer -r -v -v +2010-02-07 14:06:27.668: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-02-07 14:06:27.670: debug: +2010-02-07 14:06:27.670: debug: parsing zone "example.net." in dir "./example.net" +2010-02-07 14:06:27.671: debug: +2010-02-07 14:06:27.671: notice: end of run: 0 errors occured +2010-02-07 14:06:33.711: notice: ------------------------------------------------------------ +2010-02-07 14:06:33.711: notice: running ../../zkt-signer -f -r -v -v +2010-02-07 14:06:33.713: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-02-07 14:06:33.753: debug: +2010-02-07 14:06:33.753: debug: parsing zone "example.net." in dir "./example.net" +2010-02-07 14:06:33.797: debug: +2010-02-07 14:06:33.797: notice: end of run: 0 errors occured +2010-02-07 14:07:49.243: notice: ------------------------------------------------------------ +2010-02-07 14:07:49.243: notice: running ../../zkt-signer -d -r -v -v +2010-02-07 14:07:49.245: debug: parsing zone "dyn.example.net." in dir "./dyn.example.net" +2010-02-07 14:07:49.832: debug: +2010-02-07 14:07:49.832: notice: end of run: 1 error occured +2010-02-07 14:09:41.710: notice: ------------------------------------------------------------ +2010-02-07 14:09:41.710: notice: running ../../zkt-signer -d -r -v -v +2010-02-07 14:09:41.712: debug: parsing zone "dyn.example.net." in dir "./dyn.example.net" +2010-02-07 14:09:41.799: debug: +2010-02-07 14:09:41.799: notice: end of run: 1 error occured +2010-02-07 14:10:24.426: notice: ------------------------------------------------------------ +2010-02-07 14:10:24.427: notice: running ../../zkt-signer -d -v -v +2010-02-07 14:10:24.429: debug: parsing zone "dyn.example.net." in dir "./dyn.example.net" +2010-02-07 14:10:24.429: debug: +2010-02-07 14:10:24.429: notice: end of run: 0 errors occured +2010-02-07 14:11:00.715: notice: ------------------------------------------------------------ +2010-02-07 14:11:00.715: notice: running ../../zkt-signer -f -d -v -v +2010-02-07 14:11:00.717: debug: parsing zone "dyn.example.net." in dir "./dyn.example.net" +2010-02-07 14:11:00.803: debug: +2010-02-07 14:11:00.803: notice: end of run: 1 error occured +2010-02-07 15:11:02.629: notice: ------------------------------------------------------------ +2010-02-07 15:11:02.629: notice: running ../../zkt-signer -f -d -v -v +2010-02-07 15:11:02.630: debug: parsing zone "dyn.example.net." in dir "./dyn.example.net" +2010-02-07 15:11:03.799: debug: +2010-02-07 15:11:03.799: notice: end of run: 1 error occured +2010-02-07 15:15:02.094: notice: ------------------------------------------------------------ +2010-02-07 15:15:02.094: notice: running ../../zkt-signer -f -d -v -v +2010-02-07 15:15:02.095: debug: parsing zone "dyn.example.net." in dir "./dyn.example.net" +2010-02-07 15:15:02.270: debug: +2010-02-07 15:15:02.270: notice: end of run: 0 errors occured +2010-02-07 15:32:48.955: notice: ------------------------------------------------------------ +2010-02-07 15:32:48.955: notice: running ../../zkt-signer -f -d -v -v +2010-02-07 15:32:48.957: debug: parsing zone "dyn.example.net." in dir "./dyn.example.net" +2010-02-07 15:32:49.007: debug: +2010-02-07 15:32:49.007: notice: end of run: 0 errors occured +2010-02-07 15:38:31.400: notice: ------------------------------------------------------------ +2010-02-07 15:38:31.400: notice: running ../../zkt-signer -f -d -v -v +2010-02-07 15:38:31.402: debug: parsing zone "dyn.example.net." in dir "./dyn.example.net" +2010-02-07 15:38:31.456: debug: +2010-02-07 15:38:31.456: notice: end of run: 0 errors occured +2010-02-21 12:50:43.100: notice: ------------------------------------------------------------ +2010-02-21 12:50:43.100: notice: running ../../zkt-signer +2010-02-21 12:50:43.176: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-02-21 12:50:43.586: debug: +2010-02-21 12:50:43.586: debug: parsing zone "example.net." in dir "./example.net" +2010-02-21 12:50:43.733: debug: +2010-02-21 12:50:43.733: notice: end of run: 0 errors occured +2010-02-21 12:50:51.156: notice: ------------------------------------------------------------ +2010-02-21 12:50:51.156: notice: running ../../zkt-signer -v -v +2010-02-21 12:50:51.158: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-02-21 12:50:51.205: debug: +2010-02-21 12:50:51.205: debug: parsing zone "example.net." in dir "./example.net" +2010-02-21 12:50:51.205: debug: +2010-02-21 12:50:51.205: notice: end of run: 0 errors occured +2010-02-21 12:51:23.495: notice: ------------------------------------------------------------ +2010-02-21 12:51:23.495: notice: running ../../zkt-signer -v -v +2010-02-21 12:51:23.497: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-02-21 12:51:23.497: debug: +2010-02-21 12:51:23.497: debug: parsing zone "example.net." in dir "./example.net" +2010-02-21 12:51:23.497: debug: +2010-02-21 12:51:23.497: notice: end of run: 0 errors occured +2010-02-21 19:16:18.383: notice: ------------------------------------------------------------ +2010-02-21 19:16:18.383: notice: running ../../zkt-signer -v -v +2010-02-21 19:16:18.384: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-02-21 19:16:18.593: debug: +2010-02-21 19:16:18.594: debug: parsing zone "example.net." in dir "./example.net" +2010-02-21 19:16:18.594: debug: +2010-02-21 19:16:18.594: notice: end of run: 0 errors occured +2010-02-21 19:16:23.964: notice: ------------------------------------------------------------ +2010-02-21 19:16:23.964: notice: running ../../zkt-signer -d -v -v +2010-02-21 19:16:24.018: debug: parsing zone "dyn.example.net." in dir "./dyn.example.net" +2010-02-21 19:16:24.440: debug: +2010-02-21 19:16:24.440: notice: end of run: 0 errors occured +2010-02-21 19:32:05.895: notice: ------------------------------------------------------------ +2010-02-21 19:32:05.895: notice: running ../../zkt-signer -d -v -v +2010-02-21 19:32:05.896: debug: parsing zone "dyn.example.net." in dir "./dyn.example.net" +2010-02-21 19:32:05.897: debug: +2010-02-21 19:32:05.897: notice: end of run: 0 errors occured +2010-02-21 19:32:11.376: notice: ------------------------------------------------------------ +2010-02-21 19:32:11.376: notice: running ../../zkt-signer -v -v +2010-02-21 19:32:11.378: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-02-21 19:32:11.378: debug: +2010-02-21 19:32:11.378: debug: parsing zone "example.net." in dir "./example.net" +2010-02-21 19:32:11.378: debug: +2010-02-21 19:32:11.378: notice: end of run: 0 errors occured +2010-02-21 19:32:15.928: notice: ------------------------------------------------------------ +2010-02-21 19:32:15.928: notice: running ../../zkt-signer -f -v -v +2010-02-21 19:32:15.930: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-02-21 19:32:15.982: debug: +2010-02-21 19:32:15.982: debug: parsing zone "example.net." in dir "./example.net" +2010-02-21 19:32:16.019: debug: +2010-02-21 19:32:16.019: notice: end of run: 0 errors occured +2010-02-21 19:32:32.201: notice: ------------------------------------------------------------ +2010-02-21 19:32:32.201: notice: running ../../zkt-signer -f -v -v +2010-02-21 19:32:32.202: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-02-21 19:32:32.232: debug: +2010-02-21 19:32:32.232: debug: parsing zone "example.net." in dir "./example.net" +2010-02-21 19:32:32.273: debug: +2010-02-21 19:32:32.273: notice: end of run: 0 errors occured +2010-02-21 19:32:37.105: notice: ------------------------------------------------------------ +2010-02-21 19:32:37.105: notice: running ../../zkt-signer -d -f -v -v +2010-02-21 19:32:37.107: debug: parsing zone "dyn.example.net." in dir "./dyn.example.net" +2010-02-21 19:32:37.156: debug: +2010-02-21 19:32:37.156: notice: end of run: 0 errors occured +2010-02-21 19:43:15.017: notice: ------------------------------------------------------------ +2010-02-21 19:43:15.017: notice: running ../../zkt-signer -d -v -v +2010-02-21 19:43:15.018: debug: parsing zone "dyn.example.net." in dir "./dyn.example.net" +2010-02-21 19:43:15.387: debug: +2010-02-21 19:43:15.387: notice: end of run: 1 error occured +2010-02-21 19:45:36.413: notice: ------------------------------------------------------------ +2010-02-21 19:45:36.413: notice: running ../../zkt-signer -d -v -v +2010-02-21 19:45:36.415: debug: parsing zone "dyn.example.net." in dir "./dyn.example.net" +2010-02-21 19:45:36.416: debug: +2010-02-21 19:45:36.416: notice: end of run: 0 errors occured +2010-02-21 19:45:41.446: notice: ------------------------------------------------------------ +2010-02-21 19:45:41.446: notice: running ../../zkt-signer -f -d -v -v +2010-02-21 19:45:41.448: debug: parsing zone "dyn.example.net." in dir "./dyn.example.net" +2010-02-21 19:45:41.482: debug: +2010-02-21 19:45:41.482: notice: end of run: 1 error occured +2010-02-21 19:47:06.897: notice: ------------------------------------------------------------ +2010-02-21 19:47:06.897: notice: running ../../zkt-signer -f -d -v -v +2010-02-21 19:47:06.899: debug: parsing zone "dyn.example.net." in dir "./dyn.example.net" +2010-02-21 19:47:06.935: debug: +2010-02-21 19:47:06.935: notice: end of run: 1 error occured +2010-02-21 19:58:40.971: notice: ------------------------------------------------------------ +2010-02-21 19:58:40.971: notice: running ../../zkt-signer -f -d -v -v +2010-02-21 19:58:40.972: debug: parsing zone "dyn.example.net." in dir "./dyn.example.net" +2010-02-21 19:58:41.008: debug: +2010-02-21 19:58:41.008: notice: end of run: 1 error occured +2010-02-21 20:00:48.831: notice: ------------------------------------------------------------ +2010-02-21 20:00:48.831: notice: running ../../zkt-signer -f -d -v -v +2010-02-21 20:00:48.832: debug: parsing zone "dyn.example.net." in dir "./dyn.example.net" +2010-02-21 20:00:48.884: debug: +2010-02-21 20:00:48.884: notice: end of run: 0 errors occured +2010-02-21 20:01:11.175: notice: ------------------------------------------------------------ +2010-02-21 20:01:11.175: notice: running ../../zkt-signer -f -d -v -v +2010-02-21 20:01:11.175: debug: parsing zone "dyn.example.net." in dir "./dyn.example.net" +2010-02-21 20:01:11.208: debug: +2010-02-21 20:01:11.208: notice: end of run: 0 errors occured +2010-02-21 20:01:17.174: notice: ------------------------------------------------------------ +2010-02-21 20:01:17.174: notice: running ../../zkt-signer -d -v -v +2010-02-21 20:01:17.175: debug: parsing zone "dyn.example.net." in dir "./dyn.example.net" +2010-02-21 20:01:17.176: debug: +2010-02-21 20:01:17.176: notice: end of run: 0 errors occured +2010-02-25 00:12:26.362: notice: ------------------------------------------------------------ +2010-02-25 00:12:26.362: notice: running ../../zkt-signer -v -v +2010-02-25 00:12:26.442: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-02-25 00:12:27.060: debug: +2010-02-25 00:12:27.060: debug: parsing zone "example.net." in dir "./example.net" +2010-02-25 00:12:27.177: debug: +2010-02-25 00:12:27.177: notice: end of run: 0 errors occured +2010-02-25 23:42:20.621: notice: ------------------------------------------------------------ +2010-02-25 23:42:20.621: notice: running ../../zkt-signer -v -v +2010-02-25 23:42:20.653: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-02-25 23:42:21.012: debug: +2010-02-25 23:42:21.013: debug: parsing zone "example.net." in dir "./example.net" +2010-02-25 23:42:21.021: debug: +2010-02-25 23:42:21.021: notice: end of run: 0 errors occured +2010-02-25 23:42:29.324: notice: ------------------------------------------------------------ +2010-02-25 23:42:29.324: notice: running ../../zkt-signer -d -v -v +2010-02-25 23:42:29.326: debug: parsing zone "dyn.example.net." in dir "./dyn.example.net" +2010-02-25 23:42:29.497: debug: +2010-02-25 23:42:29.497: notice: end of run: 0 errors occured +2010-03-02 10:59:11.813: notice: ------------------------------------------------------------ +2010-03-02 10:59:11.813: notice: running ../../zkt-signer -v -v +2010-03-02 10:59:11.845: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-03-02 10:59:12.416: debug: +2010-03-02 10:59:12.416: debug: parsing zone "example.net." in dir "./example.net" +2010-03-02 10:59:12.531: debug: +2010-03-02 10:59:12.531: notice: end of run: 0 errors occured +2010-03-02 10:59:46.768: notice: ------------------------------------------------------------ +2010-03-02 10:59:46.768: notice: running ../../zkt-signer -d -v -v +2010-03-02 10:59:46.769: debug: parsing zone "dyn.example.net." in dir "./dyn.example.net" +2010-03-02 10:59:46.995: debug: +2010-03-02 10:59:46.995: notice: end of run: 0 errors occured +2010-03-03 23:22:00.105: notice: ------------------------------------------------------------ +2010-03-03 23:22:00.105: notice: running ../../zkt-signer -v -v +2010-03-03 23:22:00.127: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-03-03 23:22:00.415: debug: +2010-03-03 23:22:00.415: debug: parsing zone "example.net." in dir "./example.net" +2010-03-03 23:22:00.416: debug: +2010-03-03 23:22:00.416: notice: end of run: 0 errors occured +2010-03-08 23:11:49.633: notice: ------------------------------------------------------------ +2010-03-08 23:11:49.633: notice: running ../../zkt-signer -v -v -N named.conf +2010-03-08 23:11:49.663: debug: parsing zone "sub.example.net." in dir "././sub.example.net" +2010-03-08 23:11:50.170: debug: +2010-03-08 23:11:50.170: debug: parsing zone "example.net." in dir "././example.net" +2010-03-08 23:11:50.295: debug: +2010-03-08 23:11:50.295: notice: end of run: 0 errors occured +2010-03-08 23:12:56.211: notice: ------------------------------------------------------------ +2010-03-08 23:12:56.211: notice: running ../../zkt-signer -v -v -N named.conf +2010-03-08 23:12:56.212: debug: parsing zone "example.net." in dir "././example.net" +2010-03-08 23:12:56.279: debug: +2010-03-08 23:12:56.279: notice: end of run: 0 errors occured +2010-03-08 23:13:36.982: notice: ------------------------------------------------------------ +2010-03-08 23:13:36.983: notice: running ../../zkt-signer -v -v -N named.conf +2010-03-08 23:13:36.984: debug: parsing zone "example.net." in dir "././example.net" +2010-03-08 23:13:36.985: debug: +2010-03-08 23:13:36.985: notice: end of run: 0 errors occured +2010-03-08 23:18:52.241: notice: ------------------------------------------------------------ +2010-03-08 23:18:52.241: notice: running ../../zkt-signer -v -v -N named.conf +2010-03-08 23:18:52.243: debug: parsing zone "sub.example.net." in dir "././sub.example.net" +2010-03-08 23:18:52.287: debug: +2010-03-08 23:18:52.287: debug: parsing zone "example.net." in dir "././example.net" +2010-03-08 23:18:52.287: debug: +2010-03-08 23:18:52.287: notice: end of run: 0 errors occured +2010-03-11 23:46:35.453: notice: ------------------------------------------------------------ +2010-03-11 23:46:35.453: notice: running ../../zkt-signer -v -v +2010-03-11 23:46:35.497: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-03-11 23:46:35.831: debug: +2010-03-11 23:46:35.831: debug: parsing zone "example.net." in dir "./example.net" +2010-03-11 23:46:35.929: debug: +2010-03-11 23:46:35.930: notice: end of run: 0 errors occured +2010-03-11 23:52:33.130: notice: ------------------------------------------------------------ +2010-03-11 23:52:33.130: notice: running ../../zkt-signer -v -v +2010-03-11 23:52:33.132: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-03-11 23:52:33.132: debug: +2010-03-11 23:52:33.132: debug: parsing zone "example.net." in dir "./example.net" +2010-03-11 23:52:33.408: debug: +2010-03-11 23:52:33.408: notice: end of run: 1 error occured +2010-03-11 23:53:27.802: notice: ------------------------------------------------------------ +2010-03-11 23:53:27.802: notice: running ../../zkt-signer -v -v +2010-03-11 23:53:27.804: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-03-11 23:53:27.856: debug: +2010-03-11 23:53:27.856: debug: parsing zone "example.net." in dir "./example.net" +2010-03-11 23:53:27.920: debug: +2010-03-11 23:53:27.920: notice: end of run: 0 errors occured +2010-07-05 08:15:23.500: notice: ------------------------------------------------------------ +2010-07-05 08:15:23.500: notice: running ../../zkt-signer +2010-07-05 08:15:23.502: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-07-05 08:15:24.179: debug: +2010-07-05 08:15:24.179: debug: parsing zone "example.net." in dir "./example.net" +2010-07-05 08:15:24.316: debug: +2010-07-05 08:15:24.316: notice: end of run: 0 errors occured +2010-07-05 08:15:28.171: notice: ------------------------------------------------------------ +2010-07-05 08:15:28.171: notice: running ../../zkt-signer -v -v +2010-07-05 08:15:28.173: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-07-05 08:15:28.173: debug: +2010-07-05 08:15:28.174: debug: parsing zone "example.net." in dir "./example.net" +2010-07-05 08:15:28.174: debug: +2010-07-05 08:15:28.174: notice: end of run: 0 errors occured +2010-07-05 08:15:58.498: notice: ------------------------------------------------------------ +2010-07-05 08:15:58.498: notice: running ../../zkt-signer -v -v +2010-07-05 08:15:58.501: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-07-05 08:15:58.502: debug: +2010-07-05 08:15:58.502: debug: parsing zone "example.net." in dir "./example.net" +2010-07-05 08:15:58.503: debug: +2010-07-05 08:15:58.504: notice: end of run: 0 errors occured +2010-07-05 08:16:04.892: notice: ------------------------------------------------------------ +2010-07-05 08:16:04.892: notice: running ../../zkt-signer -f -v -v +2010-07-05 08:16:04.894: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-07-05 08:16:04.937: debug: +2010-07-05 08:16:04.937: debug: parsing zone "example.net." in dir "./example.net" +2010-07-05 08:16:04.993: debug: +2010-07-05 08:16:04.993: notice: end of run: 0 errors occured +2010-07-05 08:16:33.557: notice: ------------------------------------------------------------ +2010-07-05 08:16:33.557: notice: running ../../zkt-signer -f -v -v +2010-07-05 08:16:33.559: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-07-05 08:16:33.604: debug: +2010-07-05 08:16:33.604: debug: parsing zone "example.net." in dir "./example.net" +2010-07-05 08:16:33.648: debug: +2010-07-05 08:16:33.648: notice: end of run: 0 errors occured +2010-07-30 01:30:54.873: notice: ------------------------------------------------------------ +2010-07-30 01:30:54.873: notice: running ../../zkt-signer -v -v +2010-07-30 01:30:54.879: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-07-30 01:30:55.411: debug: +2010-07-30 01:30:55.411: debug: parsing zone "example.net." in dir "./example.net" +2010-07-30 01:30:55.563: debug: +2010-07-30 01:30:55.563: notice: end of run: 0 errors occured +2010-08-26 22:52:09.066: notice: ------------------------------------------------------------ +2010-08-26 22:52:09.066: notice: running ../../zkt-signer -v -v +2010-08-26 22:52:09.092: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-08-26 22:52:09.538: debug: +2010-08-26 22:52:09.539: debug: parsing zone "example.net." in dir "./example.net" +2010-08-26 22:52:09.704: debug: +2010-08-26 22:52:09.704: notice: end of run: 0 errors occured +2010-08-26 22:56:02.935: notice: ------------------------------------------------------------ +2010-08-26 22:56:02.935: notice: running ../../zkt-signer -v -v +2010-08-26 22:56:02.937: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-08-26 22:56:02.938: debug: +2010-08-26 22:56:02.938: debug: parsing zone "example.net." in dir "./example.net" +2010-08-26 22:56:02.938: debug: +2010-08-26 22:56:02.938: notice: end of run: 0 errors occured +2010-08-26 23:06:00.453: notice: ------------------------------------------------------------ +2010-08-26 23:06:00.453: notice: running ../../zkt-signer -v -v +2010-08-26 23:06:00.456: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-08-26 23:06:00.593: debug: +2010-08-26 23:06:00.593: debug: parsing zone "example.net." in dir "./example.net" +2010-08-26 23:06:00.672: debug: +2010-08-26 23:06:00.672: notice: end of run: 0 errors occured +2010-08-26 23:11:33.804: notice: ------------------------------------------------------------ +2010-08-26 23:11:33.805: notice: running ../../zkt-signer -v -v +2010-08-26 23:11:33.807: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-08-26 23:11:33.808: debug: +2010-08-26 23:11:33.808: debug: parsing zone "example.net." in dir "./example.net" +2010-08-26 23:11:33.809: debug: +2010-08-26 23:11:33.809: notice: end of run: 0 errors occured +2010-08-26 23:12:51.008: notice: ------------------------------------------------------------ +2010-08-26 23:12:51.008: notice: running ../../zkt-signer -v -v +2010-08-26 23:12:51.010: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-08-26 23:12:51.011: debug: +2010-08-26 23:12:51.012: debug: parsing zone "example.net." in dir "./example.net" +2010-08-26 23:12:51.012: debug: +2010-08-26 23:12:51.012: notice: end of run: 0 errors occured +2010-08-26 23:23:47.879: notice: ------------------------------------------------------------ +2010-08-26 23:23:47.880: notice: running ../../zkt-signer -v -v +2010-08-26 23:23:47.886: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-08-26 23:23:47.886: debug: +2010-08-26 23:23:47.886: debug: parsing zone "example.net." in dir "./example.net" +2010-08-26 23:23:47.886: debug: +2010-08-26 23:23:47.886: notice: end of run: 0 errors occured +2010-08-26 23:50:15.720: notice: ------------------------------------------------------------ +2010-08-26 23:50:15.720: notice: running ../../zkt-signer -v -v +2010-08-26 23:50:15.722: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-08-26 23:50:15.724: debug: +2010-08-26 23:50:15.724: debug: parsing zone "example.net." in dir "./example.net" +2010-08-26 23:50:15.725: debug: +2010-08-26 23:50:15.725: notice: end of run: 0 errors occured +2010-08-26 23:50:55.121: notice: ------------------------------------------------------------ +2010-08-26 23:50:55.121: notice: running ../../zkt-signer -v -v +2010-08-26 23:50:55.123: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-08-26 23:50:55.124: debug: +2010-08-26 23:50:55.124: debug: parsing zone "example.net." in dir "./example.net" +2010-08-26 23:50:55.124: debug: +2010-08-26 23:50:55.124: notice: end of run: 0 errors occured +2010-08-26 23:51:46.603: notice: ------------------------------------------------------------ +2010-08-26 23:51:46.604: notice: running ../../zkt-signer -v -v +2010-08-26 23:51:46.606: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-08-26 23:51:46.719: debug: +2010-08-26 23:51:46.719: debug: parsing zone "example.net." in dir "./example.net" +2010-08-26 23:51:46.719: debug: +2010-08-26 23:51:46.719: notice: end of run: 0 errors occured +2010-08-26 23:54:22.818: notice: ------------------------------------------------------------ +2010-08-26 23:54:22.819: notice: running ../../zkt-signer -v -v +2010-08-26 23:54:22.821: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-08-26 23:54:22.823: debug: +2010-08-26 23:54:22.823: debug: parsing zone "example.net." in dir "./example.net" +2010-08-26 23:54:22.825: debug: +2010-08-26 23:54:22.825: notice: end of run: 0 errors occured +2010-08-26 23:55:00.013: notice: ------------------------------------------------------------ +2010-08-26 23:55:00.013: notice: running ../../zkt-signer -v -v +2010-08-26 23:55:00.017: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-08-26 23:55:00.018: debug: +2010-08-26 23:55:00.018: debug: parsing zone "example.net." in dir "./example.net" +2010-08-26 23:55:00.169: debug: +2010-08-26 23:55:00.169: notice: end of run: 0 errors occured +2010-08-26 23:56:17.462: notice: ------------------------------------------------------------ +2010-08-26 23:56:17.462: notice: running ../../zkt-signer -v -v +2010-08-26 23:56:17.464: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-08-26 23:56:17.465: debug: +2010-08-26 23:56:17.465: debug: parsing zone "example.net." in dir "./example.net" +2010-08-26 23:56:17.531: debug: +2010-08-26 23:56:17.531: notice: end of run: 0 errors occured +2010-08-26 23:57:00.176: notice: ------------------------------------------------------------ +2010-08-26 23:57:00.176: notice: running ../../zkt-signer -v -v +2010-08-26 23:57:00.178: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-08-26 23:57:00.178: debug: +2010-08-26 23:57:00.178: debug: parsing zone "example.net." in dir "./example.net" +2010-08-26 23:57:00.179: debug: +2010-08-26 23:57:00.179: notice: end of run: 0 errors occured +2010-10-21 14:01:35.484: notice: ------------------------------------------------------------ +2010-10-21 14:01:35.484: notice: running zkt-signer -c dnssec.conf -D . +2010-10-21 14:01:35.486: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-10-21 14:01:35.546: debug: +2010-10-21 14:01:35.546: debug: parsing zone "example.net." in dir "./example.net" +2010-10-21 14:01:35.794: debug: +2010-10-21 14:01:35.794: notice: end of run: 2 errors occured +2010-10-21 14:02:09.144: notice: ------------------------------------------------------------ +2010-10-21 14:02:09.144: notice: running zkt-signer -v -v -c dnssec.conf -D . +2010-10-21 14:02:09.146: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-10-21 14:02:09.209: debug: +2010-10-21 14:02:09.209: debug: parsing zone "example.net." in dir "./example.net" +2010-10-21 14:02:09.209: debug: +2010-10-21 14:02:09.209: notice: end of run: 2 errors occured +2010-10-21 14:05:35.986: notice: ------------------------------------------------------------ +2010-10-21 14:05:35.986: notice: running ../../zkt-signer -v -v +2010-10-21 14:05:35.988: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-10-21 14:05:36.170: debug: +2010-10-21 14:05:36.170: debug: parsing zone "example.net." in dir "./example.net" +2010-10-21 14:05:36.170: debug: +2010-10-21 14:05:36.170: notice: end of run: 0 errors occured +2010-10-21 14:30:43.890: notice: ------------------------------------------------------------ +2010-10-21 14:30:43.890: notice: running ../../zkt-signer -v -v +2010-10-21 14:30:43.892: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2010-10-21 14:30:43.892: debug: +2010-10-21 14:30:43.892: debug: parsing zone "example.net." in dir "./example.net" +2010-10-21 14:30:43.893: debug: +2010-10-21 14:30:43.893: notice: end of run: 0 errors occured diff --git a/contrib/zkt-1.1.2/examples/flat/zone.conf b/contrib/zkt-1.1.2/examples/flat/zone.conf new file mode 100644 index 0000000000..54487af2f0 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/flat/zone.conf @@ -0,0 +1,10 @@ + +zone "example.NET." in { + type master; + file "example.net/zone.db.signed"; +}; + +zone "sub.example.NET." in { + type master; + file "sub.example.net/zone.db.signed"; +}; diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+25598.key b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+25598.key new file mode 100644 index 0000000000..45ff7704ae --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+25598.key @@ -0,0 +1,3 @@ +;% generationtime=20110125091120 +;% lifetime=84d +example.de. IN DNSKEY 256 3 5 BQEAAAAB13b8+4oBaYaLYdDvH6fwVwDfohlzGdSu5A9nO/wJ1taCB+4T wn3TSAtlttLmzYad5EbBUIn+4CLBKmc4sKn/cw== diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+25598.published b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+25598.published new file mode 100644 index 0000000000..21ac24add1 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+25598.published @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: 13b8+4oBaYaLYdDvH6fwVwDfohlzGdSu5A9nO/wJ1taCB+4Twn3TSAtlttLmzYad5EbBUIn+4CLBKmc4sKn/cw== +PublicExponent: AQAAAAE= +PrivateExponent: Hr+/WEVR20WhmLb/zS+1qqrw9YDpgmw2hTb9Qs5wa5el38OEzQV5OvBdfQC/aDj7SW1PPSw0iYvcoVS3ZPZh +Prime1: 84w3+p6VYYdrwuju6BrMdISLRla1pPo+synV7D7IR4M= +Prime2: 4nsxmxk0VLrAzzVDfxvEcF3uEOPIKDgayiB1YCvJ9VE= +Exponent1: XzmWw18psVyeqhhEZygfbffj2N61WpM0OulCViv4upM= +Exponent2: Qvo4lPrZBicpnQoC+TTYN2MhzXfIm4IPATGftVC6oFE= +Coefficient: 6J4QOm1lunyBgAiluqGKhs9FJs9y1ZQ62Lzgauf6XVA= diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+37983.key b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+37983.key new file mode 100644 index 0000000000..55364ea623 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+37983.key @@ -0,0 +1,3 @@ +;% generationtime=20081116180040 +;% lifetime=365d +example.de. IN DNSKEY 257 3 5 BQEAAAABDOkPawC/tCqSITj6lvzcIPwcMEX+Nvz17GBu85jmigMuvZQU YZBVUmJNNBbCNStlz+Y+1pGg9HbWFvn0tpH/bm4mZPlJmk+WxQhHz7eT m5xhSaSEEzq0uf087tAbaq1yaTpTtA2R7JXIPxt6CuD9Ou5bbYOzrFnB q1VBAYrwB6t/us10+Ab7T6Jvie/W+v4jto1Xx912Z8HHTbU48Mlp1+mU jQ== diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+37983.published b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+37983.published new file mode 100644 index 0000000000..b120c0c6a6 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+37983.published @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: DOkPawC/tCqSITj6lvzcIPwcMEX+Nvz17GBu85jmigMuvZQUYZBVUmJNNBbCNStlz+Y+1pGg9HbWFvn0tpH/bm4mZPlJmk+WxQhHz7eTm5xhSaSEEzq0uf087tAbaq1yaTpTtA2R7JXIPxt6CuD9Ou5bbYOzrFnBq1VBAYrwB6t/us10+Ab7T6Jvie/W+v4jto1Xx912Z8HHTbU48Mlp1+mUjQ== +PublicExponent: AQAAAAE= +PrivateExponent: AcxmOS9ewHH4UTWVHOSEyONodDImWb5DFyMOUzn3FCkdBEnsOAYTO8/noT3PP0uoMK0s7/BlIReEqsyCVcgQVrTbJszoKlwhHT+XO60i3wPJIWF9u8ouFDnGLkbSRpw6L72uRZy9SdSWUWHdlRayK6T3uJGrcsCLIlzaSue1vXjdUobHMVxQ+mPCFNjSgRWOvTxGcsoXPKx5MjrmAUEnLyQuoQ== +Prime1: A50KZhIYCkyx48okZHgirDXs0cVYf2OOvLcNKF4AvBBTwoV9+oFfTd+wKy9f+G/FqVBV1s4rv/M7UCpAFJPCqaDkt+EEv5DNnX69RgvwBrHyxQ== +Prime2: A5KoV2IkWEM9Djm8pZay/fQpM8coQxVutNDb9G4ADMwpwK5ddGifS38jPlHenUKDxSFtfOZBQbyf7ra/lSttpOqSnr/e6s6HHRn5TYfdR9IXKQ== +Exponent1: eWP9FtwMjnnrsAhQlO7Fbko74gKGRVaygSe4Pd+TGM22dHDZCCoc//IBL+s2Dhezy1l8xiOPVbcxzxHMbqrQhPENi7HihDwiR1WfuSaoIfod +Exponent2: AweXUxlW7qBg+v2qV5cCZl+gvTBW/1vP7llsoOqbHR69xLklXEV96TlEbKU8hoSnq8ts8qqh4/HFj1d+KRTeHWpseUm0GXdK/k7ZvYfr7KVHUQ== +Coefficient: AwVZtbgFX0bAOj9J2p48qYAn3EaIuCvzDYoIE3E/m3NZS8UXQ5MK12AFhulRYpWOgZCIWK9fH0MTvtDFk3I5vyFTMhovDBrSWNn/+TJ47CwrBQ== diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+47280.key b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+47280.key new file mode 100644 index 0000000000..cf983b6961 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+47280.key @@ -0,0 +1,3 @@ +;% generationtime=20080914221502 +;% lifetime=365d +example.de. IN DNSKEY 257 3 5 BQEAAAABDV7kFHqVcWLoSAShdlXU5LKUdyU4LlsJGYMr8oIpjEzvwonR mX5pRiEjVhTwx+vx6eWluv6txXVu+F0g2ykmqUQdMfPYWmD9AJOqvc2t CKVSRePqZ+HeIZR+heBnFKr5kWQmB5XOlMdWNRA3y78s/LufVB8hD7r2 60jrVJ0W6wSMGDjN4zQce8rHCe+LNB1GfaIASkMWjdgxNNAsK9bqDM8E uw== diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+47280.private b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+47280.private new file mode 100644 index 0000000000..fed718b586 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+47280.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: DV7kFHqVcWLoSAShdlXU5LKUdyU4LlsJGYMr8oIpjEzvwonRmX5pRiEjVhTwx+vx6eWluv6txXVu+F0g2ykmqUQdMfPYWmD9AJOqvc2tCKVSRePqZ+HeIZR+heBnFKr5kWQmB5XOlMdWNRA3y78s/LufVB8hD7r260jrVJ0W6wSMGDjN4zQce8rHCe+LNB1GfaIASkMWjdgxNNAsK9bqDM8Euw== +PublicExponent: AQAAAAE= +PrivateExponent: CxINUgbVqMf0BnMNYq3aL8ucN4fael2ljQYgDCpcTMfqVuRo+Vo6sMEr3C6Bw8MTHWo2jMxdulyS4tsiMQVVjWUArFL/sfFYLwopjOExcneji6noi8n9dzgslNpo3QAdnKwDGUwj+k7CBzCbLSZ5xpt/eaHcN4l1buQ0tcqShthdh7sNHFX1nAqjsLa7xxCiBsliA6LD/QTAAzcbED0Xw7SJWQ== +Prime1: A+RY6jx9urFg5GeyRqrAiqqClEzyWgEM4HsJn/oQ38PE6NrPzcG9U95um79u1WwWtXe5xTifInhN40CpxQYH45NFjZEuEvROvkXk5JHV9b5UHw== +Prime2: A2949khdV+cKgI2EHmRIu7PJUFkBgrMXacwVpGdaN41NpJYFRYW8qoPmKRrw/Fji7GZj0rrro51XT7JNDbC44dX/bGdNa/eWvslPJGfCR4Gb5Q== +Exponent1: rVHNFnlV2HXIOzi9+2Hit8m7bNXrVXA/DJ3lGCzDL2PzpvQcrL6mMXzaYznP9XaSgyR9M8u+Tdwqq11lHsnWhNLyWKTyAlO5WP3syQD3+0Jp +Exponent2: ArQCCQS8lPgDvu7LI3q5tanr2nmM2uMzPNud9EPSqAql8iEIgOZDLDsMDZd9QHm2Dicjc2UifTcJgQlc3OACSVYkkxjvHKO7t03KNoZkhceTTQ== +Coefficient: GUOOUFWtz0iCPZx1ljdxpP3T4hW7Jux1zcfV6PwX+Nx+8KcawXFfNxjsC1+Sla9Txv02Kgqg9Mh3mCNGynimcbkmmOcfyozKOttAD1sheFK0 diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+60407.key b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+60407.key new file mode 100644 index 0000000000..f2528244fa --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+60407.key @@ -0,0 +1,3 @@ +;% generationtime=20101127093934 +;% lifetime=63d +example.de. IN DNSKEY 256 3 5 BQEAAAABw62oxcUQ8mF4T6zH+tAkM0FU3nXJ4sgnBSUa884gZL2AlG+t 7FpwrRm/Hish/hxVRzmM8q2srgLHBYAk12VkMQ== diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+60407.private b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+60407.private new file mode 100644 index 0000000000..4ac668f210 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/Kexample.de.+005+60407.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: w62oxcUQ8mF4T6zH+tAkM0FU3nXJ4sgnBSUa884gZL2AlG+t7FpwrRm/Hish/hxVRzmM8q2srgLHBYAk12VkMQ== +PublicExponent: AQAAAAE= +PrivateExponent: IwUfBuvY5VY30HNbiboZAUkgEkSiFAj86peg2ue+PhllmtSP+Vxl7bguyEq0JJgk8AcQB0fxD9b8VdkgksSwgQ== +Prime1: 54rg6aJKRFWczUKRDwD0/aRC+VKc6gJAtw3RrAnW/Nc= +Prime2: 2Fj7RLozuJFUHRkDTFIQWrPEInCGmrIPU+tLPH6vPjc= +Exponent1: gwVUTriIA6KGdAqT+sX/5cpwaIC0v5Nnl70WXoOkiOs= +Exponent2: RI+e2Q3LGyTFTRf64HiGzl67T84jor3EM+1LTugfpSs= +Coefficient: CNfuRUw+kKfO99T09DeD1y4N7QwyGG03NfazSa4GvPU= diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/dnskey.db b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/dnskey.db new file mode 100644 index 0000000000..b0d62f552a --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/dnskey.db @@ -0,0 +1,39 @@ +; +; !!! Don't edit this file by hand. +; !!! It will be generated by zkt-signer. +; +; Last generation time Jan 25 2011 19:39:31 +; + +; *** List of Key Signing Keys *** +; example.de. tag=47280 algo=RSASHA1 generated Jul 05 2010 09:43:02 +example.de. 14400 IN DNSKEY 257 3 5 ( + BQEAAAABDV7kFHqVcWLoSAShdlXU5LKUdyU4LlsJGYMr8oIpjEzvwonR + mX5pRiEjVhTwx+vx6eWluv6txXVu+F0g2ykmqUQdMfPYWmD9AJOqvc2t + CKVSRePqZ+HeIZR+heBnFKr5kWQmB5XOlMdWNRA3y78s/LufVB8hD7r2 + 60jrVJ0W6wSMGDjN4zQce8rHCe+LNB1GfaIASkMWjdgxNNAsK9bqDM8E + uw== + ) ; key id = 47280 + +; example.de. tag=37983 algo=RSASHA1 generated Jul 05 2010 09:43:02 +example.de. 14400 IN DNSKEY 257 3 5 ( + BQEAAAABDOkPawC/tCqSITj6lvzcIPwcMEX+Nvz17GBu85jmigMuvZQU + YZBVUmJNNBbCNStlz+Y+1pGg9HbWFvn0tpH/bm4mZPlJmk+WxQhHz7eT + m5xhSaSEEzq0uf087tAbaq1yaTpTtA2R7JXIPxt6CuD9Ou5bbYOzrFnB + q1VBAYrwB6t/us10+Ab7T6Jvie/W+v4jto1Xx912Z8HHTbU48Mlp1+mU + jQ== + ) ; key id = 37983 + +; *** List of Zone Signing Keys *** +; example.de. tag=60407 algo=RSASHA1 generated Nov 27 2010 19:46:33 +example.de. 14400 IN DNSKEY 256 3 5 ( + BQEAAAABw62oxcUQ8mF4T6zH+tAkM0FU3nXJ4sgnBSUa884gZL2AlG+t + 7FpwrRm/Hish/hxVRzmM8q2srgLHBYAk12VkMQ== + ) ; key id = 60407 + +; example.de. tag=25598 algo=RSASHA1 generated Jan 25 2011 10:11:20 +example.de. 14400 IN DNSKEY 256 3 5 ( + BQEAAAAB13b8+4oBaYaLYdDvH6fwVwDfohlzGdSu5A9nO/wJ1taCB+4T + wn3TSAtlttLmzYad5EbBUIn+4CLBKmc4sKn/cw== + ) ; key id = 25598 + diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/dsset-example.de. b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/dsset-example.de. new file mode 100644 index 0000000000..86ba183b06 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/dsset-example.de. @@ -0,0 +1,4 @@ +example.de. IN DS 37983 5 1 635B486D53D19B16BC4A87366BC2D5626978F4B9 +example.de. IN DS 37983 5 2 5B8412FE443D8F4F77AC4C89FF12289DA88998D864EC68E3E5A4EE2C B192F9DC +example.de. IN DS 47280 5 1 149C886C8175B220A964D4293EB4FCFAC1650974 +example.de. IN DS 47280 5 2 466E738B6913F7081DE5E17FC3567771618AB1D6CB0A333270A4AC24 7DB14DD0 diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/keyset-example.de. b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/keyset-example.de. new file mode 100644 index 0000000000..27a14419fa --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/keyset-example.de. @@ -0,0 +1,19 @@ +$ORIGIN . +example.de 7200 IN DNSKEY 257 3 5 ( + BQEAAAABDOkPawC/tCqSITj6lvzcIPwcMEX+ + Nvz17GBu85jmigMuvZQUYZBVUmJNNBbCNStl + z+Y+1pGg9HbWFvn0tpH/bm4mZPlJmk+WxQhH + z7eTm5xhSaSEEzq0uf087tAbaq1yaTpTtA2R + 7JXIPxt6CuD9Ou5bbYOzrFnBq1VBAYrwB6t/ + us10+Ab7T6Jvie/W+v4jto1Xx912Z8HHTbU4 + 8Mlp1+mUjQ== + ) ; key id = 37983 + 7200 IN DNSKEY 257 3 5 ( + BQEAAAABDV7kFHqVcWLoSAShdlXU5LKUdyU4 + LlsJGYMr8oIpjEzvwonRmX5pRiEjVhTwx+vx + 6eWluv6txXVu+F0g2ykmqUQdMfPYWmD9AJOq + vc2tCKVSRePqZ+HeIZR+heBnFKr5kWQmB5XO + lMdWNRA3y78s/LufVB8hD7r260jrVJ0W6wSM + GDjN4zQce8rHCe+LNB1GfaIASkMWjdgxNNAs + K9bqDM8Euw== + ) ; key id = 47280 diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/keyset-sub.example.de. b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/keyset-sub.example.de. new file mode 100644 index 0000000000..6c7f963191 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/keyset-sub.example.de. @@ -0,0 +1,7 @@ +; KSK rollover phase1 (new key generated but this is alread the old one) +sub.example.de. 14400 IN DNSKEY 257 3 5 ( + BQEAAAABzRcWJYuBn9eY8u4x+04jkYmSmfRaGuNc4soput6Fo2/HViu1 + 1Jo2uMnp4Z4MeGzti4IGsL2Lp5vC66qXeX0Qqk+aIJBQUyHCF1nPmPad + 2hDVFpD4Lp/uArmHaaLxQ4px6LEe0PMG1W/a/gJWNxuiTmkSN5c9vXsQ + m3SuRnb0ef0= + ) ; key id = 38331 diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+27647.key b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+27647.key new file mode 100644 index 0000000000..30860426d1 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+27647.key @@ -0,0 +1,3 @@ +;% generationtime=20101127093933 +;% lifetime=3d +sub.example.de. IN DNSKEY 256 3 5 BQEAAAAB5tuyJuCMHTySqvnPpVSbFcnFK6jI/BG3Va5Yu0ou7jPArylc mziNb9AIJ2PBaVcXbeH6h9YWd9MLCLKPZqRLKQ== diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+27647.private b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+27647.private new file mode 100644 index 0000000000..3618ea59cc --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+27647.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: 5tuyJuCMHTySqvnPpVSbFcnFK6jI/BG3Va5Yu0ou7jPArylcmziNb9AIJ2PBaVcXbeH6h9YWd9MLCLKPZqRLKQ== +PublicExponent: AQAAAAE= +PrivateExponent: JzR1JHrF/sD4IW5yUk+u1Kk3EuBcKPbD8wqOMseG34SyEm1jPU+o2QlTA2DPw49ApfKrkq+ikDZ7+mRwRGOHAQ== +Prime1: 9OdVjN/tX8KeuG8oURXKri8YD04kz07isqeYTYyksfE= +Prime2: 8VFyYFkvnx5UuYdOTuoIIJcQqK0HeC+JwB1wAyRm9Lk= +Exponent1: ATIpC4/KM7AKHLlt3vvxyyov3pPBnCwF9NC4L4gpNEE= +Exponent2: 8UV1SqMZEk9tI8NTvRa2Z6xRB0b7D2MNnedSZqOXi/E= +Coefficient: mUOK9cs0xozwdcUZPkP+FDoxJvfN6eeidsFqya3JLOo= diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+32679.key b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+32679.key new file mode 100644 index 0000000000..c9a4679c41 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+32679.key @@ -0,0 +1,3 @@ +;% generationtime=20110125183931 +;% lifetime=7d +sub.example.de. IN DNSKEY 257 3 5 BQEAAAABocb52XnOJzaKKv90SFZxTddP7OuzI/qaeOqptm7BH3QKGTBj ZmgfJ6J2uNXamzVEUGiAV5yLvPbxSAUK/R7HWP22ENqRxouZrQVUYfMC pVS69kTGagTnMmywpg5LtCic9+18YRX2NhkxNvUpBjlTn7BbjXW36yy5 sA1Uq+Rg2cU= diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+32679.private b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+32679.private new file mode 100644 index 0000000000..526253928d --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+32679.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: ocb52XnOJzaKKv90SFZxTddP7OuzI/qaeOqptm7BH3QKGTBjZmgfJ6J2uNXamzVEUGiAV5yLvPbxSAUK/R7HWP22ENqRxouZrQVUYfMCpVS69kTGagTnMmywpg5LtCic9+18YRX2NhkxNvUpBjlTn7BbjXW36yy5sA1Uq+Rg2cU= +PublicExponent: AQAAAAE= +PrivateExponent: JpNUVc04LC+jHSd/SN4bbbUXotjoQMNxsR0OmiGAQqOdWL6NWZ2XRr1dYS0NWy6lLxPCtA5MhnS5TgY633Vfd2KM8ywkNy3Dwtd/ynHRqv6poAhSoSZtYds/RrPATwMMzKmuwXoH9YAG4IHhG9y4mUA9cVB84xT/5ZVxoaatYgE= +Prime1: 1hrTq3BjlThxhlNym2qSx5Kop2rtn6J3LSM7wlQ8vd2vR9lNuj8TrM8yig3S1tRh4RSKLWtOgb3eBo26nrp+EQ== +Prime2: wW7mdWIEe1UkZVFnH2J2If5D5v1mn0o8umik+tE3aQJun9WOVjbZ/PjwlaMM+nFAID08Plj25ec0z8hu8cV8dQ== +Exponent1: iVUvqW8WSh0JJt2Cs6Eokp6fhJveVPMTmTtWWkKtYFnQx/peBxb55x+ULMQvHG3Iz06Y445k61629mCvyB9qwQ== +Exponent2: Ewn17+1cExPMS+ZITVszVdouSCvnteVj7V/AL8C0iSK0x7XlBx3F8D9vNfYWL+7WOjF5t+v0dmBM+J0TKLUZzQ== +Coefficient: AhCRWPVu5lQcfR94r8G5sQik3ZmZf1uJbO2mf+24yHQA0qjzYiEo42jCwXSDA3JtBwAbTwukmmTn4gOWHex7JQ== diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+38331.key b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+38331.key new file mode 100644 index 0000000000..e4eace4255 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+38331.key @@ -0,0 +1,3 @@ +;% generationtime=20100826211144 +;% lifetime=7d +sub.example.de. IN DNSKEY 257 3 5 BQEAAAABzRcWJYuBn9eY8u4x+04jkYmSmfRaGuNc4soput6Fo2/HViu1 1Jo2uMnp4Z4MeGzti4IGsL2Lp5vC66qXeX0Qqk+aIJBQUyHCF1nPmPad 2hDVFpD4Lp/uArmHaaLxQ4px6LEe0PMG1W/a/gJWNxuiTmkSN5c9vXsQ m3SuRnb0ef0= diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+38331.private b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+38331.private new file mode 100644 index 0000000000..d0d323dcfd --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+38331.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: zRcWJYuBn9eY8u4x+04jkYmSmfRaGuNc4soput6Fo2/HViu11Jo2uMnp4Z4MeGzti4IGsL2Lp5vC66qXeX0Qqk+aIJBQUyHCF1nPmPad2hDVFpD4Lp/uArmHaaLxQ4px6LEe0PMG1W/a/gJWNxuiTmkSN5c9vXsQm3SuRnb0ef0= +PublicExponent: AQAAAAE= +PrivateExponent: YcpriBuIcizNJGNwVPxNTYDgzz4nQsZ2z7F5fr5BmfC9Ukx7Mdl8wzS/8dikD3FhTqEbDdANf5L/LuPiE0XvvFzMEweRtoSQnYDlnvpYQPGcFcTXlbY1Jn6h3WvVyfLWMWK0/2lsLtHzRhToyI1WyO6wFqrun9e+HvHb71SwP6k= +Prime1: 9aHh1J2wdRibYZI01fQqegxMuZn5+NlvxWxO2Bzwbm4e68cMQjVeyn7N0j46hE7kv+z07422AgXq1kLllqIpNw== +Prime2: 1b8i4culx54km/hid+U9qLFcorXX9e2QF2LFxd5/+YYBBILp7RGk9sD/PWTCPcYZbviPzkRhq+3ignTfwdzAaw== +Exponent1: 2fQGWETsC1OVxzQamORV4JQzBB8haAYNHaCcvgidlQgQFQA2pR4PNaLj77DUHBOrjb2pKjsCS7xumwVu1F8T2w== +Exponent2: EX6aW8lr4Fizn0QwEumQAYnRv7Z32Tfmnr/s6gHPVxPK7spfiPhK0Lb3Q04OfFkJdHNaG9YMpqmNI8ZW/PyJsw== +Coefficient: YvQ1SQqRz/y9ApJSUmswljwbA6NGxS5Mh9ZA8Ui1jNPYClQ6Ncn2A4FatnLBfyLaalCLzR3rf22LoNvwc9g8rg== diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+51846.key b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+51846.key new file mode 100644 index 0000000000..40d7719cbc --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+51846.key @@ -0,0 +1,3 @@ +;% generationtime=20101127101703 +;% lifetime=7d +sub.example.de. IN DNSKEY 257 3 5 BQEAAAAB2CMCmaITzL7L6UmI0Y+u16LiyINgkYc3dxYunDYWK0FEXGa5 L7ss8jepJnBM6KD/rekwqb5wgso/5VnSprhUUnQqec6ESuJ/9/ThI6i7 zD6AnwdtXagTOaTRqWhUEcjgMIG4oJK/Pb5mZAlXvzPqmRkyeStRw0cU AEWQvdtuDcc= diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+51846.private b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+51846.private new file mode 100644 index 0000000000..cc7651480b --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+51846.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: 2CMCmaITzL7L6UmI0Y+u16LiyINgkYc3dxYunDYWK0FEXGa5L7ss8jepJnBM6KD/rekwqb5wgso/5VnSprhUUnQqec6ESuJ/9/ThI6i7zD6AnwdtXagTOaTRqWhUEcjgMIG4oJK/Pb5mZAlXvzPqmRkyeStRw0cUAEWQvdtuDcc= +PublicExponent: AQAAAAE= +PrivateExponent: BTyLOYpzVpf3iu0C8TsgWOjkBxZYFrHY/A1FOznBnvmYoGo/R3VEoeiZ8rNeizi5z123O37vROe8lz78HGacZbAdOJN2641uSsIN291KQk5phA9udaR6LT+mc0pIb9jg++M0F3Hf5i5PYEu/er/JGSHFT6/h9NpnbyqcXYjV6yE= +Prime1: 8+mFlmHUdJ730AoP0NGVCaQXmU0YRTKsbR/6nQLOerKE9XBfedI9yqBR3c/jxko6dt8f6d/vhizdeTfmQU/xJQ== +Prime2: 4tka/vWR5lFqC3IGnKH0Dudiwurzz/dDoPwc1WWdpKWdKBss3D+aFFr61NFTgJCT2vw7/5EJY0RGX7JVMKQdew== +Exponent1: ZKJzEF60uVnkVEg+IyIS7mBmUVL91FmieU1ZOXSeV683uCdVKSTSdPr/+l18R7IgjOnCOs9ityOfGb0eVrqHKQ== +Exponent2: af/TPglQaRZJKRwT8Jh6PbuBtK1RpMmudpVF/M+t7VSCpkhIEa+MPQP3f/9POSHT/Th8oe7PE/JLhqEllQTgsQ== +Coefficient: PlboG/Rm7dd/QQirRpQ/fZZdFPjNI0J1VjfRst+Qb/yuB2m81CU6GNwDyJujX7L5JQpfQGlqIRvk9jw2cpRBJQ== diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+55550.key b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+55550.key new file mode 100644 index 0000000000..a2eafcbc8b --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+55550.key @@ -0,0 +1,3 @@ +;% generationtime=20110125091120 +;% lifetime=3d +sub.example.de. IN DNSKEY 256 3 5 BQEAAAAB1+QMKtDQA7dd2FA5IMVv5Y/VQa1ueCB4ZgDqvDUkdmQ2STLE DwQuCoL26XId1SjEPQS47v3GBqTkSb0M/mSIsw== diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+55550.published b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+55550.published new file mode 100644 index 0000000000..d465b72ad9 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+55550.published @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: 1+QMKtDQA7dd2FA5IMVv5Y/VQa1ueCB4ZgDqvDUkdmQ2STLEDwQuCoL26XId1SjEPQS47v3GBqTkSb0M/mSIsw== +PublicExponent: AQAAAAE= +PrivateExponent: Kye03nJBn261AzC2UQAIVVOz0IUDAmIO/LqThB87QJc9xFPk+KQZDvn7+XaLReYSUZrgDadZozVyGCBwmTbKEQ== +Prime1: 8c3ijRfD1wTzd2CKDyO9Zzsq0r/DvH/30BL7QzB1/7s= +Prime2: 5JC0mXeSA3vDweMKht4bH44IXBPLuq9EGTVWDLolH2k= +Exponent1: jCN5Qm3qprCbs+lLPNJ1fIWWD6Zzg6tObVCputLFRqE= +Exponent2: ooEJXApdOWOj2g9rLuZ0jCEkARFtLd/fnvlEZfWOJFk= +Coefficient: GZIo2y2pmmjsXCZaHPzd6CGGkXRq1kOw2OCZ1NUcPWY= diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/dlvset-sub.example.de. b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/dlvset-sub.example.de. new file mode 100644 index 0000000000..c640dc1314 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/dlvset-sub.example.de. @@ -0,0 +1,6 @@ +sub.example.de.dlv.trusted-keys.net. IN DLV 32679 5 1 B2B115076F5BC2F2864D8ED1D63279193E5E7999 +sub.example.de.dlv.trusted-keys.net. IN DLV 32679 5 2 71B3896274A524028F131983D780C12CB38EA40E435815E9CC301749 26BFD367 +sub.example.de.dlv.trusted-keys.net. IN DLV 38331 5 1 8F7E90EE2686DAE4D31CEE40142AD6A25670B0A0 +sub.example.de.dlv.trusted-keys.net. IN DLV 38331 5 2 7B791220D03926DC6D3531CD155EF1E2AB202CE5955DF61079BEDD48 67400707 +sub.example.de.dlv.trusted-keys.net. IN DLV 51846 5 1 F0B3607F13FFE0C5AEF2ED24978FC8D42B391361 +sub.example.de.dlv.trusted-keys.net. IN DLV 51846 5 2 B067543FEAC9F203E9508672D802DEFD9F8AFF6CDBCC298B25C2CCED EDC813D8 diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/dnskey.db b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/dnskey.db new file mode 100644 index 0000000000..152e303229 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/dnskey.db @@ -0,0 +1,45 @@ +; +; !!! Don't edit this file by hand. +; !!! It will be generated by zkt-signer. +; +; Last generation time Jan 25 2011 19:39:31 +; + +; *** List of Key Signing Keys *** +; sub.example.de. tag=38331 algo=RSASHA1 generated Aug 26 2010 23:11:44 +sub.example.de. 14400 IN DNSKEY 257 3 5 ( + BQEAAAABzRcWJYuBn9eY8u4x+04jkYmSmfRaGuNc4soput6Fo2/HViu1 + 1Jo2uMnp4Z4MeGzti4IGsL2Lp5vC66qXeX0Qqk+aIJBQUyHCF1nPmPad + 2hDVFpD4Lp/uArmHaaLxQ4px6LEe0PMG1W/a/gJWNxuiTmkSN5c9vXsQ + m3SuRnb0ef0= + ) ; key id = 38331 + +; sub.example.de. tag=51846 algo=RSASHA1 generated Nov 27 2010 11:17:03 +sub.example.de. 14400 IN DNSKEY 257 3 5 ( + BQEAAAAB2CMCmaITzL7L6UmI0Y+u16LiyINgkYc3dxYunDYWK0FEXGa5 + L7ss8jepJnBM6KD/rekwqb5wgso/5VnSprhUUnQqec6ESuJ/9/ThI6i7 + zD6AnwdtXagTOaTRqWhUEcjgMIG4oJK/Pb5mZAlXvzPqmRkyeStRw0cU + AEWQvdtuDcc= + ) ; key id = 51846 + +; sub.example.de. tag=32679 algo=RSASHA1 generated Jan 25 2011 19:39:31 +sub.example.de. 14400 IN DNSKEY 257 3 5 ( + BQEAAAABocb52XnOJzaKKv90SFZxTddP7OuzI/qaeOqptm7BH3QKGTBj + ZmgfJ6J2uNXamzVEUGiAV5yLvPbxSAUK/R7HWP22ENqRxouZrQVUYfMC + pVS69kTGagTnMmywpg5LtCic9+18YRX2NhkxNvUpBjlTn7BbjXW36yy5 + sA1Uq+Rg2cU= + ) ; key id = 32679 + +; *** List of Zone Signing Keys *** +; sub.example.de. tag=27647 algo=RSASHA1 generated Jan 25 2011 10:11:20 +sub.example.de. 14400 IN DNSKEY 256 3 5 ( + BQEAAAAB5tuyJuCMHTySqvnPpVSbFcnFK6jI/BG3Va5Yu0ou7jPArylc + mziNb9AIJ2PBaVcXbeH6h9YWd9MLCLKPZqRLKQ== + ) ; key id = 27647 + +; sub.example.de. tag=55550 algo=RSASHA1 generated Jan 25 2011 10:11:20 +sub.example.de. 14400 IN DNSKEY 256 3 5 ( + BQEAAAAB1+QMKtDQA7dd2FA5IMVv5Y/VQa1ueCB4ZgDqvDUkdmQ2STLE + DwQuCoL26XId1SjEPQS47v3GBqTkSb0M/mSIsw== + ) ; key id = 55550 + diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/dnssec.conf b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/dnssec.conf new file mode 100644 index 0000000000..ef2b668ef3 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/dnssec.conf @@ -0,0 +1,16 @@ +## +## dnssec-zkt v0.4 (c) Jan 2005 hoz hznet de ## +## + +resigninterval 12h +sigvalidity 1d +max_ttl 90s + +ksk_lifetime 7d +key_algo RSASHA1 +ksk_bits 1024 + +zsk_lifetime 3d +zsk_bits 512 + +dlv_domain "dlv.trusted-keys.net" diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/dsset-sub.example.de. b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/dsset-sub.example.de. new file mode 100644 index 0000000000..b3e2e25dd6 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/dsset-sub.example.de. @@ -0,0 +1,6 @@ +sub.example.de. IN DS 32679 5 1 B2B115076F5BC2F2864D8ED1D63279193E5E7999 +sub.example.de. IN DS 32679 5 2 71B3896274A524028F131983D780C12CB38EA40E435815E9CC301749 26BFD367 +sub.example.de. IN DS 38331 5 1 8F7E90EE2686DAE4D31CEE40142AD6A25670B0A0 +sub.example.de. IN DS 38331 5 2 7B791220D03926DC6D3531CD155EF1E2AB202CE5955DF61079BEDD48 67400707 +sub.example.de. IN DS 51846 5 1 F0B3607F13FFE0C5AEF2ED24978FC8D42B391361 +sub.example.de. IN DS 51846 5 2 B067543FEAC9F203E9508672D802DEFD9F8AFF6CDBCC298B25C2CCED EDC813D8 diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/keyset-sub.example.de. b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/keyset-sub.example.de. new file mode 100644 index 0000000000..6b3a4d6211 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/keyset-sub.example.de. @@ -0,0 +1,22 @@ +$ORIGIN . +sub.example.de 7200 IN DNSKEY 257 3 5 ( + BQEAAAABocb52XnOJzaKKv90SFZxTddP7Ouz + I/qaeOqptm7BH3QKGTBjZmgfJ6J2uNXamzVE + UGiAV5yLvPbxSAUK/R7HWP22ENqRxouZrQVU + YfMCpVS69kTGagTnMmywpg5LtCic9+18YRX2 + NhkxNvUpBjlTn7BbjXW36yy5sA1Uq+Rg2cU= + ) ; key id = 32679 + 7200 IN DNSKEY 257 3 5 ( + BQEAAAABzRcWJYuBn9eY8u4x+04jkYmSmfRa + GuNc4soput6Fo2/HViu11Jo2uMnp4Z4MeGzt + i4IGsL2Lp5vC66qXeX0Qqk+aIJBQUyHCF1nP + mPad2hDVFpD4Lp/uArmHaaLxQ4px6LEe0PMG + 1W/a/gJWNxuiTmkSN5c9vXsQm3SuRnb0ef0= + ) ; key id = 38331 + 7200 IN DNSKEY 257 3 5 ( + BQEAAAAB2CMCmaITzL7L6UmI0Y+u16LiyINg + kYc3dxYunDYWK0FEXGa5L7ss8jepJnBM6KD/ + rekwqb5wgso/5VnSprhUUnQqec6ESuJ/9/Th + I6i7zD6AnwdtXagTOaTRqWhUEcjgMIG4oJK/ + Pb5mZAlXvzPqmRkyeStRw0cUAEWQvdtuDcc= + ) ; key id = 51846 diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+08544.key b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+08544.key similarity index 100% rename from contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+08544.key rename to contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+08544.key diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+08544.private b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+08544.private similarity index 100% rename from contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+08544.private rename to contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+08544.private diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+27861.key b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+27861.key similarity index 100% rename from contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+27861.key rename to contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+27861.key diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+27861.private b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+27861.private similarity index 100% rename from contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+27861.private rename to contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+27861.private diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+42639.key b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+42639.key similarity index 100% rename from contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+42639.key rename to contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+42639.key diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+42639.private b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+42639.private similarity index 100% rename from contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+42639.private rename to contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+42639.private diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/parent-sub.example.de. b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/parent-sub.example.de. new file mode 100644 index 0000000000..6c7f963191 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/parent-sub.example.de. @@ -0,0 +1,7 @@ +; KSK rollover phase1 (new key generated but this is alread the old one) +sub.example.de. 14400 IN DNSKEY 257 3 5 ( + BQEAAAABzRcWJYuBn9eY8u4x+04jkYmSmfRaGuNc4soput6Fo2/HViu1 + 1Jo2uMnp4Z4MeGzti4IGsL2Lp5vC66qXeX0Qqk+aIJBQUyHCF1nPmPad + 2hDVFpD4Lp/uArmHaaLxQ4px6LEe0PMG1W/a/gJWNxuiTmkSN5c9vXsQ + m3SuRnb0ef0= + ) ; key id = 38331 diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/zone.db b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/zone.db new file mode 100644 index 0000000000..d4611a5d6e --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/zone.db @@ -0,0 +1,25 @@ +;----------------------------------------------------------------- +; +; @(#) sub.example.de/zone.db +; +;----------------------------------------------------------------- + +$TTL 7200 + +@ IN SOA ns1.example.de. hostmaster.example.de. ( + 2011012503; Serial (up to 10 digits) + 86400 ; Refresh (RIPE recommendation if NOTIFY is used) + 1800 ; Retry + 2W ; Expire + 7200 ) ; Minimum + + + IN NS ns1.example.de. + +$INCLUDE dnskey.db + +localhost IN A 127.0.0.1 + +a IN A 1.2.3.4 +b IN A 1.2.3.5 +c IN A 1.2.3.6 diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/zone.db.signed b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/zone.db.signed new file mode 100644 index 0000000000..84ae34b2d6 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/sub.example.de/zone.db.signed @@ -0,0 +1,131 @@ +; File written on Tue Jan 25 19:39:31 2011 +; dnssec_signzone version 9.7.2-P2 +sub.example.de. 7200 IN SOA ns1.example.de. hostmaster.example.de. ( + 2011012503 ; serial + 86400 ; refresh (1 day) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 7200 RRSIG SOA 5 3 7200 20110126173931 ( + 20110125173931 27647 sub.example.de. + wbTvANOCw3T6BjH3ibeVrgAG2WJPmX09LZmX + P7xtuj9F1Kaj+EpXvQv37SaA8ldr0Ge25q3+ + KB0+dtpmxel7NQ== ) + 7200 NS ns1.example.de. + 7200 RRSIG NS 5 3 7200 20110126173931 ( + 20110125173931 27647 sub.example.de. + hvliLSJ7kw/6nZfrDHJ3nnvW3RjiYZMbYASL + IdKLGsytfU6zaypMXGiwxDo/k+BafY7V4xAM + RGxgMNRthCqOaQ== ) + 7200 NSEC a.sub.example.de. NS SOA RRSIG NSEC DNSKEY + 7200 RRSIG NSEC 5 3 7200 20110126173931 ( + 20110125173931 27647 sub.example.de. + fCX2CjTIm3XyOXhPZni/e21bTKmdZlW9keBX + pb9hEYY5/D3UJWzkVNpVeQ0e1n3QQvwklLda + ezrP/SfZDzIwbg== ) + 14400 DNSKEY 256 3 5 ( + BQEAAAAB1+QMKtDQA7dd2FA5IMVv5Y/VQa1u + eCB4ZgDqvDUkdmQ2STLEDwQuCoL26XId1SjE + PQS47v3GBqTkSb0M/mSIsw== + ) ; key id = 55550 + 14400 DNSKEY 256 3 5 ( + BQEAAAAB5tuyJuCMHTySqvnPpVSbFcnFK6jI + /BG3Va5Yu0ou7jPArylcmziNb9AIJ2PBaVcX + beH6h9YWd9MLCLKPZqRLKQ== + ) ; key id = 27647 + 14400 DNSKEY 257 3 5 ( + BQEAAAABocb52XnOJzaKKv90SFZxTddP7Ouz + I/qaeOqptm7BH3QKGTBjZmgfJ6J2uNXamzVE + UGiAV5yLvPbxSAUK/R7HWP22ENqRxouZrQVU + YfMCpVS69kTGagTnMmywpg5LtCic9+18YRX2 + NhkxNvUpBjlTn7BbjXW36yy5sA1Uq+Rg2cU= + ) ; key id = 32679 + 14400 DNSKEY 257 3 5 ( + BQEAAAABzRcWJYuBn9eY8u4x+04jkYmSmfRa + GuNc4soput6Fo2/HViu11Jo2uMnp4Z4MeGzt + i4IGsL2Lp5vC66qXeX0Qqk+aIJBQUyHCF1nP + mPad2hDVFpD4Lp/uArmHaaLxQ4px6LEe0PMG + 1W/a/gJWNxuiTmkSN5c9vXsQm3SuRnb0ef0= + ) ; key id = 38331 + 14400 DNSKEY 257 3 5 ( + BQEAAAAB2CMCmaITzL7L6UmI0Y+u16LiyINg + kYc3dxYunDYWK0FEXGa5L7ss8jepJnBM6KD/ + rekwqb5wgso/5VnSprhUUnQqec6ESuJ/9/Th + I6i7zD6AnwdtXagTOaTRqWhUEcjgMIG4oJK/ + Pb5mZAlXvzPqmRkyeStRw0cUAEWQvdtuDcc= + ) ; key id = 51846 + 14400 RRSIG DNSKEY 5 3 14400 20110126173931 ( + 20110125173931 27647 sub.example.de. + sg/apLP8ejq7KT+djaUwJqizKG4tq1jTLMLt + NHLn/68rX5w4dY8DTeYxexb4r8Z23kVb0bg+ + lJmmBy5j2r8SMg== ) + 14400 RRSIG DNSKEY 5 3 14400 20110126173931 ( + 20110125173931 32679 sub.example.de. + bzzolxuy/5cXaTOvYDGz+xiRffMSQUSCRicG + jN2InbD0oghm9IlZYaerY3Cx4ta0xitl63Fa + 9n8DAb409BU+uR3SKw+EMQwdEhn1ixslf7Er + N9nyPz+3hCteJ89htoyGBRehQbw3LkFsHPKS + 1q62yU3+dLOLqiJUGgXinFwZ81o= ) + 14400 RRSIG DNSKEY 5 3 14400 20110126173931 ( + 20110125173931 38331 sub.example.de. + nflCKXmANdTDh1g72GpT5JzeaE9u+kZ6Kkds + q4VbnnZjmv8flpsqH9XHV6QU7W7pFhLQ9i9X + qYVPL5HzoZn0q4m08h2z9VCrfCVzfOZVr6S2 + TnL/RTbSRXMHwU63bMM7FNbPz2JlajNAIpfW + 7uHjqoQEWRcJ8ee7JkW5tiu5/5A= ) + 14400 RRSIG DNSKEY 5 3 14400 20110126173931 ( + 20110125173931 51846 sub.example.de. + WaCBxN/IXv3g2NtoBm2epHkZqBTMONadExfN + 0rWSV0mazdli950enMmBwwIEZK+0FVwLpv4Z + zgL5BHuPim7ObqnR6wM1gOpi65lU8IX5Ilbv + OIrUZ5g0O1rYHUjaQKtKBTcgOo7ZtutIj4gc + Xn+2dark9is8EoDHripF5TkDJgU= ) +a.sub.example.de. 7200 IN A 1.2.3.4 + 7200 RRSIG A 5 4 7200 20110126173931 ( + 20110125173931 27647 sub.example.de. + zXzioVSpADspftLWazy+jcGRxHytDuZtUBkD + dsjcU3fy6a8atHbcwUjd43rwzazxphVcL/sM + CeWz5ZcXkYCWeQ== ) + 7200 NSEC b.sub.example.de. A RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20110126173931 ( + 20110125173931 27647 sub.example.de. + k6LWx56HsWiDm7DLUShd97q7dprzDXaocGVL + UPB35LGLUzZIGx/80K+ppeqAD2KoiJ/d+jBi + ZwtomkSGusfVIA== ) +b.sub.example.de. 7200 IN A 1.2.3.5 + 7200 RRSIG A 5 4 7200 20110126173931 ( + 20110125173931 27647 sub.example.de. + b90i/duKEbOBKWDJ39xTlMbGJ3DqdTUCdH1y + sTs96Ea2PZFNoCenAssREGxLG/SdArErfdOC + Q1zCi5z2cYYeyg== ) + 7200 NSEC c.sub.example.de. A RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20110126173931 ( + 20110125173931 27647 sub.example.de. + EGurYn3qRMV+uwzTGq9asXnpKvLhX3qZhQh/ + Tb3AiQ+Oyl+PzfDjP1BI8jqejNTwvlRWBL4H + RRBZMN/Pnn22bw== ) +c.sub.example.de. 7200 IN A 1.2.3.6 + 7200 RRSIG A 5 4 7200 20110126173931 ( + 20110125173931 27647 sub.example.de. + DCFyTIcXCMd3wIdwLjDNXOINmMcQ1tYBzgry + JnZZecok5A6TPXCQ5PrErgwWl6h9URa8M6Kd + Yg6jLpDMcmdNug== ) + 7200 NSEC localhost.sub.example.de. A RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20110126173931 ( + 20110125173931 27647 sub.example.de. + cUvw2e+2VlJVaFGF5zciADg3W/DMz2zeLTlp + bEav7jr7xFJdg9twcr+WtKh9xyAraH/0eqT8 + cs3z8i81I/Dgzg== ) +localhost.sub.example.de. 7200 IN A 127.0.0.1 + 7200 RRSIG A 5 4 7200 20110126173931 ( + 20110125173931 27647 sub.example.de. + eKi4L2xErnSUAPH3jGWtLShBTab/ZMC86wdf + F8jRpWkNzMqpxhmEOgeCnCA1cm3Ua/vrSSpA + HmPpxba/FXtOkg== ) + 7200 NSEC sub.example.de. A RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20110126173931 ( + 20110125173931 27647 sub.example.de. + texCzbZHYWVAyNKaR2otusOB3nzL3NMPYApC + Lg7vi4wuk08gC4CvTbEHz+4I7ZeWrMIHwNTp + vsE/tnmaVsHM6Q== ) diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/zone.db b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/zone.db new file mode 100644 index 0000000000..3a140b2c41 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/zone.db @@ -0,0 +1,38 @@ +;----------------------------------------------------------------- +; +; @(#) example.de/zone.db +; +;----------------------------------------------------------------- + +$TTL 7200 + +; Ensure that the serial number below is left +; justified in a field of at least 10 chars!! +; 0123456789; +; It's also possible to use the date format e.g. 2005040101 +@ IN SOA ns1.example.de. hostmaster.example.de. ( + 315 ; Serial + 43200 ; Refresh + 1800 ; Retry + 2W ; Expire + 7200 ) ; Minimum + + + IN NS ns1.example.de. + IN NS ns2.example.de. + +ns1 IN A 1.0.0.5 + IN AAAA 2001:db8::53 +ns2 IN A 1.2.0.6 + +localhost IN A 127.0.0.1 + +; Delegation to secure zone; The DS resource record will +; be added by dnssec-signzone automatically if the +; keyset-sub.example.de file is present (run dnssec-signzone +; with option -g or use the dnssec-signer tool) ;-) +sub IN NS ns1.example.de. + +; this file will contain all the zone keys +$INCLUDE dnskey.db + diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/zone.db.signed b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/zone.db.signed new file mode 100644 index 0000000000..33f2c363e3 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/zone.db.signed @@ -0,0 +1,129 @@ +; File written on Tue Jan 25 19:39:31 2011 +; dnssec_signzone version 9.7.2-P2 +example.de. 7200 IN SOA ns1.example.de. hostmaster.example.de. ( + 315 ; serial + 43200 ; refresh (12 hours) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 7200 RRSIG SOA 5 2 7200 20110215173931 ( + 20110125173931 60407 example.de. + D25r9o5y0UlIClgAHwOq9P1/prHCO3/KI/91 + ZHUOA1HPvRt/EW4vQdHNsZPzTgbEZlkrzK1B + f9Z8FRjiPwwuTg== ) + 7200 NS ns1.example.de. + 7200 NS ns2.example.de. + 7200 RRSIG NS 5 2 7200 20110215173931 ( + 20110125173931 60407 example.de. + UDFg0Wr335Zhx2JZNw7ctla8EpFv+8eVjh8Y + YDv47XmCXuazL4EZV3efeU4wnuxmphL02j8X + NLpnUVnRP2QufQ== ) + 7200 NSEC localhost.example.de. NS SOA RRSIG NSEC DNSKEY + 7200 RRSIG NSEC 5 2 7200 20110215173931 ( + 20110125173931 60407 example.de. + K2wUxsJtWVpASeYbWyG58uK4DK8w+TRTSRiJ + aYtgUDjUGeUeNbHaT1FhfXl4xpNts/irmB6K + YDeVNvnB7piRPw== ) + 14400 DNSKEY 256 3 5 ( + BQEAAAABw62oxcUQ8mF4T6zH+tAkM0FU3nXJ + 4sgnBSUa884gZL2AlG+t7FpwrRm/Hish/hxV + RzmM8q2srgLHBYAk12VkMQ== + ) ; key id = 60407 + 14400 DNSKEY 256 3 5 ( + BQEAAAAB13b8+4oBaYaLYdDvH6fwVwDfohlz + GdSu5A9nO/wJ1taCB+4Twn3TSAtlttLmzYad + 5EbBUIn+4CLBKmc4sKn/cw== + ) ; key id = 25598 + 14400 DNSKEY 257 3 5 ( + BQEAAAABDOkPawC/tCqSITj6lvzcIPwcMEX+ + Nvz17GBu85jmigMuvZQUYZBVUmJNNBbCNStl + z+Y+1pGg9HbWFvn0tpH/bm4mZPlJmk+WxQhH + z7eTm5xhSaSEEzq0uf087tAbaq1yaTpTtA2R + 7JXIPxt6CuD9Ou5bbYOzrFnBq1VBAYrwB6t/ + us10+Ab7T6Jvie/W+v4jto1Xx912Z8HHTbU4 + 8Mlp1+mUjQ== + ) ; key id = 37983 + 14400 DNSKEY 257 3 5 ( + BQEAAAABDV7kFHqVcWLoSAShdlXU5LKUdyU4 + LlsJGYMr8oIpjEzvwonRmX5pRiEjVhTwx+vx + 6eWluv6txXVu+F0g2ykmqUQdMfPYWmD9AJOq + vc2tCKVSRePqZ+HeIZR+heBnFKr5kWQmB5XO + lMdWNRA3y78s/LufVB8hD7r260jrVJ0W6wSM + GDjN4zQce8rHCe+LNB1GfaIASkMWjdgxNNAs + K9bqDM8Euw== + ) ; key id = 47280 + 14400 RRSIG DNSKEY 5 2 14400 20110215173931 ( + 20110125173931 47280 example.de. + AiQOEpltQhIL1w1bnStthur44g28NqsYjUfV + BU5yNlEs84I+U3N2qpTC8dske08pwOikBCFG + Yao6Dglj4zi5dbFbp+ssErNWTOX1khHe8FvI + keq7lkbMDoOeiecJ5paN2/yV5gX3Vn0RZXJb + CQFVdrNLQ8gKdMga9YKw70n43MxdgkDJRIVo + gUxKkMaMo/g2KORJf4iOZPRvLfkwFb/QgTsx + Eg== ) + 14400 RRSIG DNSKEY 5 2 14400 20110215173931 ( + 20110125173931 60407 example.de. + iomqvy1Na7p8UHNl9U8hgHqg+BBe7lwPNMv7 + Tur+g2ss3LYZkvkwZgdhP/MNQgF0BTrFIK/n + vjk+0gQ9RFqKbA== ) +localhost.example.de. 7200 IN A 127.0.0.1 + 7200 RRSIG A 5 3 7200 20110215173931 ( + 20110125173931 60407 example.de. + EzoKkOXLzlKf9rTaxofUW5uAmsaIZe2Jrf/R + FgPsnDvXDkGIeA54f+uw0+alWKb4gMgynJJ+ + jjuF3d4TsoLC4A== ) + 7200 NSEC ns1.example.de. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20110215173931 ( + 20110125173931 60407 example.de. + BPjsJrlWAQNSqVOJ5hRb1iL8ABPdGID+qdYF + AWHYpZOsMg3TXsmOfsrZ8tzJ44Ag0FmHdWYr + cSaie8XqF3dndw== ) +ns1.example.de. 7200 IN A 1.0.0.5 + 7200 RRSIG A 5 3 7200 20110215173931 ( + 20110125173931 60407 example.de. + FZu2Oy/7txl4G47fh2gn/f0k4+9YqbdMaCoj + DK/5LCUjQIzK+YHMKnurZVmMSbvFCCCcKgUd + rBO1Kbc3ZFRUDg== ) + 7200 AAAA 2001:db8::53 + 7200 RRSIG AAAA 5 3 7200 20110215173931 ( + 20110125173931 60407 example.de. + ckrkMyljZdlHRMzYceGk/Upzbmijw2bPrhda + 6y9l+yS/zOCYQ3qGfzLFDLUPeMDLEL5f7gxa + adKw2t8cu/BLnw== ) + 7200 NSEC ns2.example.de. A AAAA RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20110215173931 ( + 20110125173931 60407 example.de. + fZadcPS/Zhf+DKNupxsEZOSWm8mC1aimYHSi + 00zMJL5oZdUCXgsJYha69s8gtOn12K95doRw + 2AP6FArRosKy3Q== ) +ns2.example.de. 7200 IN A 1.2.0.6 + 7200 RRSIG A 5 3 7200 20110215173931 ( + 20110125173931 60407 example.de. + QXIJk7GcV6+LlGEtrClHCS2ddj/9fqtqKD9h + BfADqhMYLlVKjQe8grBdgOdbvvmAiSibdbJI + 4lFjh6EkXglPIg== ) + 7200 NSEC sub.example.de. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20110215173931 ( + 20110125173931 60407 example.de. + HbXCvcFWhQZwhPsyHxht7auAMyYrqOhhI3/Q + S+1jwao3ejHJRMdTWrTgyBAXMJpS1SeMnD9i + Dx7A5OvtVUoj7g== ) +sub.example.de. 7200 IN NS ns1.example.de. + 7200 DS 38331 5 1 ( + 8F7E90EE2686DAE4D31CEE40142AD6A25670 + B0A0 ) + 7200 DS 38331 5 2 ( + 7B791220D03926DC6D3531CD155EF1E2AB20 + 2CE5955DF61079BEDD4867400707 ) + 7200 RRSIG DS 5 3 7200 20110215173931 ( + 20110125173931 60407 example.de. + GJcNtYbOxbVYA73qgH9bpPvrVIBbUqD0y/dX + ZAA1ZpXc3Kz7a4Dzr4fn20KiGF0/huYoo5vt + kU+GHU3wuUTtTQ== ) + 7200 NSEC example.de. NS DS RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20110215173931 ( + 20110125173931 60407 example.de. + LQT1mxY77PpPtpdrjZ5HAzxsQDar+6bsodd9 + TWNvagqjzvfLTC5Lc5Jy63YmdVkZNmH0RCBP + ciRqPQYlvMx8rg== ) diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/zone.soa b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/zone.soa new file mode 100644 index 0000000000..9b200c1bd7 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/example.de/zone.soa @@ -0,0 +1,10 @@ +; Be sure that the serial number below is left +; justified in a field of at least 10 chars!! +; 0123456789; +; It's also possible to use the date form e.g. 2005040101 +@ IN SOA ns1.example.de. hostmaster.example.de. ( + 267 ; Serial + 43200 ; Refresh + 1800 ; Retry + 2W ; Expire + 7200 ) ; Minimum diff --git a/contrib/zkt-1.1.2/examples/hierarchical/de/keyset-example.de. b/contrib/zkt-1.1.2/examples/hierarchical/de/keyset-example.de. new file mode 100644 index 0000000000..27a14419fa --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/de/keyset-example.de. @@ -0,0 +1,19 @@ +$ORIGIN . +example.de 7200 IN DNSKEY 257 3 5 ( + BQEAAAABDOkPawC/tCqSITj6lvzcIPwcMEX+ + Nvz17GBu85jmigMuvZQUYZBVUmJNNBbCNStl + z+Y+1pGg9HbWFvn0tpH/bm4mZPlJmk+WxQhH + z7eTm5xhSaSEEzq0uf087tAbaq1yaTpTtA2R + 7JXIPxt6CuD9Ou5bbYOzrFnBq1VBAYrwB6t/ + us10+Ab7T6Jvie/W+v4jto1Xx912Z8HHTbU4 + 8Mlp1+mUjQ== + ) ; key id = 37983 + 7200 IN DNSKEY 257 3 5 ( + BQEAAAABDV7kFHqVcWLoSAShdlXU5LKUdyU4 + LlsJGYMr8oIpjEzvwonRmX5pRiEjVhTwx+vx + 6eWluv6txXVu+F0g2ykmqUQdMfPYWmD9AJOq + vc2tCKVSRePqZ+HeIZR+heBnFKr5kWQmB5XO + lMdWNRA3y78s/LufVB8hD7r260jrVJ0W6wSM + GDjN4zQce8rHCe+LNB1GfaIASkMWjdgxNNAs + K9bqDM8Euw== + ) ; key id = 47280 diff --git a/contrib/zkt-1.1.2/examples/hierarchical/dnssec.conf b/contrib/zkt-1.1.2/examples/hierarchical/dnssec.conf new file mode 100644 index 0000000000..76dc458bbc --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/dnssec.conf @@ -0,0 +1,44 @@ +# +# @(#) dnssec.conf T1.0rc1 (c) Feb 2005 - Mar 2010 Holger Zuleger hznet.de +# + +# dnssec-zkt options +Zonedir: "." +Recursive: True +PrintTime: False +PrintAge: True +LeftJustify: False + +# zone specific values +ResignInterval: 1w # (604800 seconds) +Sigvalidity: 10d # (864000 seconds) +Max_TTL: 6h # (21600 seconds) +Propagation: 5m # (300 seconds) +KEY_TTL: 1h # (3600 seconds) +Serialformat: incremental + +# signing key parameters +Key_Algo: RSASHA1 # (Algorithm ID 5) +KSK_lifetime: 30d +KSK_bits: 1300 +KSK_randfile: "/dev/urandom" +ZSK_lifetime: 10d +ZSK_bits: 512 +ZSK_randfile: "/dev/urandom" +SaltBits: 24 + +# dnssec-signer options +LogFile: "log" +LogLevel: INFO +LogDomainDir: "log" +SyslogFacility: USER +SyslogLevel: NOTICE +VerboseLog: 0 +Keyfile: "dnskey.db" +Zonefile: "zone.db" +KeySetDir: ".." +DLV_Domain: "" +Sig_Pseudorand: True +Sig_GenerateDS: True +Sig_DnsKeyKSK: True +Sig_Parameter: "" diff --git a/contrib/zkt/examples/hierarchical/log/zktlog-example.de. b/contrib/zkt-1.1.2/examples/hierarchical/log/zktlog-example.de. similarity index 67% rename from contrib/zkt/examples/hierarchical/log/zktlog-example.de. rename to contrib/zkt-1.1.2/examples/hierarchical/log/zktlog-example.de. index ffae0f0dde..bf0252f3c3 100644 --- a/contrib/zkt/examples/hierarchical/log/zktlog-example.de. +++ b/contrib/zkt-1.1.2/examples/hierarchical/log/zktlog-example.de. @@ -14,3 +14,11 @@ 2010-04-01 01:05:48.848: notice: "example.de.": lifetime of zone signing key 39599 exceeded since 43m41s: ZSK rollover deferred: waiting for published key 2010-04-01 01:05:48.928: info: "example.de.": new key 9743 generated for publishing 2010-04-01 01:05:48.929: notice: "example.de.": re-signing triggered: Modfied zone key set +2010-08-26 22:54:24.762: notice: "example.de.": lifetime of zone signing key 39599 exceeded: ZSK rollover done +2010-08-26 22:54:24.837: info: "example.de.": new key 18539 generated for publishing +2010-08-26 22:54:24.837: notice: "example.de.": re-signing triggered: Modfied zone key set +2010-08-26 23:11:44.548: notice: "example.de.": re-signing triggered: Modified KSK in delegated domain +2010-10-21 13:41:23.152: info: "example.de.": old ZSK 39599 removed +2010-10-21 13:41:23.152: notice: "example.de.": lifetime of zone signing key 9743 exceeded: ZSK rollover done +2010-10-21 13:41:23.152: notice: "example.de.": re-signing triggered: Modfied zone key set +2011-01-25 10:13:58.477: notice: "example.de.": re-signing triggered: Modified KSK in delegated domain diff --git a/contrib/zkt/examples/hierarchical/log/zktlog-sub.example.de. b/contrib/zkt-1.1.2/examples/hierarchical/log/zktlog-sub.example.de. similarity index 70% rename from contrib/zkt/examples/hierarchical/log/zktlog-sub.example.de. rename to contrib/zkt-1.1.2/examples/hierarchical/log/zktlog-sub.example.de. index d0d0e12e28..681565118a 100644 --- a/contrib/zkt/examples/hierarchical/log/zktlog-sub.example.de. +++ b/contrib/zkt-1.1.2/examples/hierarchical/log/zktlog-sub.example.de. @@ -31,3 +31,17 @@ 2010-04-01 01:05:48.169: notice: "sub.example.de.": lifetime of zone signing key 63530 exceeded: ZSK rollover done 2010-04-01 01:05:48.650: info: "sub.example.de.": new key 40559 generated for publishing 2010-04-01 01:05:48.650: notice: "sub.example.de.": re-signing triggered: Modfied zone key set +2010-08-26 22:54:24.495: info: "sub.example.de.": kskrollover phase3: Remove old key 8544 +2010-08-26 22:54:24.495: info: "sub.example.de.": old ZSK 63530 removed +2010-08-26 22:54:24.513: notice: "sub.example.de.": lifetime of zone signing key 7295 exceeded: ZSK rollover done +2010-08-26 22:54:24.617: info: "sub.example.de.": new key 25007 generated for publishing +2010-08-26 22:54:24.617: notice: "sub.example.de.": re-signing triggered: Modfied zone key set +2010-08-26 23:11:44.485: info: "sub.example.de.": kskrollover phase1: New key 38331 generated +2010-08-26 23:11:44.485: info: "sub.example.de.": old ZSK 7295 removed +2010-08-26 23:11:44.513: notice: "sub.example.de.": re-signing triggered: Modfied zone key set +2010-10-21 13:41:22.956: info: "sub.example.de.": kskrollover phase2: send new key 27861 to the parent zone +2010-10-21 13:41:22.956: notice: "sub.example.de.": lifetime of zone signing key 40559 exceeded: ZSK rollover done +2010-10-21 13:41:22.956: notice: "sub.example.de.": re-signing triggered: Modfied zone key set +2010-10-21 14:30:47.663: info: "sub.example.de.": old ZSK 40559 removed +2010-10-21 14:30:47.663: notice: "sub.example.de.": re-signing triggered: Modfied zone key set +2011-01-25 10:15:57.334: notice: "sub.example.de.": re-signing triggered: Zone file edited diff --git a/contrib/zkt-1.1.2/examples/hierarchical/named.conf b/contrib/zkt-1.1.2/examples/hierarchical/named.conf new file mode 100644 index 0000000000..8bd3f9db7c --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/named.conf @@ -0,0 +1,102 @@ +/***************************************************************** +** +** #(@) named.conf (c) 6. May 2004 (hoz) +** +*****************************************************************/ + +/***************************************************************** +** logging options +*****************************************************************/ +logging { + channel "named-log" { + file "/var/log/named" versions 3 size 2m; + print-time yes; + print-category yes; + print-severity yes; + severity info; + }; + channel "resolver-log" { + file "/var/log/named"; + print-time yes; + print-category yes; + print-severity yes; + severity debug 1; + }; + channel "dnssec-log" { +# file "/var/log/named-dnssec" ; + file "/var/log/named" ; + print-time yes; + print-category yes; + print-severity yes; + severity debug 3; + }; + category "dnssec" { "dnssec-log"; }; + category "default" { "named-log"; }; + category "resolver" { "resolver-log"; }; + category "client" { "resolver-log"; }; + category "queries" { "resolver-log"; }; +}; + +/***************************************************************** +** name server options +*****************************************************************/ +options { + directory "."; + + dump-file "/var/log/named_dump.db"; + statistics-file "/var/log/named.stats"; + + listen-on-v6 { any; }; + + query-source address * port 53; + transfer-source * port 53; + notify-source * port 53; + + recursion yes; + dnssec-enable yes; + edns-udp-size 4096; + +# dnssec-lookaside "." trust-anchor "trusted-keys.de."; + + querylog yes; + +}; + +/***************************************************************** +** include shared secrets... +*****************************************************************/ +/** for control sessions ... **/ +# include "rndc.key"; +controls { + inet 127.0.0.1 + allow { localhost; } + keys { "rndc-key"; }; + inet ::1 + allow { localhost; } + keys { "rndc-key"; }; +}; + +/***************************************************************** +** ... and trusted_keys +*****************************************************************/ +# include "trusted-keys.conf" ; + +/***************************************************************** +** root server hints and required 127 stuff +*****************************************************************/ +zone "." in { + type hint; + file "root.hint"; +}; + +zone "localhost" in { + type master; + file "localhost.zone"; +}; + +zone "0.0.127.in-addr.arpa" in { + type master; + file "127.0.0.zone"; +}; + +include "zone.conf"; diff --git a/contrib/zkt-1.1.2/examples/hierarchical/zkt-ls b/contrib/zkt-1.1.2/examples/hierarchical/zkt-ls new file mode 120000 index 0000000000..c513980564 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/zkt-ls @@ -0,0 +1 @@ +../zkt-ls.sh \ No newline at end of file diff --git a/contrib/zkt-1.1.2/examples/hierarchical/zkt-signer b/contrib/zkt-1.1.2/examples/hierarchical/zkt-signer new file mode 120000 index 0000000000..b5f367de78 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/zkt-signer @@ -0,0 +1 @@ +../zkt-signer.sh \ No newline at end of file diff --git a/contrib/zkt-1.1.2/examples/hierarchical/zone.conf b/contrib/zkt-1.1.2/examples/hierarchical/zone.conf new file mode 100644 index 0000000000..afd5a739fb --- /dev/null +++ b/contrib/zkt-1.1.2/examples/hierarchical/zone.conf @@ -0,0 +1,10 @@ + +zone "example.de." in { + type master; + file "de/example.de/zone.db.signed"; +}; + +zone "sub.example.de." in { + type master; + file "de/example.de/sub.example.de/zone.db.signed"; +}; diff --git a/contrib/zkt-1.1.2/examples/views/dnssec-extern.conf b/contrib/zkt-1.1.2/examples/views/dnssec-extern.conf new file mode 100644 index 0000000000..728dcc9431 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/dnssec-extern.conf @@ -0,0 +1,39 @@ +# +# @(#) dnssec.conf vT0.96 (c) Feb 2005 - May 2008 Holger Zuleger hznet.de +# + +# dnssec-zkt options +Zonedir: "extern" +Recursive: True +PrintTime: False +PrintAge: True +LeftJustify: False + +# zone specific values +ResignInterval: 1w # (604800 seconds) +Sigvalidity: 10d # (864000 seconds) +Max_TTL: 8h # (28800 seconds) +Propagation: 5m # (300 seconds) +KEY_TTL: 1h # (3600 seconds) +Serialformat: unixtime + +# signing key parameters +KSK_lifetime: 1y # (31536000 seconds) +KSK_algo: RSASHA1 # (Algorithm ID 5) +KSK_bits: 1300 +KSK_randfile: "/dev/urandom" +ZSK_lifetime: 30d # (2592000 seconds) +ZSK_algo: RSASHA1 # (Algorithm ID 5) +ZSK_bits: 512 +ZSK_randfile: "/dev/urandom" + +# dnssec-signer options +LogFile: "zkt-ext.log" +LogLevel: "debug" +SyslogFacility: "none" +SyslogLevel: "notice" +VerboseLog: 2 +Keyfile: "dnskey.db" +Zonefile: "zone.db" +DLV_Domain: "" +Sig_Pseudorand: True diff --git a/contrib/zkt-1.1.2/examples/views/dnssec-intern.conf b/contrib/zkt-1.1.2/examples/views/dnssec-intern.conf new file mode 100644 index 0000000000..d49fc94664 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/dnssec-intern.conf @@ -0,0 +1,39 @@ +# +# @(#) dnssec.conf vT0.96 (c) Feb 2005 - May 2008 Holger Zuleger hznet.de +# + +# dnssec-zkt options +Zonedir: "intern" +Recursive: True +PrintTime: False +PrintAge: True +LeftJustify: False + +# zone specific values +ResignInterval: 5h # (18000 seconds) +Sigvalidity: 1d # (86400 seconds) +Max_TTL: 30m # (1800 seconds) +Propagation: 1m # (60 seconds) +KEY_TTL: 30m # (1800 seconds) +Serialformat: unixtime + +# signing key parameters +KSK_lifetime: 1y # (31536000 seconds) +KSK_algo: RSASHA1 # (Algorithm ID 5) +KSK_bits: 1300 +KSK_randfile: "/dev/urandom" +ZSK_lifetime: 30d # (2592000 seconds) +ZSK_algo: RSASHA1 # (Algorithm ID 5) +ZSK_bits: 512 +ZSK_randfile: "/dev/urandom" + +# dnssec-signer options +LogFile: "zkt-int.log" +LogLevel: "debug" +SyslogFacility: "none" +SyslogLevel: "notice" +VerboseLog: 2 +Keyfile: "dnskey.db" +Zonefile: "zone.db" +DLV_Domain: "" +Sig_Pseudorand: True diff --git a/contrib/zkt-1.1.2/examples/views/dnssec-signer-extern b/contrib/zkt-1.1.2/examples/views/dnssec-signer-extern new file mode 100644 index 0000000000..910e82aa8d --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/dnssec-signer-extern @@ -0,0 +1,7 @@ +#!/bin/sh +# +# Shell script to start the dnssec-signer +# command out of the view directory +# + +ZKT_CONFFILE=`pwd`/dnssec.conf ../../dnssec-signer -V extern "$@" diff --git a/contrib/zkt-1.1.2/examples/views/dnssec-signer-intern b/contrib/zkt-1.1.2/examples/views/dnssec-signer-intern new file mode 100644 index 0000000000..915ed153c4 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/dnssec-signer-intern @@ -0,0 +1,7 @@ +#!/bin/sh +# +# Shell script to start the dnssec-signer +# command out of the view directory +# + +ZKT_CONFFILE=`pwd`/dnssec.conf ../../dnssec-signer -V intern "$@" diff --git a/contrib/zkt-1.1.2/examples/views/dnssec-zkt-extern b/contrib/zkt-1.1.2/examples/views/dnssec-zkt-extern new file mode 100644 index 0000000000..129b4e1004 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/dnssec-zkt-extern @@ -0,0 +1,7 @@ +#!/bin/sh +# +# Shell script to start the dnssec-zkt command +# out of the view directory +# + +ZKT_CONFFILE=`pwd`/dnssec.conf ../../dnssec-zkt --view extern "$@" diff --git a/contrib/zkt-1.1.2/examples/views/dnssec-zkt-intern b/contrib/zkt-1.1.2/examples/views/dnssec-zkt-intern new file mode 100644 index 0000000000..1836840f8d --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/dnssec-zkt-intern @@ -0,0 +1,7 @@ +#!/bin/sh +# +# Shell script to start the dnssec-zkt command +# out of the view directory +# + +ZKT_CONFFILE=`pwd`/dnssec.conf ../../dnssec-zkt --view intern "$@" diff --git a/contrib/zkt-1.1.2/examples/views/extern/example.net/Kexample.net.+005+08885.key b/contrib/zkt-1.1.2/examples/views/extern/example.net/Kexample.net.+005+08885.key new file mode 100644 index 0000000000..d4b9e8f0cc --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/extern/example.net/Kexample.net.+005+08885.key @@ -0,0 +1,3 @@ +;% generationtime=20110125091121 +;% lifetime=84d +example.net. IN DNSKEY 256 3 5 BQEAAAABqSWPYNt6RitV7CJxyFXjIPeP6zSXtBki5cAiVVA3SdX0cBs6 gWttgt+wxEPMApn/ncgjqcUHTJEVHyd/TrL/Aw== diff --git a/contrib/zkt-1.1.2/examples/views/extern/example.net/Kexample.net.+005+08885.published b/contrib/zkt-1.1.2/examples/views/extern/example.net/Kexample.net.+005+08885.published new file mode 100644 index 0000000000..fc85be4c37 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/extern/example.net/Kexample.net.+005+08885.published @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: qSWPYNt6RitV7CJxyFXjIPeP6zSXtBki5cAiVVA3SdX0cBs6gWttgt+wxEPMApn/ncgjqcUHTJEVHyd/TrL/Aw== +PublicExponent: AQAAAAE= +PrivateExponent: ZcFZXvGGkc0uEOtIHBJaTdBpl/aTKs4xGhG/eOMinMPHbUPlL5R1KL/27O+KQnfs1xjwz48w5Xos8CoTG+1n0Q== +Prime1: 1ho0OW0hJVUICO4jthhzFp2ETYke7vssfhq2oKrsjgk= +Prime2: yj87c5Ewsksm+SsHsBQVC6Gd6P19Yu+ZY7dPeBvW56s= +Exponent1: LwSIjbnndDmgi0pCo0CW95qvG1VEUniUQQmYmda/L7k= +Exponent2: jsIwd0hy3NXOjUbXkeT25G/3QNQcXcIwHzupbZLpuh0= +Coefficient: VRdfIjOr87SWcUBSP9wQGjD1GcCsV3OQ0u03QQwofmo= diff --git a/contrib/zkt-1.1.2/examples/views/extern/example.net/Kexample.net.+005+23553.key b/contrib/zkt-1.1.2/examples/views/extern/example.net/Kexample.net.+005+23553.key new file mode 100644 index 0000000000..ec11dcb5e4 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/extern/example.net/Kexample.net.+005+23553.key @@ -0,0 +1 @@ +example.net. IN DNSKEY 257 3 5 BQEAAAABDEEycfY6uqWNTpQO8ygi9xms6NOFYGhCjijN109fVGJ4KDnI ZtLhoFrOKru9rZn+pyqurlyZG4vESg0BMty6xljVDlr/TegDYFTN19mQ uwvlasJhZPv9pjROPqQGnqLaw3O4OKCY9HgTTPdXK1hQ4Mg2rNU4SM2T u5ki91f5AQqiXF8KYMics0mwVvpj5C2YTDvE9SafLrce68JM6DaiC6E1 sQ== diff --git a/contrib/zkt-1.1.2/examples/views/extern/example.net/Kexample.net.+005+23553.private b/contrib/zkt-1.1.2/examples/views/extern/example.net/Kexample.net.+005+23553.private new file mode 100644 index 0000000000..ea294474c0 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/extern/example.net/Kexample.net.+005+23553.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: DEEycfY6uqWNTpQO8ygi9xms6NOFYGhCjijN109fVGJ4KDnIZtLhoFrOKru9rZn+pyqurlyZG4vESg0BMty6xljVDlr/TegDYFTN19mQuwvlasJhZPv9pjROPqQGnqLaw3O4OKCY9HgTTPdXK1hQ4Mg2rNU4SM2Tu5ki91f5AQqiXF8KYMics0mwVvpj5C2YTDvE9SafLrce68JM6DaiC6E1sQ== +PublicExponent: AQAAAAE= +PrivateExponent: A3ZXTF8afjlxddgO/sDxotc0XLBMa3sNrXhCpdFzeDV1HszZbz1lP8rrZjA1wQgSo56DjiGRKTsHjAAm4xN1lGYKBZuVF4U3uiWie2PhJStt7kckNduKOfV9Nofow5Jh8I2lXKqcOJ8Qd+EJYIsajdBoGQ72PGGfDaHphbN/mW13n59PlilMF4RRRybcMA6jTAOfvIcv5Mes3+ADh0TktHdHQQ== +Prime1: A+SKyrgtNzGVpAXPQysMQ9O/10B/+nhy6//1F5Epxihyuln+d2euh+TjVneojx4D2JUflDUSD5BQAdflDb+KiBXdQjBEmqfWwY+INwSQzv4M5Q== +Prime2: AyXovkiIs7ywIRS6FfRolMMUeh3yeYNtCVAvLB6EC2MiNCzfkDOFB7rpmUkZR8HYUWuz1hQfR781RDO81Sp3RIpSyL7SwOqkpMZyaSgK/GKE3Q== +Exponent1: D1vC405mkcUVfno92EuBXomRiOG7VeSyjwofgCpa0JKR6J2BThdCGrcVbq68ucIddn+cbkD8JsZB3k4aeDYFxm6d1En1Z2C1cVHrzCFi2zFV +Exponent2: N+iliM1Qp3spcsR06kXImb/N4FosHrZkXtcbRIMWhV8NBcyqLDIfGlNluaiztv4rf6Kn2UyVeiGC822nqZHcW5PiXJnBEWs9AC4Di1QzZh0h +Coefficient: AtZ4sYqGgyB5kfdcQBBlIkPbsRRNKrUVAsZkjabdZTQa+ox6tYnlVjh7BgPMHJlj/Z4VTRJ5rfAUPnB4ZwO/r1eAJLd+vxjJb9M7DaGMc+RqQA== diff --git a/contrib/zkt-1.1.2/examples/views/extern/example.net/Kexample.net.+005+38930.key b/contrib/zkt-1.1.2/examples/views/extern/example.net/Kexample.net.+005+38930.key new file mode 100644 index 0000000000..9602160d91 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/extern/example.net/Kexample.net.+005+38930.key @@ -0,0 +1,3 @@ +;% generationtime=20101127101704 +;% lifetime=63d +example.net. IN DNSKEY 256 3 5 BQEAAAABw6SqqsNvYqmiYNMlroODy8rMZdbo2Pe8ldEblO9qtxI5oR4i UeUW/q3rZgCTuZI+ymMiLmaFSF1DXsAyG0M03Q== diff --git a/contrib/zkt-1.1.2/examples/views/extern/example.net/Kexample.net.+005+38930.private b/contrib/zkt-1.1.2/examples/views/extern/example.net/Kexample.net.+005+38930.private new file mode 100644 index 0000000000..715ef67994 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/extern/example.net/Kexample.net.+005+38930.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: w6SqqsNvYqmiYNMlroODy8rMZdbo2Pe8ldEblO9qtxI5oR4iUeUW/q3rZgCTuZI+ymMiLmaFSF1DXsAyG0M03Q== +PublicExponent: AQAAAAE= +PrivateExponent: lYq/wM8BLiaU+Ij/0JP6Csv8Pp/2WdNfsuCbLMU3IBJGimSxx7bvCLSZkDL5mV1E0HJqLrhb2l7GRr3PZKuWMQ== +Prime1: 5KAIpenYhEVE2U3Wzb2Lwp67HgGM/kV46RrvKFOYe08= +Prime2: 2xGmcIPYhuD7BKThg0/ldRhfapASbOw3RvSxY6GxkhM= +Exponent1: X9Z0wkwNnnme2hvoyDMigAYoLZvhx0Tz2ivdw41izlc= +Exponent2: VXrrgqEDOafxQ+jF6vhubWUdAsxz44nyXPHlwduJCtc= +Coefficient: 0pIJlBNZWGPdhykMXN3rPnbZoXUeSecEkpGPLBdw5oE= diff --git a/contrib/zkt-1.1.2/examples/views/extern/example.net/dnskey.db b/contrib/zkt-1.1.2/examples/views/extern/example.net/dnskey.db new file mode 100644 index 0000000000..d2da4fdeec --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/extern/example.net/dnskey.db @@ -0,0 +1,30 @@ +; +; !!! Don't edit this file by hand. +; !!! It will be generated by zkt-signer. +; +; Last generation time Jan 25 2011 20:02:30 +; + +; *** List of Key Signing Keys *** +; example.net. tag=23553 algo=RSASHA1 generated Jul 05 2010 09:43:02 +example.net. 14400 IN DNSKEY 257 3 5 ( + BQEAAAABDEEycfY6uqWNTpQO8ygi9xms6NOFYGhCjijN109fVGJ4KDnI + ZtLhoFrOKru9rZn+pyqurlyZG4vESg0BMty6xljVDlr/TegDYFTN19mQ + uwvlasJhZPv9pjROPqQGnqLaw3O4OKCY9HgTTPdXK1hQ4Mg2rNU4SM2T + u5ki91f5AQqiXF8KYMics0mwVvpj5C2YTDvE9SafLrce68JM6DaiC6E1 + sQ== + ) ; key id = 23553 + +; *** List of Zone Signing Keys *** +; example.net. tag=8885 algo=RSASHA1 generated Jan 25 2011 10:11:21 +example.net. 14400 IN DNSKEY 256 3 5 ( + BQEAAAABqSWPYNt6RitV7CJxyFXjIPeP6zSXtBki5cAiVVA3SdX0cBs6 + gWttgt+wxEPMApn/ncgjqcUHTJEVHyd/TrL/Aw== + ) ; key id = 8885 + +; example.net. tag=38930 algo=RSASHA1 generated Jan 25 2011 10:11:21 +example.net. 14400 IN DNSKEY 256 3 5 ( + BQEAAAABw6SqqsNvYqmiYNMlroODy8rMZdbo2Pe8ldEblO9qtxI5oR4i + UeUW/q3rZgCTuZI+ymMiLmaFSF1DXsAyG0M03Q== + ) ; key id = 38930 + diff --git a/contrib/zkt-1.1.2/examples/views/extern/example.net/dsset-example.net. b/contrib/zkt-1.1.2/examples/views/extern/example.net/dsset-example.net. new file mode 100644 index 0000000000..cbcd3d0220 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/extern/example.net/dsset-example.net. @@ -0,0 +1,2 @@ +example.net. IN DS 23553 5 1 A1A6D06CB84D619730F605AEF2A6DD4148DD9D5B +example.net. IN DS 23553 5 2 B0DCAB8A32C230495CEC1FD61CEC03849450909CA6636FD9BC53D1B3 3B4F3A2D diff --git a/contrib/zkt-1.1.2/examples/views/extern/example.net/keyset-example.net. b/contrib/zkt-1.1.2/examples/views/extern/example.net/keyset-example.net. new file mode 100644 index 0000000000..b84524567e --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/extern/example.net/keyset-example.net. @@ -0,0 +1,10 @@ +$ORIGIN . +example.net 7200 IN DNSKEY 257 3 5 ( + BQEAAAABDEEycfY6uqWNTpQO8ygi9xms6NOF + YGhCjijN109fVGJ4KDnIZtLhoFrOKru9rZn+ + pyqurlyZG4vESg0BMty6xljVDlr/TegDYFTN + 19mQuwvlasJhZPv9pjROPqQGnqLaw3O4OKCY + 9HgTTPdXK1hQ4Mg2rNU4SM2Tu5ki91f5AQqi + XF8KYMics0mwVvpj5C2YTDvE9SafLrce68JM + 6DaiC6E1sQ== + ) ; key id = 23553 diff --git a/contrib/zkt-1.1.2/examples/views/extern/example.net/zone.db b/contrib/zkt-1.1.2/examples/views/extern/example.net/zone.db new file mode 100644 index 0000000000..4c72928f0b --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/extern/example.net/zone.db @@ -0,0 +1,33 @@ +;----------------------------------------------------------------- +; +; @(#) extern/example.net/zone.db +; +;----------------------------------------------------------------- + +$TTL 7200 + +@ IN SOA ns1.example.net. hostmaster.example.net. ( + 0 ; Serial + 43200 ; Refresh + 1800 ; Retry + 2W ; Expire + 7200 ) ; Minimum + + IN NS ns1.example.net. + IN NS ns2.example.net. + +ns1 IN A 1.0.0.5 + IN AAAA 2001:db8::53 +ns2 IN A 1.2.0.6 + +localhost IN A 127.0.0.1 + +; Delegation to secure zone; The DS resource record will +; be added by dnssec-signzone automatically if the +; keyset-sub.example.net file is present (run dnssec-signzone +; with option -g or use the dnssec-signer tool) ;-) +sub IN NS ns1.example.net. + +; this file will have all the zone keys +$INCLUDE dnskey.db + diff --git a/contrib/zkt-1.1.2/examples/views/extern/example.net/zone.db.signed b/contrib/zkt-1.1.2/examples/views/extern/example.net/zone.db.signed new file mode 100644 index 0000000000..e1c7b4525c --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/extern/example.net/zone.db.signed @@ -0,0 +1,109 @@ +; File written on Tue Jan 25 20:02:30 2011 +; dnssec_signzone version 9.7.2-P2 +example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. ( + 1295982150 ; serial + 43200 ; refresh (12 hours) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 7200 RRSIG SOA 5 2 7200 20110215180230 ( + 20110125180230 38930 example.net. + CIEzsLXkJjCehSXcubmncFE46Mdo6duV35FA + 83ynRO2fDHNGEMGcgc1JR0uNRPUs1AySfvMe + 64sN9M5jw7bs+g== ) + 7200 NS ns1.example.net. + 7200 NS ns2.example.net. + 7200 RRSIG NS 5 2 7200 20110215180230 ( + 20110125180230 38930 example.net. + WaUhQqPwY1IGpdo3gG5D7hJrnNsk0GnIXPKa + zw1WGnFj0vcwDxsiEsk9L1NSb/c1j+uPepon + GcCFU8lkAkPJwg== ) + 7200 NSEC localhost.example.net. NS SOA RRSIG NSEC DNSKEY + 7200 RRSIG NSEC 5 2 7200 20110215180230 ( + 20110125180230 38930 example.net. + wkdRRnjfyPQSFb5jju3cEPfVM5T6SlMteEe9 + Vx09wy9b9aZIO6aT2Q83RUr/GIhkC7JeVPWi + c3SftwVD4IKF2Q== ) + 14400 DNSKEY 256 3 5 ( + BQEAAAABqSWPYNt6RitV7CJxyFXjIPeP6zSX + tBki5cAiVVA3SdX0cBs6gWttgt+wxEPMApn/ + ncgjqcUHTJEVHyd/TrL/Aw== + ) ; key id = 8885 + 14400 DNSKEY 256 3 5 ( + BQEAAAABw6SqqsNvYqmiYNMlroODy8rMZdbo + 2Pe8ldEblO9qtxI5oR4iUeUW/q3rZgCTuZI+ + ymMiLmaFSF1DXsAyG0M03Q== + ) ; key id = 38930 + 14400 DNSKEY 257 3 5 ( + BQEAAAABDEEycfY6uqWNTpQO8ygi9xms6NOF + YGhCjijN109fVGJ4KDnIZtLhoFrOKru9rZn+ + pyqurlyZG4vESg0BMty6xljVDlr/TegDYFTN + 19mQuwvlasJhZPv9pjROPqQGnqLaw3O4OKCY + 9HgTTPdXK1hQ4Mg2rNU4SM2Tu5ki91f5AQqi + XF8KYMics0mwVvpj5C2YTDvE9SafLrce68JM + 6DaiC6E1sQ== + ) ; key id = 23553 + 14400 RRSIG DNSKEY 5 2 14400 20110215180230 ( + 20110125180230 23553 example.net. + A44WHsFr4O7Rzuflm19mFBAu7e6asUF5hkzB + KjVkCkxH2NkIcTnDdzpxM/LzXMXyZGzxYQrI + AjStvUqfoDpaay+Jl87/IXd77Owbc762EF6U + Ew1NqHGG0UdO+os5STwPNT7UUi5i8HVVPglx + gpHti4RS6icrcsYMTeuf4yrffMr9xWlI/S2l + vu9b6maVqqAMds1dj9ZEDUWKLrylTngtc33R + BQ== ) + 14400 RRSIG DNSKEY 5 2 14400 20110215180230 ( + 20110125180230 38930 example.net. + P/9UIYie44cvptFvxgny+zKNDilIMUsswBkg + aEJVqCzUnbpA7x5xvzGhlilb38MRv9fvYEtr + AsBz1D2Uo3ZULQ== ) +localhost.example.net. 7200 IN A 127.0.0.1 + 7200 RRSIG A 5 3 7200 20110215180230 ( + 20110125180230 38930 example.net. + iM76gTURcaiYI2yrAIgVcJS1//ZfhCbcVU6o + +aeTvwHCyT4kes8uLluV5sS24MuR1fi+E9I3 + AIeGM/7HdIIi/g== ) + 7200 NSEC ns1.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20110215180230 ( + 20110125180230 38930 example.net. + nEzM1RA6blYjp6PkXp5QPfJd1kWdcVwByMrM + LWWoLI70W9ilxuD3xHOFwmjWwjED/r+NH+53 + DCjTN5DE/RtNkA== ) +ns1.example.net. 7200 IN A 1.0.0.5 + 7200 RRSIG A 5 3 7200 20110215180230 ( + 20110125180230 38930 example.net. + UmtBBwApnfVqXzj76BIVJtuajos1Qr8LfqaT + x0FMOrpjhg9p1JN25jUEIkexUmBqkvt9VEam + my5k3FrYQZpAcw== ) + 7200 AAAA 2001:db8::53 + 7200 RRSIG AAAA 5 3 7200 20110215180230 ( + 20110125180230 38930 example.net. + dWIIV6h276aolyfUWyoup6svZygotNuZpUlE + LhXOr3MU2QgnEo8a1akuhMYf245B76VXd657 + TBjQBuexeFt1ww== ) + 7200 NSEC ns2.example.net. A AAAA RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20110215180230 ( + 20110125180230 38930 example.net. + AjKEeI3cjcxi7DxYwr4cvAeycPNETAm+R74G + /k3Cr8WaPkenxX5n9Meb0rOJRur1RGe0LApr + PuFixxEFVo2EUg== ) +ns2.example.net. 7200 IN A 1.2.0.6 + 7200 RRSIG A 5 3 7200 20110215180230 ( + 20110125180230 38930 example.net. + NqBJpDCmIi/XcjCIl8YGbw0mpVnp8+kT81l3 + wciY/V07AI1ucghehgMJIaG1ZSkPnPlllc5o + trsxvawJv/irEw== ) + 7200 NSEC sub.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20110215180230 ( + 20110125180230 38930 example.net. + NssXK84EXEa1XUWKD+7aeSJFtg3JNnq3J/Ox + ItxpbWdaCgqEqJ87oHNWYGic6POmWPc5P8LI + yLgte5CwMN8ufg== ) +sub.example.net. 7200 IN NS ns1.example.net. + 7200 NSEC example.net. NS RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20110215180230 ( + 20110125180230 38930 example.net. + BslSne1rxv0Rkahw4vdoqh3vlVkiVOQsrsa1 + 1ofMNaBxphwoTj8nkICePawKby4cTFX0kuRL + MiloJ6y9vkvC3Q== ) diff --git a/contrib/zkt-1.1.2/examples/views/extern/keyset-example.net. b/contrib/zkt-1.1.2/examples/views/extern/keyset-example.net. new file mode 100644 index 0000000000..b84524567e --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/extern/keyset-example.net. @@ -0,0 +1,10 @@ +$ORIGIN . +example.net 7200 IN DNSKEY 257 3 5 ( + BQEAAAABDEEycfY6uqWNTpQO8ygi9xms6NOF + YGhCjijN109fVGJ4KDnIZtLhoFrOKru9rZn+ + pyqurlyZG4vESg0BMty6xljVDlr/TegDYFTN + 19mQuwvlasJhZPv9pjROPqQGnqLaw3O4OKCY + 9HgTTPdXK1hQ4Mg2rNU4SM2Tu5ki91f5AQqi + XF8KYMics0mwVvpj5C2YTDvE9SafLrce68JM + 6DaiC6E1sQ== + ) ; key id = 23553 diff --git a/contrib/zkt-1.1.2/examples/views/extern/zkt-ext.log b/contrib/zkt-1.1.2/examples/views/extern/zkt-ext.log new file mode 100644 index 0000000000..d070ca23f3 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/extern/zkt-ext.log @@ -0,0 +1,51 @@ +2008-06-12 17:59:04.194: notice: running as ../../dnssec-signer -V extern -v -v +2008-06-12 17:59:04.195: debug: parsing zone "example.net." in dir "extern/example.net." +2008-06-12 17:59:04.196: debug: Check RFC5011 status +2008-06-12 17:59:04.196: debug: ->ksk5011status returns 0 +2008-06-12 17:59:04.196: debug: Check ksk status +2008-06-12 17:59:04.196: debug: Re-signing not necessary! +2008-06-12 17:59:04.196: notice: end of run: 0 errors occured +2008-06-12 17:59:17.435: notice: running as ../../dnssec-signer -V extern -v -v +2008-06-12 17:59:17.436: debug: parsing zone "example.net." in dir "extern/example.net." +2008-06-12 17:59:17.436: debug: Check RFC5011 status +2008-06-12 17:59:17.436: debug: ->ksk5011status returns 0 +2008-06-12 17:59:17.436: debug: Check ksk status +2008-06-12 17:59:17.436: debug: Re-signing not necessary! +2008-06-12 17:59:17.436: notice: end of run: 0 errors occured +2008-06-12 18:00:07.818: notice: running as ../../dnssec-signer -V extern -v -v +2008-06-12 18:00:07.819: debug: parsing zone "example.net." in dir "extern/example.net." +2008-06-12 18:00:07.819: debug: Check RFC5011 status +2008-06-12 18:00:07.819: debug: ->ksk5011status returns 0 +2008-06-12 18:00:07.819: debug: Check ksk status +2008-06-12 18:00:07.819: debug: Re-signing not necessary! +2008-06-12 18:00:07.819: notice: end of run: 0 errors occured +2008-06-12 18:00:39.019: notice: running as ../../dnssec-signer -V extern -v -v +2008-06-12 18:00:39.020: debug: parsing zone "example.net." in dir "extern/example.net." +2008-06-12 18:00:39.020: debug: Check RFC5011 status +2008-06-12 18:00:39.020: debug: ->ksk5011status returns 0 +2008-06-12 18:00:39.020: debug: Check ksk status +2008-06-12 18:00:39.020: debug: Re-signing not necessary! +2008-06-12 18:00:39.020: notice: end of run: 0 errors occured +2008-10-03 01:00:45.544: notice: ------------------------------------------------------------ +2008-10-03 01:00:45.544: notice: running ../../dnssec-signer -V extern -v -v +2008-10-03 01:00:45.545: debug: parsing zone "example.net" in dir "extern/example.net" +2008-10-03 01:00:45.545: debug: Check RFC5011 status +2008-10-03 01:00:45.545: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-10-03 01:00:45.545: debug: Check KSK status +2008-10-03 01:00:45.545: debug: Check ZSK status +2008-10-03 01:00:45.545: debug: Lifetime(2592000 +/-150 sec) of active key 35744 exceeded (5018328 sec) +2008-10-03 01:00:45.546: debug: ->depreciate it +2008-10-03 01:00:45.546: debug: ->activate published key 10367 +2008-10-03 01:00:45.546: notice: "example.net": lifetime of zone signing key 35744 exceeded: ZSK rollover done +2008-10-03 01:00:45.546: debug: New key for publishing needed +2008-10-03 01:00:45.614: debug: ->creating new key 14714 +2008-10-03 01:00:45.614: info: "example.net": new key 14714 generated for publishing +2008-10-03 01:00:45.614: debug: Re-signing necessary: New zone key +2008-10-03 01:00:45.614: notice: "example.net": re-signing triggered: New zone key +2008-10-03 01:00:45.614: debug: Writing key file "extern/example.net/dnskey.db" +2008-10-03 01:00:45.614: debug: Signing zone "example.net" +2008-10-03 01:00:45.614: debug: Run cmd "cd extern/example.net; /usr/local/sbin/dnssec-signzone -g -p -o example.net -e +864000 -N unixtime zone.db K*.private" +2008-10-03 01:00:46.114: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-10-03 01:00:46.114: debug: Signing completed after 1s. +2008-10-03 01:00:46.114: debug: +2008-10-03 01:00:46.114: notice: end of run: 0 errors occured diff --git a/contrib/zkt-1.1.2/examples/views/intern/example.net/Kexample.net.+005+00126.key b/contrib/zkt-1.1.2/examples/views/intern/example.net/Kexample.net.+005+00126.key new file mode 100644 index 0000000000..316e4cfeaf --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/intern/example.net/Kexample.net.+005+00126.key @@ -0,0 +1 @@ +example.net. IN DNSKEY 257 3 5 BQEAAAABC+JLXRgWPqqGe0cta8CR95tz7PkkgRDlXyxESD+XkpVDkJ3W ey/1Lh7083Ve1WmIuUAo3N4d7HjLgrFVZxiumGGRz/aV3s01OFFS5JqI wF9BTNrNPGLPzzbBaQMHErO88HIbbg4sot7e6bSrtpAEf23MhZ3qZJC9 +nN+DknmsgTE6EpK6ZyUrZc64/0K68EWhtk1gf95NQEzTD4QgrOD6IYq Lw== diff --git a/contrib/zkt-1.1.2/examples/views/intern/example.net/Kexample.net.+005+00126.private b/contrib/zkt-1.1.2/examples/views/intern/example.net/Kexample.net.+005+00126.private new file mode 100644 index 0000000000..96e1ff6e08 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/intern/example.net/Kexample.net.+005+00126.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: C+JLXRgWPqqGe0cta8CR95tz7PkkgRDlXyxESD+XkpVDkJ3Wey/1Lh7083Ve1WmIuUAo3N4d7HjLgrFVZxiumGGRz/aV3s01OFFS5JqIwF9BTNrNPGLPzzbBaQMHErO88HIbbg4sot7e6bSrtpAEf23MhZ3qZJC9+nN+DknmsgTE6EpK6ZyUrZc64/0K68EWhtk1gf95NQEzTD4QgrOD6IYqLw== +PublicExponent: AQAAAAE= +PrivateExponent: CF6/bss8OtQFdcjO6kJh9EamPFXAsaXFCdcYpHF55CU4H3jBuu7teLFEanvgm6M+wROYF0Yohiyb2aeSBdGLRIfTC9l3xfHD+XixuZVoNk6DqR1/8Wlxwu/a/hW9dq7pUXqDfTbzdZKR6SVRPa4MAdQ0p8aSF4S926NRqZC6E/anqhqNPSlBpxTs3TrRk+wY6u8wMXxPGNjJYoID8Y0Qau/H6Q== +Prime1: A50B7etEtQCDudL8+KBxU1/2sVT3ORMfoZPsOe+ZLFrwcOO9Iyrr6saymuD4QvcIHECdLUM5rsT1JBo87wgvVysibco7oVLxlIfsTcbM70l2Kw== +Prime2: A0n3+qM3ng3WAFzlpYRNUZpH/CW1pMq3nOHjx2olWwDxDZ4tAsUPKuW9n3kVZAR+4FkeUKn2ePR7xRtO3AzvA6QmZuZN6EHuLPlSKRufzeZ+DQ== +Exponent1: Hk5KY5PiXs6pf8T8rSvVs6PJqDX491R01ZDdAIDYjmhIUHKWQ2STAlPEpSAGXi+oqOo4dD1eJWgw36hT0JakjXU4aIvPoSdmVPMs8aod0NUh +Exponent2: AXKBZ5sYApCCj/0fGBTkmU6Zc89/ddQNrFm2lVLrwSTILHQWm/aXDvI+5icpF5kdrukVcNHUeCz1R/RTgeV4N9/qvr5YzbPWieqDNvpG1RcNRQ== +Coefficient: BZxK+fKwUNWoJ5huBqLsi8UMWgrCMqAfXvge4+Y4n4IL0VCU1UUEXZQEEeiATh0g52CuetOMej6FZ4QKbNryWg036ZKl81ataMGtDX/i/yZG diff --git a/contrib/zkt-1.1.2/examples/views/intern/example.net/Kexample.net.+005+52235.key b/contrib/zkt-1.1.2/examples/views/intern/example.net/Kexample.net.+005+52235.key new file mode 100644 index 0000000000..2745a9eacb --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/intern/example.net/Kexample.net.+005+52235.key @@ -0,0 +1,3 @@ +;% generationtime=20110125091121 +;% lifetime=84d +example.net. IN DNSKEY 256 3 5 BQEAAAAB0WcmwbQoLbDFommP0H2zyiHXC1ekz3VMR+zl69pZZb5nLL/j 66zL43Op/UVNhNlmwqH10QVie/oJf/ag07n8Jw== diff --git a/contrib/zkt-1.1.2/examples/views/intern/example.net/Kexample.net.+005+52235.published b/contrib/zkt-1.1.2/examples/views/intern/example.net/Kexample.net.+005+52235.published new file mode 100644 index 0000000000..7df544e738 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/intern/example.net/Kexample.net.+005+52235.published @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: 0WcmwbQoLbDFommP0H2zyiHXC1ekz3VMR+zl69pZZb5nLL/j66zL43Op/UVNhNlmwqH10QVie/oJf/ag07n8Jw== +PublicExponent: AQAAAAE= +PrivateExponent: jKRY6rToay8xyeGq5FZclg8nBubVeiu90mF5yKtUcCW1AEdiwAzyCkhhC+1I3jOgzuY6h8rKYs09HrGKap3/8Q== +Prime1: 8mXlFt4dXw7fPEG/XutzjHcy0GZe9XJkTWm39fvVZ6s= +Prime2: 3SdGMdlT+QzR5kfCkRJ6IT78B4yGeVXrXWgPDlmt0XU= +Exponent1: oNNInlF/En5spkcgs3jG8Nu8HoNiqLnCc/XtHwKF6xc= +Exponent2: M4FLC8tRFOF9LuCNcRYHmh6cSnZpWzQjcZ1uLvmsxp0= +Coefficient: pXldDiEWVr7Z5BTFXunGzpXoX+cs+oW0qit/1uqGv84= diff --git a/contrib/zkt-1.1.2/examples/views/intern/example.net/Kexample.net.+005+57602.key b/contrib/zkt-1.1.2/examples/views/intern/example.net/Kexample.net.+005+57602.key new file mode 100644 index 0000000000..4950d13bb6 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/intern/example.net/Kexample.net.+005+57602.key @@ -0,0 +1,3 @@ +;% generationtime=20101127101704 +;% lifetime=63d +example.net. IN DNSKEY 256 3 5 BQEAAAABp57sZfLQTLH4pU1vFRNfxU7IKonyz/BcaNqh2jywFbz/EzPP jB0M4UOfR7iwChoqiFgatnKg02Qazs+MbD8uyw== diff --git a/contrib/zkt-1.1.2/examples/views/intern/example.net/Kexample.net.+005+57602.private b/contrib/zkt-1.1.2/examples/views/intern/example.net/Kexample.net.+005+57602.private new file mode 100644 index 0000000000..84b54db171 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/intern/example.net/Kexample.net.+005+57602.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: p57sZfLQTLH4pU1vFRNfxU7IKonyz/BcaNqh2jywFbz/EzPPjB0M4UOfR7iwChoqiFgatnKg02Qazs+MbD8uyw== +PublicExponent: AQAAAAE= +PrivateExponent: jGofatbQPs8FyTAJmAWZZF+XzHKd9jhSQaDzrjMBf23DwDuu/GnyF7AcASTdHhzDqPXWkPIulsPDqYsewdLVMQ== +Prime1: 1VB6Wv92Rl/nEGuc9/P+Own4QLbsebgXceG7Eih0Fhk= +Prime2: ySmvvq+Qmh1o7os/4x7BB5/qI0vi4yZqp+OycM3S4IM= +Exponent1: jb0CEguKt/4oCHM5s/aLfSf5KGSNWrKew0CjNFprx8k= +Exponent2: wcyaaYEfMDYy9Hrzka7/L29W97KH+qVm7wZrUfQWoC0= +Coefficient: 0B7KgaK213Z/2VYJ/7hnCZGFlmHoJtYcwV790fwNilY= diff --git a/contrib/zkt-1.1.2/examples/views/intern/example.net/dnskey.db b/contrib/zkt-1.1.2/examples/views/intern/example.net/dnskey.db new file mode 100644 index 0000000000..7076e11658 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/intern/example.net/dnskey.db @@ -0,0 +1,30 @@ +; +; !!! Don't edit this file by hand. +; !!! It will be generated by zkt-signer. +; +; Last generation time Jan 25 2011 20:02:30 +; + +; *** List of Key Signing Keys *** +; example.net. tag=126 algo=RSASHA1 generated Jul 05 2010 09:43:02 +example.net. 14400 IN DNSKEY 257 3 5 ( + BQEAAAABC+JLXRgWPqqGe0cta8CR95tz7PkkgRDlXyxESD+XkpVDkJ3W + ey/1Lh7083Ve1WmIuUAo3N4d7HjLgrFVZxiumGGRz/aV3s01OFFS5JqI + wF9BTNrNPGLPzzbBaQMHErO88HIbbg4sot7e6bSrtpAEf23MhZ3qZJC9 + +nN+DknmsgTE6EpK6ZyUrZc64/0K68EWhtk1gf95NQEzTD4QgrOD6IYq + Lw== + ) ; key id = 126 + +; *** List of Zone Signing Keys *** +; example.net. tag=57602 algo=RSASHA1 generated Jan 25 2011 10:11:21 +example.net. 14400 IN DNSKEY 256 3 5 ( + BQEAAAABp57sZfLQTLH4pU1vFRNfxU7IKonyz/BcaNqh2jywFbz/EzPP + jB0M4UOfR7iwChoqiFgatnKg02Qazs+MbD8uyw== + ) ; key id = 57602 + +; example.net. tag=52235 algo=RSASHA1 generated Jan 25 2011 10:11:21 +example.net. 14400 IN DNSKEY 256 3 5 ( + BQEAAAAB0WcmwbQoLbDFommP0H2zyiHXC1ekz3VMR+zl69pZZb5nLL/j + 66zL43Op/UVNhNlmwqH10QVie/oJf/ag07n8Jw== + ) ; key id = 52235 + diff --git a/contrib/zkt-1.1.2/examples/views/intern/example.net/dsset-example.net. b/contrib/zkt-1.1.2/examples/views/intern/example.net/dsset-example.net. new file mode 100644 index 0000000000..b61c1b6fd5 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/intern/example.net/dsset-example.net. @@ -0,0 +1,2 @@ +example.net. IN DS 126 5 1 D32161DCFCA120944CB9C0394CBED1389FDB72CA +example.net. IN DS 126 5 2 351C6807B25E47223D7A6AA222291E8D7D7DDDA61D64CE839F937F22 47481FC9 diff --git a/contrib/zkt-1.1.2/examples/views/intern/example.net/keyset-example.net. b/contrib/zkt-1.1.2/examples/views/intern/example.net/keyset-example.net. new file mode 100644 index 0000000000..0aa2c7d464 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/intern/example.net/keyset-example.net. @@ -0,0 +1,10 @@ +$ORIGIN . +example.net 7200 IN DNSKEY 257 3 5 ( + BQEAAAABC+JLXRgWPqqGe0cta8CR95tz7Pkk + gRDlXyxESD+XkpVDkJ3Wey/1Lh7083Ve1WmI + uUAo3N4d7HjLgrFVZxiumGGRz/aV3s01OFFS + 5JqIwF9BTNrNPGLPzzbBaQMHErO88HIbbg4s + ot7e6bSrtpAEf23MhZ3qZJC9+nN+DknmsgTE + 6EpK6ZyUrZc64/0K68EWhtk1gf95NQEzTD4Q + grOD6IYqLw== + ) ; key id = 126 diff --git a/contrib/zkt-1.1.2/examples/views/intern/example.net/zone.db b/contrib/zkt-1.1.2/examples/views/intern/example.net/zone.db new file mode 100644 index 0000000000..af4861b5da --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/intern/example.net/zone.db @@ -0,0 +1,33 @@ +;----------------------------------------------------------------- +; +; @(#) intern/example.net/zone.db +; +;----------------------------------------------------------------- + +$TTL 7200 + +@ IN SOA ns1.example.net. hostmaster.example.net. ( + 0 ; Serial + 43200 ; Refresh + 1800 ; Retry + 2W ; Expire + 7200 ) ; Minimum + + IN NS ns1.example.net. + IN NS ns2.example.net. + +ns1 IN A 192.168.1.53 + IN AAAA fd12:063c:cdbb::53 +ns2 IN A 10.1.2.3 + +localhost IN A 127.0.0.1 + +; Delegation to secure zone; The DS resource record will +; be added by dnssec-signzone automatically if the +; keyset-sub.example.net file is present (run dnssec-signzone +; with option -g or use the dnssec-signer tool) ;-) +sub IN NS ns1.example.net. + +; this file will have all the zone keys +$INCLUDE dnskey.db + diff --git a/contrib/zkt-1.1.2/examples/views/intern/example.net/zone.db.signed b/contrib/zkt-1.1.2/examples/views/intern/example.net/zone.db.signed new file mode 100644 index 0000000000..316f1b2989 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/intern/example.net/zone.db.signed @@ -0,0 +1,109 @@ +; File written on Tue Jan 25 20:02:30 2011 +; dnssec_signzone version 9.7.2-P2 +example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. ( + 1295982150 ; serial + 43200 ; refresh (12 hours) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 7200 RRSIG SOA 5 2 7200 20110215180230 ( + 20110125180230 57602 example.net. + G+lTux2CtT0K4DoG9SDhvOHYHecTP+zQAFhx + 21fAFnHrV26q5OEL3XG2MqtFIBRzBVyWOQky + HjA0OrT2h0QMbQ== ) + 7200 NS ns1.example.net. + 7200 NS ns2.example.net. + 7200 RRSIG NS 5 2 7200 20110215180230 ( + 20110125180230 57602 example.net. + jWqP9xbY7F8AtNaHjKaLBKURY9MHkMdwlsv/ + h6Ood+Dktz/Cc2WC6Ce4twTQSPp4fZtIsIfl + Y50zl5acgD3fcA== ) + 7200 NSEC localhost.example.net. NS SOA RRSIG NSEC DNSKEY + 7200 RRSIG NSEC 5 2 7200 20110215180230 ( + 20110125180230 57602 example.net. + lPfwTBz3QYn6NzJPnYzFuwqAskF9AjE65UFQ + aTqwZpQ+puYATzTMbe4Aa7x1fOzMoffZCADV + RwJhuqle8AED1w== ) + 14400 DNSKEY 256 3 5 ( + BQEAAAABp57sZfLQTLH4pU1vFRNfxU7IKony + z/BcaNqh2jywFbz/EzPPjB0M4UOfR7iwChoq + iFgatnKg02Qazs+MbD8uyw== + ) ; key id = 57602 + 14400 DNSKEY 256 3 5 ( + BQEAAAAB0WcmwbQoLbDFommP0H2zyiHXC1ek + z3VMR+zl69pZZb5nLL/j66zL43Op/UVNhNlm + wqH10QVie/oJf/ag07n8Jw== + ) ; key id = 52235 + 14400 DNSKEY 257 3 5 ( + BQEAAAABC+JLXRgWPqqGe0cta8CR95tz7Pkk + gRDlXyxESD+XkpVDkJ3Wey/1Lh7083Ve1WmI + uUAo3N4d7HjLgrFVZxiumGGRz/aV3s01OFFS + 5JqIwF9BTNrNPGLPzzbBaQMHErO88HIbbg4s + ot7e6bSrtpAEf23MhZ3qZJC9+nN+DknmsgTE + 6EpK6ZyUrZc64/0K68EWhtk1gf95NQEzTD4Q + grOD6IYqLw== + ) ; key id = 126 + 14400 RRSIG DNSKEY 5 2 14400 20110215180230 ( + 20110125180230 126 example.net. + BZPPo0GqOxCxCzx78nwK4Qbwj9kAYTyo7mYB + 5wx53cGRn7gD26tw/l12w4Vp5Q4/UCvZ1QCf + pk0xJM4qkd1wfMXQtxmYL/95aHIbrfW4uyE8 + UD7wMjD7ufDTGEc40unLunJ7FEXZ3iLTHdwL + J/moCVAPKq+jQznC0eIcqAoIrSSbTHK4QRZc + s9OLmfm0W3xPAPr14imqExL76r57sILcKFfC + jQ== ) + 14400 RRSIG DNSKEY 5 2 14400 20110215180230 ( + 20110125180230 57602 example.net. + c3xZnvGx3v6Ccjz+o9YbKCFPWDbD+i6Gw/IF + RlxpOD41xQxoDWnqZlmqPu/gc0afQ0IbuJen + BV6v2Q1tnSWtIQ== ) +localhost.example.net. 7200 IN A 127.0.0.1 + 7200 RRSIG A 5 3 7200 20110215180230 ( + 20110125180230 57602 example.net. + DqPVfZUI44qRqPnoTclRf9EKixcqpPv8/3vc + QK2Y6HAj3YBcmVFDD5T6L31mv5ay34psfUu7 + hDJvYtCJFor/lw== ) + 7200 NSEC ns1.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20110215180230 ( + 20110125180230 57602 example.net. + E9k/RxN76Z2eFfHPJTdDcGz/TrthOQDihNoZ + k4bh858HkuPgXgfgdHJ2QL6xwS0oncP4JgqY + gKcmYxPyCqct5g== ) +ns1.example.net. 7200 IN A 192.168.1.53 + 7200 RRSIG A 5 3 7200 20110215180230 ( + 20110125180230 57602 example.net. + ku/0VTBFiNgLoBG9lWRvoJOzuyFUyOColXz2 + ZTtmrZWLPpnFapDsEC2ZOkWhlzpysbuCnZeq + +Tn35JziKPaCnQ== ) + 7200 AAAA fd12:63c:cdbb::53 + 7200 RRSIG AAAA 5 3 7200 20110215180230 ( + 20110125180230 57602 example.net. + ZepJB6jcivMqxfdR+B1qO8ZPsQrH6UmoLKN7 + 3S4X3/UbFEYXbEb/RF6p9Fb7pHPjnSAQyob2 + 2jBPrkol58C8hA== ) + 7200 NSEC ns2.example.net. A AAAA RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20110215180230 ( + 20110125180230 57602 example.net. + Rq2gPDo+xpndSV1TfK7AzWemTd3qtsKDFN+/ + jjmUzilm/2R1E/X7eNpIaF9oOtzPggTms8MJ + dhb5HUcMpe1idQ== ) +ns2.example.net. 7200 IN A 10.1.2.3 + 7200 RRSIG A 5 3 7200 20110215180230 ( + 20110125180230 57602 example.net. + ArSVm6tZqguzW2eVycpq//OvjGjWAy2/nrpv + P2uvavxWKJVdqIIUg3Yyvb5W6h4qUa+u0br4 + Yz213ghrj8exKg== ) + 7200 NSEC sub.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20110215180230 ( + 20110125180230 57602 example.net. + TCmdUAxSnk5oliX8/r9Z8odEHCtUOm87EAqK + 3JNlzlknuhYYvm7HaoEurXqdU4hMnU8h3LbW + W+Lus6YDeEyAtw== ) +sub.example.net. 7200 IN NS ns1.example.net. + 7200 NSEC example.net. NS RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20110215180230 ( + 20110125180230 57602 example.net. + mlIuEvQU5KrqBbP/qoM+tAx+MilvdI5g4X/o + 2w42OZ563C9ki9Q4lxCMQ67BQRKmVLiPZDX9 + U40oapBFIpDYTw== ) diff --git a/contrib/zkt-1.1.2/examples/views/intern/keyset-example.net. b/contrib/zkt-1.1.2/examples/views/intern/keyset-example.net. new file mode 100644 index 0000000000..0aa2c7d464 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/intern/keyset-example.net. @@ -0,0 +1,10 @@ +$ORIGIN . +example.net 7200 IN DNSKEY 257 3 5 ( + BQEAAAABC+JLXRgWPqqGe0cta8CR95tz7Pkk + gRDlXyxESD+XkpVDkJ3Wey/1Lh7083Ve1WmI + uUAo3N4d7HjLgrFVZxiumGGRz/aV3s01OFFS + 5JqIwF9BTNrNPGLPzzbBaQMHErO88HIbbg4s + ot7e6bSrtpAEf23MhZ3qZJC9+nN+DknmsgTE + 6EpK6ZyUrZc64/0K68EWhtk1gf95NQEzTD4Q + grOD6IYqLw== + ) ; key id = 126 diff --git a/contrib/zkt-1.1.2/examples/views/intern/zkt-int.log b/contrib/zkt-1.1.2/examples/views/intern/zkt-int.log new file mode 100644 index 0000000000..d6d4593cd9 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/intern/zkt-int.log @@ -0,0 +1,192 @@ +2008-06-12 18:02:13.593: notice: running as ../../dnssec-signer -V intern -v -v +2008-06-12 18:02:13.594: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:02:13.594: debug: Check RFC5011 status +2008-06-12 18:02:13.595: debug: ->ksk5011status returns 0 +2008-06-12 18:02:13.595: debug: Check ksk status +2008-06-12 18:02:13.595: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727466 sec) +2008-06-12 18:02:13.595: debug: ->waiting for pre-publish key +2008-06-12 18:02:13.595: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h17m46s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:02:13.595: debug: Re-signing necessary: Modified keys +2008-06-12 18:02:13.595: notice: "example.net.": re-signing triggered: Modified keys +2008-06-12 18:02:13.595: debug: Writing key file "intern/example.net./dnskey.db" +2008-06-12 18:02:13.596: debug: Signing zone "example.net." +2008-06-12 18:02:13.596: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private" +2008-06-12 18:02:13.705: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 18:02:13.705: debug: Signing completed after 0s. +2008-06-12 18:02:13.705: debug: +2008-06-12 18:02:13.705: notice: end of run: 0 errors occured +2008-06-12 18:03:13.208: notice: running as ../../dnssec-signer -V intern -r -v -v +2008-06-12 18:03:13.209: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:03:13.209: debug: Check RFC5011 status +2008-06-12 18:03:13.209: debug: ->ksk5011status returns 0 +2008-06-12 18:03:13.209: debug: Check ksk status +2008-06-12 18:03:13.209: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727526 sec) +2008-06-12 18:03:13.209: debug: ->waiting for pre-publish key +2008-06-12 18:03:13.209: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h18m46s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:03:13.209: debug: Re-signing not necessary! +2008-06-12 18:03:13.209: notice: end of run: 0 errors occured +2008-06-12 18:03:19.287: notice: running as ../../dnssec-signer -V intern -r -v -v +2008-06-12 18:03:19.288: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:03:19.288: debug: Check RFC5011 status +2008-06-12 18:03:19.289: debug: ->ksk5011status returns 0 +2008-06-12 18:03:19.289: debug: Check ksk status +2008-06-12 18:03:19.289: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727532 sec) +2008-06-12 18:03:19.289: debug: ->waiting for pre-publish key +2008-06-12 18:03:19.289: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h18m52s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:03:19.289: debug: Re-signing not necessary! +2008-06-12 18:03:19.289: notice: end of run: 0 errors occured +2008-06-12 18:03:23.617: notice: running as ../../dnssec-signer -V intern -f -r -v -v +2008-06-12 18:03:23.618: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:03:23.618: debug: Check RFC5011 status +2008-06-12 18:03:23.618: debug: ->ksk5011status returns 0 +2008-06-12 18:03:23.618: debug: Check ksk status +2008-06-12 18:03:23.618: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727536 sec) +2008-06-12 18:03:23.618: debug: ->waiting for pre-publish key +2008-06-12 18:03:23.618: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h18m56s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:03:23.618: debug: Re-signing necessary: Option -f +2008-06-12 18:03:23.618: notice: "example.net.": re-signing triggered: Option -f +2008-06-12 18:03:23.618: debug: Writing key file "intern/example.net./dnskey.db" +2008-06-12 18:03:23.619: debug: Signing zone "example.net." +2008-06-12 18:03:23.619: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private" +2008-06-12 18:03:23.719: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 18:03:23.719: debug: Signing completed after 0s. +2008-06-12 18:03:23.720: notice: ""example.net." in view "intern"": reload triggered +2008-06-12 18:03:23.772: debug: +2008-06-12 18:03:23.772: notice: end of run: 0 errors occured +2008-06-12 18:05:39.532: notice: running as ../../dnssec-signer -V intern -f -r -v -v +2008-06-12 18:05:39.533: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:05:39.533: debug: Check RFC5011 status +2008-06-12 18:05:39.533: debug: ->ksk5011status returns 0 +2008-06-12 18:05:39.533: debug: Check ksk status +2008-06-12 18:05:39.533: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727672 sec) +2008-06-12 18:05:39.533: debug: ->waiting for pre-publish key +2008-06-12 18:05:39.533: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h21m12s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:05:39.533: debug: Re-signing necessary: Option -f +2008-06-12 18:05:39.533: notice: "example.net.": re-signing triggered: Option -f +2008-06-12 18:05:39.533: debug: Writing key file "intern/example.net./dnskey.db" +2008-06-12 18:05:39.534: debug: Signing zone "example.net." +2008-06-12 18:05:39.534: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private" +2008-06-12 18:05:39.629: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 18:05:39.630: debug: Signing completed after 0s. +2008-06-12 18:05:39.630: notice: ""example.net."": reload triggered +2008-06-12 18:05:39.640: debug: +2008-06-12 18:05:39.640: notice: end of run: 0 errors occured +2008-06-12 18:07:47.753: notice: running as ../../dnssec-signer -V intern -f -r -v -v +2008-06-12 18:07:47.754: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:07:47.754: debug: Check RFC5011 status +2008-06-12 18:07:47.754: debug: ->ksk5011status returns 0 +2008-06-12 18:07:47.754: debug: Check ksk status +2008-06-12 18:07:47.754: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727800 sec) +2008-06-12 18:07:47.754: debug: ->waiting for pre-publish key +2008-06-12 18:07:47.754: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h23m20s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:07:47.754: debug: Re-signing necessary: Option -f +2008-06-12 18:07:47.754: notice: "example.net.": re-signing triggered: Option -f +2008-06-12 18:07:47.754: debug: Writing key file "intern/example.net./dnskey.db" +2008-06-12 18:07:47.754: debug: Signing zone "example.net." +2008-06-12 18:07:47.754: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private" +2008-06-12 18:07:47.856: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 18:07:47.856: debug: Signing completed after 0s. +2008-06-12 18:07:47.856: notice: ""example.net."": reload triggered +2008-06-12 18:07:47.866: debug: +2008-06-12 18:07:47.867: notice: end of run: 0 errors occured +2008-06-12 18:10:57.978: notice: running as ../../dnssec-signer -V intern -f -r -v -v +2008-06-12 18:10:57.978: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:10:57.978: debug: Check RFC5011 status +2008-06-12 18:10:57.978: debug: ->ksk5011status returns 0 +2008-06-12 18:10:57.978: debug: Check ksk status +2008-06-12 18:10:57.978: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727990 sec) +2008-06-12 18:10:57.978: debug: ->waiting for pre-publish key +2008-06-12 18:10:57.978: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h26m30s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:10:57.978: debug: Re-signing necessary: Option -f +2008-06-12 18:10:57.978: notice: "example.net.": re-signing triggered: Option -f +2008-06-12 18:10:57.978: debug: Writing key file "intern/example.net./dnskey.db" +2008-06-12 18:10:57.979: debug: Signing zone "example.net." +2008-06-12 18:10:57.979: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private" +2008-06-12 18:10:58.081: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 18:10:58.081: debug: Signing completed after 1s. +2008-06-12 18:10:58.081: notice: ""example.net." in view "intern"": reload triggered +2008-06-12 18:10:58.093: debug: +2008-06-12 18:10:58.093: notice: end of run: 0 errors occured +2008-06-12 18:13:29.511: notice: running as ../../dnssec-signer -V intern -f -r -v -v +2008-06-12 18:13:29.512: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:13:29.512: debug: Check RFC5011 status +2008-06-12 18:13:29.512: debug: ->ksk5011status returns 0 +2008-06-12 18:13:29.512: debug: Check ksk status +2008-06-12 18:13:29.512: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17728142 sec) +2008-06-12 18:13:29.512: debug: ->waiting for pre-publish key +2008-06-12 18:13:29.512: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h29m2s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:13:29.512: debug: Re-signing necessary: Option -f +2008-06-12 18:13:29.512: notice: "example.net.": re-signing triggered: Option -f +2008-06-12 18:13:29.512: debug: Writing key file "intern/example.net./dnskey.db" +2008-06-12 18:13:29.513: debug: Signing zone "example.net." +2008-06-12 18:13:29.513: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private" +2008-06-12 18:13:29.612: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 18:13:29.612: debug: Signing completed after 0s. +2008-06-12 18:13:29.612: notice: ""example.net." in view "intern"": reload triggered +2008-06-12 18:13:29.612: debug: Reload zone "example.net." in view "intern" +2008-06-12 18:13:29.612: debug: Run cmd "/usr/local/sbin/rndc reload example.net. IN intern" +2008-06-12 18:13:29.623: debug: +2008-06-12 18:13:29.623: notice: end of run: 0 errors occured +2008-06-12 18:13:38.707: notice: running as ../../dnssec-signer -V intern -f -r -v +2008-06-12 18:13:38.708: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:13:38.709: debug: Check RFC5011 status +2008-06-12 18:13:38.709: debug: ->ksk5011status returns 0 +2008-06-12 18:13:38.709: debug: Check ksk status +2008-06-12 18:13:38.709: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17728151 sec) +2008-06-12 18:13:38.709: debug: ->waiting for pre-publish key +2008-06-12 18:13:38.709: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h29m11s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:13:38.709: debug: Re-signing necessary: Option -f +2008-06-12 18:13:38.709: notice: "example.net.": re-signing triggered: Option -f +2008-06-12 18:13:38.709: debug: Writing key file "intern/example.net./dnskey.db" +2008-06-12 18:13:38.710: debug: Signing zone "example.net." +2008-06-12 18:13:38.710: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private" +2008-06-12 18:13:39.163: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 18:13:39.163: debug: Signing completed after 1s. +2008-06-12 18:13:39.163: notice: ""example.net." in view "intern"": reload triggered +2008-06-12 18:13:39.163: debug: Reload zone "example.net." in view "intern" +2008-06-12 18:13:39.163: debug: Run cmd "/usr/local/sbin/rndc reload example.net. IN intern" +2008-06-12 18:13:39.174: debug: +2008-06-12 18:13:39.174: notice: end of run: 0 errors occured +2008-06-12 18:13:43.163: notice: running as ../../dnssec-signer -V intern -f -r -v -v +2008-06-12 18:13:43.164: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:13:43.164: debug: Check RFC5011 status +2008-06-12 18:13:43.164: debug: ->ksk5011status returns 0 +2008-06-12 18:13:43.164: debug: Check ksk status +2008-06-12 18:13:43.164: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17728156 sec) +2008-06-12 18:13:43.164: debug: ->waiting for pre-publish key +2008-06-12 18:13:43.164: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h29m16s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:13:43.164: debug: Re-signing necessary: Option -f +2008-06-12 18:13:43.164: notice: "example.net.": re-signing triggered: Option -f +2008-06-12 18:13:43.164: debug: Writing key file "intern/example.net./dnskey.db" +2008-06-12 18:13:43.164: debug: Signing zone "example.net." +2008-06-12 18:13:43.164: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private" +2008-06-12 18:13:43.262: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 18:13:43.262: debug: Signing completed after 0s. +2008-06-12 18:13:43.262: notice: ""example.net." in view "intern"": reload triggered +2008-06-12 18:13:43.262: debug: Reload zone "example.net." in view "intern" +2008-06-12 18:13:43.262: debug: Run cmd "/usr/local/sbin/rndc reload example.net. IN intern" +2008-06-12 18:13:43.273: debug: +2008-06-12 18:13:43.273: notice: end of run: 0 errors occured +2008-10-03 01:00:38.404: notice: ------------------------------------------------------------ +2008-10-03 01:00:38.404: notice: running ../../dnssec-signer -V intern +2008-10-03 01:00:38.405: debug: parsing zone "example.net" in dir "intern/example.net" +2008-10-03 01:00:38.405: debug: Check RFC5011 status +2008-10-03 01:00:38.405: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-10-03 01:00:38.405: debug: Check KSK status +2008-10-03 01:00:38.405: debug: Check ZSK status +2008-10-03 01:00:38.405: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (5018321 sec) +2008-10-03 01:00:38.405: debug: ->depreciate it +2008-10-03 01:00:38.405: debug: ->activate published key 23375 +2008-10-03 01:00:38.405: notice: "example.net": lifetime of zone signing key 5972 exceeded: ZSK rollover done +2008-10-03 01:00:38.405: debug: New key for publishing needed +2008-10-03 01:00:38.491: debug: ->creating new key 55745 +2008-10-03 01:00:38.492: info: "example.net": new key 55745 generated for publishing +2008-10-03 01:00:38.492: debug: Re-signing necessary: New zone key +2008-10-03 01:00:38.492: notice: "example.net": re-signing triggered: New zone key +2008-10-03 01:00:38.492: debug: Writing key file "intern/example.net/dnskey.db" +2008-10-03 01:00:38.492: debug: Signing zone "example.net" +2008-10-03 01:00:38.492: debug: Run cmd "cd intern/example.net; /usr/local/sbin/dnssec-signzone -g -p -o example.net -e +86400 -N unixtime zone.db K*.private" +2008-10-03 01:00:38.796: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-10-03 01:00:38.796: debug: Signing completed after 0s. +2008-10-03 01:00:38.796: debug: +2008-10-03 01:00:38.796: notice: end of run: 0 errors occured diff --git a/contrib/zkt-1.1.2/examples/views/named.conf b/contrib/zkt-1.1.2/examples/views/named.conf new file mode 100644 index 0000000000..c7034e2f5f --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/named.conf @@ -0,0 +1,97 @@ +/***************************************************************** +** +** #(@) named.conf (c) 6. May 2004 (hoz) +*****************************************************************/ + +/***************************************************************** +** logging options +*****************************************************************/ +logging { + channel "named-log" { + file "named.log"; + print-time yes; + print-category yes; + print-severity yes; + severity info; + }; + category "dnssec" { "named-log"; }; + category "edns-disabled" { "named-log"; }; + category "default" { "named-log"; }; +}; + +/***************************************************************** +** name server options +*****************************************************************/ +options { + directory "."; + + pid-file "named.pid"; + listen-on-v6 port 1053 { any; }; + listen-on port 1053 { any; }; + + empty-zones-enable no; + + port 1053; + query-source address * port 1053; + query-source-v6 address * port 1053; + transfer-source * port 53; + transfer-source-v6 * port 53; + use-alt-transfer-source no; + notify-source * port 53; + notify-source-v6 * port 53; + + recursion yes; + dnssec-enable yes; + dnssec-validation yes; /* required by BIND 9.4.0 */ + dnssec-accept-expired false; /* added since BIND 9.5.0 */ + edns-udp-size 1460; /* (M4) */ + max-udp-size 1460; /* (M5) */ + + # allow-query { localhost; }; /* default in 9.4.0 */ + # allow-query-cache { localhost; }; /* default in 9.4.0 */ + + dnssec-must-be-secure "." no; + + querylog yes; + + stats-server 127.0.0.1 port 8881; /* added since BIND 9.5.0 */ +}; + +/***************************************************************** +** view intern +*****************************************************************/ +view "intern" { + match-clients { 127.0.0.1; ::1; }; + recursion yes; + zone "." in { + type hint; + file "root.hint"; + }; + + zone "0.0.127.in-addr.arpa" in { + type master; + file "127.0.0.zone"; + }; + + zone "example.net" in { + type master; + file "intern/example.net/zone.db.signed"; + }; +}; + +/***************************************************************** +** view extern +*****************************************************************/ +view "extern" { + match-clients { any; }; + recursion no; + zone "." in { + type hint; + file "root.hint"; + }; + + zone "example.net" in { + type master; + file "extern/example.net/zone.db.signed"; + }; +}; diff --git a/contrib/zkt-1.1.2/examples/views/named.log b/contrib/zkt-1.1.2/examples/views/named.log new file mode 100644 index 0000000000..15d5f7b927 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/named.log @@ -0,0 +1,17 @@ +20-Nov-2007 17:12:58.092 general: critical: couldn't open pid file '/var/run/named.pid': Permission denied +20-Nov-2007 17:12:58.092 general: critical: exiting (due to early fatal error) +20-Nov-2007 17:20:24.941 general: critical: couldn't open pid file '/var/run/named.pid': Permission denied +20-Nov-2007 17:20:24.941 general: critical: exiting (due to early fatal error) +20-Nov-2007 17:28:22.686 general: critical: couldn't open pid file '/var/run/named.pid': Permission denied +20-Nov-2007 17:28:22.686 general: critical: exiting (due to early fatal error) +20-Nov-2007 17:40:12.389 general: error: zone 0.0.127.in-addr.arpa/IN/intern: loading from master file 127.0.0.zone failed: file not found +20-Nov-2007 17:40:12.391 general: info: zone example.net/IN/intern: loaded serial 1195574789 (signed) +20-Nov-2007 17:40:12.393 general: info: zone example.net/IN/extern: loaded serial 1195561217 (signed) +20-Nov-2007 17:40:12.393 general: notice: running +20-Nov-2007 17:40:12.393 notify: info: zone example.net/IN/intern: sending notifies (serial 1195574789) +20-Nov-2007 17:40:12.394 notify: info: zone example.net/IN/extern: sending notifies (serial 1195561217) +20-Nov-2007 19:07:04.016 general: info: shutting down +20-Nov-2007 19:07:04.017 network: info: no longer listening on ::#1053 +20-Nov-2007 19:07:04.017 network: info: no longer listening on 127.0.0.1#1053 +20-Nov-2007 19:07:04.017 network: info: no longer listening on 145.253.100.51#1053 +20-Nov-2007 19:07:04.020 general: notice: exiting diff --git a/contrib/zkt-1.1.2/examples/views/root.hint b/contrib/zkt-1.1.2/examples/views/root.hint new file mode 100644 index 0000000000..2b5c167a31 --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/root.hint @@ -0,0 +1,45 @@ +; <<>> DiG 9.5.0a6 <<>> ns . @a.root-servers.net +;; global options: printcmd +;; Got answer: +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33355 +;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13 +;; WARNING: recursion requested but not available + +;; QUESTION SECTION: +;. IN NS + +;; ANSWER SECTION: +. 518400 IN NS H.ROOT-SERVERS.NET. +. 518400 IN NS I.ROOT-SERVERS.NET. +. 518400 IN NS J.ROOT-SERVERS.NET. +. 518400 IN NS K.ROOT-SERVERS.NET. +. 518400 IN NS L.ROOT-SERVERS.NET. +. 518400 IN NS M.ROOT-SERVERS.NET. +. 518400 IN NS A.ROOT-SERVERS.NET. +. 518400 IN NS B.ROOT-SERVERS.NET. +. 518400 IN NS C.ROOT-SERVERS.NET. +. 518400 IN NS D.ROOT-SERVERS.NET. +. 518400 IN NS E.ROOT-SERVERS.NET. +. 518400 IN NS F.ROOT-SERVERS.NET. +. 518400 IN NS G.ROOT-SERVERS.NET. + +;; ADDITIONAL SECTION: +A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4 +B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201 +C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12 +D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90 +E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10 +F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241 +G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4 +H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53 +I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17 +J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30 +K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129 +L.ROOT-SERVERS.NET. 3600000 IN A 199.7.83.42 +M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33 + +;; Query time: 114 msec +;; SERVER: 198.41.0.4#53(198.41.0.4) +;; WHEN: Mon Nov 5 07:28:00 2007 +;; MSG SIZE rcvd: 436 + diff --git a/contrib/zkt-1.1.2/examples/views/viewtest.sh b/contrib/zkt-1.1.2/examples/views/viewtest.sh new file mode 100644 index 0000000000..f0a17543ac --- /dev/null +++ b/contrib/zkt-1.1.2/examples/views/viewtest.sh @@ -0,0 +1,20 @@ + + +ZKT_CONFFILE=dnssec.conf +export ZKT_CONFFILE + +if true +then + echo "All internal keys:" + ./dnssec-zkt-intern + echo + + echo "All external keys:" + ./dnssec-zkt-extern + echo +fi + +echo "Sign both views" +./dnssec-signer-intern -v -v -f -r +echo +./dnssec-signer-extern -v -v diff --git a/contrib/zkt/examples/zkt-ls.sh b/contrib/zkt-1.1.2/examples/zkt-ls.sh similarity index 100% rename from contrib/zkt/examples/zkt-ls.sh rename to contrib/zkt-1.1.2/examples/zkt-ls.sh diff --git a/contrib/zkt/examples/zkt-signer.sh b/contrib/zkt-1.1.2/examples/zkt-signer.sh similarity index 100% rename from contrib/zkt/examples/zkt-signer.sh rename to contrib/zkt-1.1.2/examples/zkt-signer.sh diff --git a/contrib/zkt/log.c b/contrib/zkt-1.1.2/log.c similarity index 100% rename from contrib/zkt/log.c rename to contrib/zkt-1.1.2/log.c diff --git a/contrib/zkt/log.h b/contrib/zkt-1.1.2/log.h similarity index 100% rename from contrib/zkt/log.h rename to contrib/zkt-1.1.2/log.h diff --git a/contrib/zkt/man/dnssec-zkt.8 b/contrib/zkt-1.1.2/man/dnssec-zkt.8 similarity index 100% rename from contrib/zkt/man/dnssec-zkt.8 rename to contrib/zkt-1.1.2/man/dnssec-zkt.8 diff --git a/contrib/zkt/man/zkt-conf.8 b/contrib/zkt-1.1.2/man/zkt-conf.8 similarity index 100% rename from contrib/zkt/man/zkt-conf.8 rename to contrib/zkt-1.1.2/man/zkt-conf.8 diff --git a/contrib/zkt/man/zkt-conf.8.html b/contrib/zkt-1.1.2/man/zkt-conf.8.html similarity index 100% rename from contrib/zkt/man/zkt-conf.8.html rename to contrib/zkt-1.1.2/man/zkt-conf.8.html diff --git a/contrib/zkt/man/zkt-conf.8.org b/contrib/zkt-1.1.2/man/zkt-conf.8.org similarity index 100% rename from contrib/zkt/man/zkt-conf.8.org rename to contrib/zkt-1.1.2/man/zkt-conf.8.org diff --git a/contrib/zkt/man/zkt-conf.8.pdf b/contrib/zkt-1.1.2/man/zkt-conf.8.pdf similarity index 100% rename from contrib/zkt/man/zkt-conf.8.pdf rename to contrib/zkt-1.1.2/man/zkt-conf.8.pdf diff --git a/contrib/zkt/man/zkt-keyman.8 b/contrib/zkt-1.1.2/man/zkt-keyman.8 similarity index 98% rename from contrib/zkt/man/zkt-keyman.8 rename to contrib/zkt-1.1.2/man/zkt-keyman.8 index 9c0da65673..69093117d1 100644 --- a/contrib/zkt/man/zkt-keyman.8 +++ b/contrib/zkt-1.1.2/man/zkt-keyman.8 @@ -202,7 +202,7 @@ option is specified. .TP .BI \-R " keyid" ", \-\-revoke=" keyid Revoke the key signing key with the given keyid. -A revoked key has bit 8 in the flags filed set (see RFC5011). +A revoked key has bit 8 in the flags field set (see RFC5011). The keyid is the numeric keytag with an optionally added zone name separated by a colon. .TP .BI \-\-rename=" keyid @@ -251,7 +251,7 @@ Use --ksk-rollover for a little more detailed description. .fam T Create a new key signing key for the zone "example.net". Store the key in the same directory below "zonedir" where the other -"example.net" keys live. +"example.net" keys life. .TP .fam C .B "zkt-keyman \-D 123245 \-r . diff --git a/contrib/zkt/man/zkt-keyman.8.html b/contrib/zkt-1.1.2/man/zkt-keyman.8.html similarity index 98% rename from contrib/zkt/man/zkt-keyman.8.html rename to contrib/zkt-1.1.2/man/zkt-keyman.8.html index dc53c9bb9c..fc93304f5a 100644 --- a/contrib/zkt/man/zkt-keyman.8.html +++ b/contrib/zkt-1.1.2/man/zkt-keyman.8.html @@ -1,5 +1,5 @@ - + @@ -223,7 +223,7 @@ The keyfile will be created in the current directory if the keyid, −−revoke=keyid

Revoke the key signing key with -the given keyid. A revoked key has bit 8 in the flags filed +the given keyid. A revoked key has bit 8 in the flags field set (see RFC5011). The keyid is the numeric keytag with an optionally added zone name separated by a colon.

@@ -285,7 +285,7 @@ more detailed description.

Create a new key signing key for the zone "example.net". Store the key in the same directory below "zonedir" where the other -"example.net" keys live.

+"example.net" keys life.

zkt-keyman −D 123245 −r .

diff --git a/contrib/zkt/man/zkt-keyman.8.pdf b/contrib/zkt-1.1.2/man/zkt-keyman.8.pdf similarity index 58% rename from contrib/zkt/man/zkt-keyman.8.pdf rename to contrib/zkt-1.1.2/man/zkt-keyman.8.pdf index 298fc2b429423a6c6248296bd9011d0b31a9b6d4..487803c3fafdb0a29a40ec58c81e168716765d0a 100644 GIT binary patch delta 4051 zcmZvecQ_k-*T;=2LXFyr#@0m=GqzGJ)UTE zaw^6}?8G7ED>qjb>+^E!zcKI@B?_1-Fvwi1#XR_ByO&1O35zLuAyfY(cvI@MvW`xa zRpEALpv?1RqrJlY`}JCnsbM>xS2i1!%LqK*CwxuXT?tXUt_$3KyLr*Eyq!tu-~m~u z?Ln`?06Jw0vtNiMvsmP1ep*jPU9`!gOnOGB5eYj89JkD;rhdL7pcOJ-)?+_hjV3@R zIz_9>_n^9Mu791e3t++=j?-r*TVT)e5V>Bd!7&o0F*1h6QxdVv*(TinEWeODp?1A- zw|RX7t{QpUMo!vFFnMV>(d+8gXT$NVXxoer4v_cmE!bN|FC?6GGHPf7=B$SOXfOYf zYSX&es=O9o=bD2mu`8YTOnOnN!8~9D^*g({pzI$(boKO=J1BA-~O4LQZ z!>PYm{6?|2Ir1s)P7b$4PzbaN?6*HvG-u1ByWxkJ7svWas*e z<&|owELfBMv4}trrdM2dTe!OT7++yA4mHQK58NgtulREKVgsX(zxMPM&Se(PU+MV0 zU(QWgdYDf7TTIOa(K-5=g0%JjlDcRhqbuR{Wm>fL!_0=a_fJ~nZC*@DDwDm4yI-OB z+-mvAVEzcs)aUP`vCSvnvo{X;FPHns)bJ^B&0&+kpAII{$P_^8#X|dQx7!?8mxYp8 z2AWbB8WZQIrFuJQBMFh&cQ@O8f;4T?+jML(Bu(?PKsJOt=5YCpnSwQP1MZlJ-W_P4 zn@>hUQxFCpNjwF+3`!e}uFoB(!GFu~m8$RZU>B0QoPK~*!l?4}w=P!F0RyU(^G{~8 zu`W5Xspbsm8Ov(0vbGz+cI8*~1x2=V3pT&_!+43Z2l3U_sD#>BGEb0V>s{nVz9Kq> z`bNxJbIo_hBD;%u8n%0mNPg;77sd&Xk9}fFA1Qmqcd@l6!g$n9>?8aehUx3I)lCgl zD(s%hWNVwxbo2Zs|5EY;qpMt|&*X6tSa(fQe4FC?qRmELCm(B;TM>7(yaZCgUSgzWLi!5#HZukND;d2SR};8lq{0UEu^@R8k1 zB-@;Te;x7Q{Z28CpCJp%?;~1!ATd}f4T|Wfj9;)u<%hfE(rbwh=<&@73XhpIHos>i zn2$t8;#nR8Yx#y+`btVqHBGmLLfWKg&U$Ocw1IPX`Ci6gv?D?hrmo? z#~02OVy{{~gppf(Shus&S*5W#YY7~QUgD|TrR-O5i5}65ZxzF55BDM?O)8!Dnr2Up zodNddc_;$roJqmtyczm$gquREH-bX8*!t8U6~$J==^85I{!Z+gh*(bY;hV{1EvagT z_o1~}xb9I5vfV_lury=GeFhV=U%AXsoC*5OQXsbTqGTB~eXiUzM+eI+sVq=?`|8|v za(Q-l|54L$?gMCapA%3m+Oza_$I0VgyBFOX8ggxS)6?13Jqx=iTwURnI@%wQi? z+aQ}bOmJb0@)?bg14?St#(ES4t9H@@=Sz9rZ=%d{DB2mtX^VaUR)Yr&q`W-f>kN_M zM>+}v4X!DRQmkG3{8((}(81#AJx-?LNj^)BB4Q!zMvlH;MHE%S@!ZdZA1NMTXSh|1 z0gjI%6l(If^fS1|T=->;!^B@34Q6q^;<7k8z!ar1W2B3uetrfIvbjGv0TkU+vNX9!zIh~@x4Qpokp$WnMB>(*ozMhM`tphpVtB`!{u}$p6%GKZ!}PwO}lwZU$uLKyIYEA7mbv& zd95UGYG!ponZX~qY-DBe8{=CMrh*R6QYP3>L&yYe~$ zlT21qgWgP9#@`}!Np;D+1P(vtTvLq_5~JOI{t8EHf&BjCh@0W~;}^pppho(h6lJVR zvJZzV&rQzICsT`vpSx}p!<6sB{9>Hz{J)B>5iXN%CCp-TPxi-!miEB577oyAJGp9F$ca5%2dU&;g~9RRq*x~9R><3~ zjAk_~*Qt>5-@kw#3t}^_iyOtNRhOlV9gYZ2=!etFHhMt0P&=JqnW_1sp#2`2PX@<& z>I$tRWcaG|c`=P|wb*(%Y`63~_1e9(2;41RAR|2zMDMfDY+PTtohy!wgB! z(3rl0%Ss75VDh=L!%V-LzN%R~ZRdELz zE_hYUrwFz!2+yap#(Exvzp-6!1l$k2gx%!unFO`Y^}>Tl_C2|seSgK|c3Yi~Pw6|= zWhVC&zjR9;G1!6feA8J{1nndAVaZW1<2Ktb1yrrQhdua})pdc2(_(S*Udt6B)@9z? z!qu`JNHcIEbk+w5+iCjZIrJ;1iSV?WS8`D)bB->EDZ>8tanI3 zaBNgm7p^5gPT@Q%D~5l;6s#=^Gp`dO$7{c3x-Z~GLM+ZT$hWlnM1_4D=Q8OS*?RO& zRZi&aO9^*g1}k-82g}Ede{Y)qSc8fSz&JztN%~Ap-D%8=+6+t+51SAMqrH<3*@q}$ z-^=$-#XRC(q%`Aberw9C>XFu^*dghB(-d#NI^8jryk;U*|59H+90ixC^INQy@OroEcVrm*q(m7u2&F zS{ItWc0+olp#@%HPV#Dj&-g#8Jz#tFY2t%FzP})YZmp=+$f*a zF+UNd6XF@SNDGnXt3Hy`EGptb5oq{El$Ep?B&lUiq<`XIKR6$?jUEWq;{O$%{Q)+! zbYz4P8}fHQf2%Y5UEP!94PDNkc-j6hzz;rrPl|j#XT6#dSRK5kD7D-?bv7>y&X_Nm zxKOxa#yH~J7M5@C)ao{grE_aejen7+Y1-UL*P` z67#yflGxzrzb?>fbHPucxFC|Ppz{2B!_?Buwy2Kb$3n*hCBci6sfS#i&MSSa6Qh}Y zFR(3KzjBdAc#2=#tw6?@F3rKF7n7%7vd^2QT9`afP-!)!=GfmJ!#ZncS2@@3&L+`! zpH@0irIMIHQEv{v&T`ME-_~^*tjoohV}8!6pN3u5Z1?(&rYQvw%ffZk%+AD1iyJ!iQx1lJ#QVVXeA=v2wa7rw*-E!zn9wVQE?$WA{SJ_`$d9{!q9 zd~}t{*{<3Xjr*BpKFdW)mNW`|^=T$I_0`3ct7busiW)=- z%wBCAzVsKEycyufGy1R*`r8w1-XNS2MOdGX7y}cZ|eXQ@<~?)}j{*6uNQS z(-q_%R0nJ`AWy{^4`M*HRQkEb{;prW6k>YGaaCmUM~p1i@wDfM8#%hCZwfufc^L_gfK*=)D!w7-)R4~$nfWRQo|E01Vr9rx2bs*?p4;TOh{BHo#fGR^yFp$b0jsL7u zR|BhLy_43&Due%-(ook>J;BtJ)lM)KsPYL0Ry)zFuC98b7ox8IZ%bKNnKM|Glm9>< zCoMz&4Em2T{@6NMr}|%fK{QTksDS^?)c^nfRMk)JR2>Zcr?7^Gnp)OXS#2HZsi;~) scP*c_xIWtWnqcS!g%bo0(A5Q?(1>7kc(A7z018q817u~dSsMfX2e7;M1& delta 4071 zcmZXQc{J4j{>SapjIw8621z5;n86I$RY-OcA%n4%!PpZY4I-ngS+kW0S<5m=GBS3u zWGPFQY#C&i$?g7r_uO;t*Zcj?^E_Vf=kvVY&tm-s{R(bY;F}^>$cSa`){M!sXpU*- z)^IVN%X(N8U%6_K)p_=zcu8*sq`B_(7@K{jwZd+79Ev*UB`Z}_n(R2j!6f)ZtK_vbM;c;Wt5S+dL05BO&p^@7BS=IXiw5kFv7YT2?i^HjWv zO?CpA#07gDh?7CltNmFH!TfwOfX<86As1MU zXumC$UeoV%>eg#TvpsRUI25Wj#3+DsM~q!J405mph($w=E7Dco4Gv?j(doT!48|2; zC?N%(JD$tK#+FG^{M2(Hy&K6(LBZEUmxfak(;)OLBtHSRy*k&mM+FlJi#yM+w(@D+v)2jS{EixPZ> z+w3hbAlc~sE(EQcLRJkDjV z<(%f-xJ?{jXuJ^eniAPY&15T-lo}gDegc&w$uko;{97nSlex*ifdtUy>7aQcE$(TV0 zaMj{_9ghZOqE!$%%lLyC8`_sKL#Uv?=x5~3_t@IOwWCux;HMy(HG!w4;cR8ulJ-dS z^RA`*w`DASt!{`HPi}muRED``2U7a6{I^K&E=>&iYenwnx4Wf0W^B~A>xMR+%*vYU z<%B(D$wZBKjGRQ>{)A3~Cd6wa7QmQEfIrFo`YYm<=N9hxl7JENsi1pdrseLYIS(lg zZTmC3cvf_2d;Q(ox#d{O!NPB6Wh%=CSX zc%Y^Ke2u6(If~1a?#2(}e78DL7Iac}^Bmbgl?AxjKQvoEz8&)ZMTvi{Xp}K8Fes6b zk{OnDntVm}QJtac+C}z6t~vMJ@y}Z^_dIF&+Es|Q#Nm(;@p)|ty8E~W>47)2i^7*X zlE*uC%m!{~Rof#B2b2Dk*(v0#xOYCYnS=8Uyow)~+up@&i8vaHL{zdZo40>c3v@4r ziZI^{_k8dNtaMtUhgu*+GSd=`1+2=%u5t7z3ybLrS)btSIBb1ryI#M)v3>XyQM>Nb z0Ddi`VG8fC;c2Y3pLa$^?jDibjRQZoJX#=)cX=2*;;>d~{Hfa(s}zku%L@GVek>56 zaf?2A)kX(Qbotc%ATCr*&+$8@Zl7+`r-NQg3fs%7s5Gq)>cCW?3u*+q}BDop?PODeO&9`GvlNhK*6`3p>j2}LkUlD!e2{vbr zHGX(Pq+O~%RWWOUfr~IJs9Pgo$=!IgW5A2_54zTYe=d#RGD+W`k53XRat>x zPT6z?n(Mh-dX^N9PW5-I7hq9EFEu9T2a-lO)v--DVriziu%?VqC!1L#YyA@~d2NC3 zJor+io++Gzn+mlsC6MeUnlk8(1qWr*jn0UN*|CV`f#;4GL=mh!XHB;<%R@M1EGF0m zFD7(w77OU zcgUJ9QYGL30C6>m2!Mw*g`3oF6qPty3p#k*j652P>>Tco(D&jo^-*Kp9-HFYyMxg6SAvo3e5Oz#j~0Z{Hrpz_?JhaDi{04k=fxYF`r(PTyugt zdRN>&A;ql;`fb3x^W@usr}XbrsS3`jGi~g@64mHNUG%c5&?}a(ruc z51w_Cddtx7uJgPmNJ-lYV~pytZ4B!iJe^HR`yt}vmblDk^MQl$*V9zE&e zX}x~&dD^VCG^Y2154P^(%UtHJoGySkksJQA=~DU1ey1*BcW?;So_v|v%6%zSsH8H{ zYc-etVK7u{gk{MX84IE^j!1=Oz8#>sHXc>c|tpL+I#$$!? zW(67CcR}eQ@(#G)Uv+H>)tLsq0cJbfI`J1i7~;rIhNXTKrL8f`NA!EV-nZ>u*QVY+%YK4S;a$bd$~wx+ zSm_zjHR(ihAl3SJKcqlb?~RiUJElTf78?pGGR%Cd*T*ut zktLtrjaE?9fcG1GGyTjOqYa+u)*ih<>-Sw{Tks!QRDv80DXYYoSBUJ1bk=-JWiKm~ za=Ctl6QN!rN5iAWn5*rW!djJkNw2;!m4m1Bo*L*lgvmEvZNIr~3@DCvmM(`5D+K6J zM_3D-#Z3f3_6J@YvkhWR;vXK=p~-d*2^*gRrud?L+Cl{ zLOI%fO5#0<)^6VwAinaghWqH!jc(Zcz+%r$sh+A)%{v)2QM;dEQeyE~3&F_b8Jw-x zP1QYPU;D!IoCBGQI31ytnilv&*`H`*WZud4R~&=SIC^!*sRMn{Xg1-6k3kkI%_x%? z@I;l2<+?RcfE-Vm~Meq}VGZUjw((7o%rSj*XNhM*V_K@Uj`y(@S) z%dQlIejCYkZxzC0v+H#Ac7G;8!XUp!5&U6T{|2y0h%@F}DOP1I_8*-O3>Nkzys^d0K0|DvSL~DX zoA3@Aw!F?qIK<>^xDhO_LqsHfx#3ypmg*##vS<0GPCa}Prul0nG#op3i-ArS$8gX* z0CZirKe(f8v7IlFtA(@lvn|SwI0%?pF)~2sS1^63=CRNCe1ZrZ`RGAGu!z9Na{pu~MWkF(wWKm2kN)QfjfNwRF+~OBF{U5~KgQ(H$Gj*M>X;XS zLjC{hNw_no)D(~BAmop)tR(lhr~mz~A`&f^lqboJJ)VI4TgyLQqvesunS#>s5>ZIS zV_q~GnItErqIx?>Eps}SFPLv4#^t#Ls}=0rF=7i*Q-k>UV(`9!c&sx-39f*KNJ(8a Hx(4|dhIUit diff --git a/contrib/zkt/man/zkt-ls.8 b/contrib/zkt-1.1.2/man/zkt-ls.8 similarity index 93% rename from contrib/zkt/man/zkt-ls.8 rename to contrib/zkt-1.1.2/man/zkt-ls.8 index c4261912e3..8ee00b12ae 100644 --- a/contrib/zkt/man/zkt-ls.8 +++ b/contrib/zkt-1.1.2/man/zkt-ls.8 @@ -45,6 +45,30 @@ zkt\-ls \(em list dnskeys .RI [{ keyfile | dir } .RI "" ... ] +.B zkt\-ls +.B \-M +.RB [ \-V|--view +.IR "view" ] +.RB [ \-c +.IR "file" ] +.RB [ \-l +.IR "list" ] +.RB [ \-dhrz ] +.RI [{ keyfile | dir } +.RI "" ... ] +.br +.B zkt\-ls +.B \-\-list-managedkeys +.RB [ \-V|--view +.IR "view" ] +.RB [ \-c +.IR "file" ] +.RB [ \-l +.IR "list" ] +.RB [ \-dhrz ] +.RI [{ keyfile | dir } +.RI "" ... ] + .B zkt\-ls .B \-K .RB [ \-V|--view @@ -84,8 +108,8 @@ In that mode the use of option may be helpful to find the location of the keyfile in the directory tree. .PP Other forms of the command, print out keys in a format suitable for -a trusted-key section -.RB ( \-T ) +a trusted- or managed-key section +.RB ( \-T or \-M ) or as a DNSKEY .RB ( \-K ) resource record. @@ -161,7 +185,7 @@ Print the key generation time (default is on). Also settable in the dnssec.conf file (Parameter: PrintTime). .TP .B \-h -No header or trusted-key section header and trailer in -T mode +No header or trusted-key resp. managed-key section header and trailer in \-T or \-M mode. .SH COMMAND OPTIONS .TP diff --git a/contrib/zkt/man/zkt-ls.8.html b/contrib/zkt-1.1.2/man/zkt-ls.8.html similarity index 93% rename from contrib/zkt/man/zkt-ls.8.html rename to contrib/zkt-1.1.2/man/zkt-ls.8.html index 0954bda593..e827839920 100644 --- a/contrib/zkt/man/zkt-ls.8.html +++ b/contrib/zkt-1.1.2/man/zkt-ls.8.html @@ -1,5 +1,5 @@ - + @@ -73,6 +73,18 @@ zkt−ls −−list-trustedkeys ...]

+

zkt−ls +−M [−V|--view view] +[−c file] [−l list] +[−dhrz] [{keyfile|dir} +...]
+zkt−ls −−list-managedkeys +[−V|--view view] [−c +file] [−l list] +[−dhrz] [{keyfile|dir} +...]

+ +

zkt−ls −K [−V|--view view] [−c file] [−l list] @@ -101,7 +113,8 @@ keyfile in the directory tree.

Other forms of the command, print out keys in a format suitable for a -trusted-key section (−T) or as a DNSKEY +trusted- or managed-key section +(−Tor−M) or as a DNSKEY (−K) resource record.

GENERAL OPTIONS @@ -228,8 +241,8 @@ PrintTime).

-

No header or trusted-key section header and trailer in --T mode

+

No header or trusted-key resp. managed-key section +header and trailer in −T or −M mode.

COMMAND OPTIONS diff --git a/contrib/zkt-1.1.2/man/zkt-ls.8.pdf b/contrib/zkt-1.1.2/man/zkt-ls.8.pdf new file mode 100644 index 0000000000000000000000000000000000000000..ad2a6e900887710e173cf03c86ba332b32f9b496 GIT binary patch literal 8176 zcmcgxXFS{M-?mHa)}|VJ6p@ewHELGut!8V)7DVh(s%q7ysC|r@HEY!#t zwO7$6dd9!!^nX5|=Xvw|-Xytx_qguwzVqeMQcw~E3qb%}uhwIK13-boKo?5~fTScy z4T-YF*a2Z!La;EMR5Evs#G&oY_~(I|*I(xpcIaz*6hJw= zmb{TtZ>&U3G@Hdb<6~`JMC=BRHuwZ=Y<=OYZq0rd_@seA1n_mh;s(X^C$YF2zHCpV zvc*7cY3CFgIGXlBA*osIEN=lb|9y2f0*7sE1z9oG96#jBU)sUiDnD8m} zGT0V==5{bn(iME*ehn5A!0IJ^v|Vx-T*VSnGtavwFc8Mg*Og1Zd$1ZHG(s5rMtHr) z?TFE4C!TRDfW}J`DXKXcfmpxyFq4xuYH97b&|y}l!HQ}j=K{A*#g0jV~lb{p+O-Zl&rXC#Gfnh2D83e(H-5AIJM003YHYR_h5s= zsSPjzq0rdYT-%c1OPJOOg=&mr_A}htQ=#GxmU9}xk3Pwlp zt*`xZIiG6dA=eIDhZbJKa`J)~Isti$D)7q!^>=x%Yt_(vhB2>SRR-*bHC=fMYePq( z`|#%Vm=$5jP`-Jk8Rlf=o&YwTq{z@`uPp}koKnU!ii1_+7HQl=_~c@`#zjW@j=7A2-q5Xt^T4gLm%1j5^j+Y1E^K z=9U}>YmQs$!+o=$s(Pp=WdaW&Uv$5fg;~WISsJ>yH02;&cg={1Td0fZ5YRi3ddESE zIt`C%KJ7c}Q*QUjmSR>D8R}>{(++_6SRC&heS~M$Q5>-gTM!ibyPIHg!ibY=`MIqFiEGGC8HSaO#QjiPJP_MyaNf03YKtC5pC;=Z3) z$_E+H%8B(|g>%U!m;%f)yFEff-}ioA;bl3#$}iM}>J4|pIU-Pv%e2jAxr#>RU*2I# zAK2RIA{9gWoZV>%Y=lnPB1eq|D%p*0OArD@2Z^RXuKK1!BlL*GNL93M47*dGjvOR! z9?<{=JE&7ENPAG<2@4I1x&lGn+ zsDg^ibo?_a?7P`$cPv`Z&rg?*(_OOi4Ed4S=O$C1Hh7Wv(lQ$r=BFKzJL`8XHBa6h z09D6jCcQ}!G`;uBYh?}km!zAMoAt~(a{M%7a zDj}M{z^q}k8dFjJsPFmUt5yWO95541HjS#%y*#2B!4-*b_dv>Jx;wcrZOCcKe!`i%x#dUh>gmU3yyxsL8FeV#AM=xZo7S68z~z2u6u;iDl! zVdo(at|dx&FdEVea14a)46_9EK4R-X&ajYKR>Bb?#3+V(FxliyO%A+eEK2@Rkuh6v z!ueT9b)6rdc#3dEXHU`l&KJVjTS(jq@HNKbPw;6;eM0o5(EK4NM1OK7M+Ku6=%-!`crDMY)Z<$*_A|BYllNdMV(3NKTto zm`buF?6ql~VLCx|<)9VrhpA-=)$V}3Oe0H58_QB5B!KSv#N-jE`_0icV_>Emhw}YT zpRF{P=E;hsty5bhNrJQduJxrFTqis#*SE;DZtV6nh8f5{MNkTJgU2UUOB&@RO730C zE2;TJ7l0?hvN#xye)UA;wqH<`f9Ip7vg+v38cvnyp!05yJo9gLj&-*EYRMk;#nf_h8l)4YMYIIlVBU__{tUb;)EN?${o zdxxAe$w)CXQ0ypFUB$7>n)36IN1^f>nS^zCItwnQ{-tJn(zDcxt0cTWj)om$1uPT8 z-{WiXQG!fVjwA2*WF;-76V70=naWd_g^Hu^=xC|%X(IM0Y$(?`=dcKwX2ot!c$ zi2W7Fr7PY8d#Y9^HNd3o_!`|;yOjH_lyViAWGD*nEgHM;#{dfxl*dpL5WzMdw^8&@|8 z;%aTscWwqC$C9r)4VH4n8<(MXi_AGIj<+eQ6)QMF!t zLSW*;fIl#>$S=h$SoD8W-HzU#L{GzL0>%yRp6V1?bpjiHbJ3WuLp6`uK!$sLa=4T& z)#CvOpKlLOBhRboKN9IAq-Ye1T#a>(;WeH0+Z6Zu1XqZNC^{`ZkEO?t3=El@{5ajN z=cTpp(tPvl{f>?T9vR}oke#3i$%m3C>g>F`;L3(ulFWpM_@@{X2DiZIvoCD#pM`bI z-R-V;bXy4W5uQr6byD0sI&mpmV6#hPapr7O{OO5zOJJYNixmd0R#irb8h4vqvWOu& z-2z_dYXZRmB<^q0Tf2&NMh%@7k>8HF#NQ9sOq`m1eee7b@wI?U$2Rr|2JQhf2Uh9SkH zEsKn&y!49Hv)y=#B>c;G>IstcRuGLuz7tl}X?po#-2SYHE&;>YJ0AT0IEm4SKR$j2=-X+adjf;1#!A? z1@sQO^7gzUfy|at9t?4+2kKZDG(*KXb7Kk^9A$l7OSx}ycgpcfUdfH0^$efW*=XgV zO>cN~umfV%&SwnzT1(cB7}CLSSaQ?MBYGIN0(pr@3N{^Hrw(oO1uop}aRfKMv>>C< zWQ`BfTL`;MRU}$JbLz|LX18$W?$GLTRvkW_6%pBpr+7>o24~-N@2EAk98Mr*UD1b< z!fC#=bcecf!&K5n!z=P}{V(agFTEY3ZrAmEyg-(8+(7g*uU_~xi#LsQ=bR6qdh%8j zuMsV~As5Za<35$bh}$a8Vc`K$w_)u&913MO#WI|)KdDZxb;$6HUwi=B+)05@-O|-o zhzev<>y(-rcz|h2C*mzKE_WQJ`f}S5QN%j7a>W+uW;mqfkkT4a?}bCGEGbamT~jXK z3gz7%R3JPW%!*6VrlX_AG?n9?bPJN?k`^8rGJe~heDZt}@9;^T`E?FzW9t_*aiWV} z{+8nWX)@ub9fQ>*UIC!w@)_oS!QZ$%ZTX(a6VfuOi0E0DHd9^6Bc(Q^4+yHJ z176||*H~?5zjK+OhJ2*B6`DfrWs=55&X9yf$ zs%fBg6F(x2+l?TvNOElawGw|wmW5JT-IMh!yrqV_dW^05)&;Hjy(_d{Ony14QBR`t zcw8w$-9B82S!(ay879k0G74se~ zP9V$Ukp?47E)grD0Ta~eVvF@bCYjdEaq_4ftr?ifTRNisqGt@8UALd1=IzMjoeX-n z6%!n4*weL|CQB!%lAUr`HKc2uf{bRz$0}<|V{hGKyLp)?wJIpe?TPxJ=vz7qZS}Vh zGqW$%{j&I=>%4hQb8yL#-Oo;O;_)K{6x@KUojnjbPU@c0>Y5fNpNxj( z$9zjr^($+4sFg}KQIXN| zzB6?LhL>iXn{2P*`WL?o&=e*l?yG8K#c+wV4J_uH6o$a@!x8ID`8%ab zX?21vA9kM?coB4T{Ko2Vl;4k5)6}Lmkm|Q-C_5BpL{IKdbyD>eJlFfK*UCr08RfJ0 zXb<|Z{7%kTvcCsa=bC?_C!Fe8n=zm4tQ^PXb#ExHeOp8VmF3LM%SyqX9>pKl%Mn>Z z4UHHOA{ddjZdm_KIa#1m>wb`v-dZV(4-P1-FdA%NgYx~MTuJ=b^CwbVO zd3nmIxd^5ty-vN;S*M*JL2rSl&7Wm3Eg&$j*RI>?UUGKjG&n*;E#oBSO-nSQUR^1z zPxfWj>yMemcW7;WMqJm_lx^v4t}^;f8bwO3Q1<{2mm-)b`U}g%!8|F`Vti9ocJD=5 zzP}YM9`nRx5>)8fGtTZV?67o;FE;ab5 z6rSgkRlSeMDhdCoNTwR5SWmMo6HC~=7{s@Fvp3K#KKGgL=9Zi@wH}dgW6bfRPH9zn z-BMP2ou!}0-%h|C(N>%H>s_KSGbX1L8Dzdsr5O9!LvLVe%2R#Kuc-jA?ccTt49F{` z*zY?-mUM~wvH?EC>v3M1SoSBW;x()E)nJh)Pmw%t@!Dh^swSVSC`-q@{wiu5Y{9@~ z^RyN!sFbO@WW$p@AskX6&AvIdir!9WSzcF*G6Z)FdG$GCWEZ+2Vy_@z|7 ze(@(adctW>{?PJal)6>))2k^;i3a)LAsy;4>s4yHOi0c49esu<$#<%2QNT1o0=ULS8r zZ@rnvS=sLAdzPq0#r!6}j3|L3w!nDA`Q!$VTX$$iNcrvGZcM)EpY&ts8>fa4#&MhCiho{hLqb9Ll+-B{PKK;OuG zWP3&rVhWRZQ<0=QzJWeE3HVH5yDL1*ZcPHj@YKkxmR`%}^+NK| zV}N>^?j;TaViofzTO zuA=elll?4fkQp%p?^~>q^V=yJwrz8cLRtH!N=3>9paj?Wg_5S=R>}M|V*|KdyeAcS zN&Cz~ZlhlHp0{p@tOq#)=_}MYALYbsb4fUp6#8y0PVj4!jhujysf^uOMD}+aLg^f` zU*qCMy!#OsAz<*Iaq;3Fbb(?2_t*1rMS`>}Y>^;!q_w?;oQpTmL>T)TDh>sTi9*Z( zARQMBwhI6h#*RWGQ5fLGy-EiQBi&s*&{jxy>>^rd7b{&P#sq|IF91P$NN)^wo{|f8 zFc|z}G`4#HlE?nW&UXi1bRBd6Sm@828UzdcKhgPX@Bh&GaZ&smpFgjY{}193|5Fw} z@wrG^KlAy|MHVYtth#_d^yLl&soGn+15E%wZnXgLg%ouF;2#|vfEf_GpvQ%_eiroK z<%}I-fw6FMvHf$w-!=P_VlI^ThhlW#fFHa-I$&V{_`*VTKsw@pAN)Z&Vt^lM^{1&n zwU+*`Q!m#1W!Hb->ZcqpXW@>#FguW*y))8XP{+mD0`ovkh0?Eqj=VUUeI01Oua zIoqQ=+|B;8*biC#vDjbyu)0CpBhi9#E>70}o!}3@0sR}npA_@Mf&Yczf1&e}aQ|ZS zyR;BkTd=qK?`(e9*1xj(r~m#7n}3(lpD_ySaQ`6n?*jT^tp7^sKR)yOf&R~wemWC2 zx>~?nb}sH1cPq5LD+VYg1cvfq0~@w2im`V=DPY4SuYv?b7%VI-CM*Jm zLxiCa?0a<=>;L{rTKbO&=#56&0EB@MQGoDY4-f{0ia>!jz&|h;42pI1iwB7M6N8Jw zuZK>xr*#UQ_)7Y_U7Y%o!gU-lIh6a58)fkl4d3=_L> z|G#sAi9>(E;NXkg_V;mc2=te8z(uhd`)eEqZDH?(L}N2A5TtAGi^S?2h|RDr*i3m5 zQh^`@%Ekrw!`%QNgaXin_bf2fB~-~ZEy4Y&kxguvHQ%p@*+qc KT#A}Xfd2tieau?` literal 0 HcmV?d00001 diff --git a/contrib/zkt/man/zkt-signer.8 b/contrib/zkt-1.1.2/man/zkt-signer.8 similarity index 94% rename from contrib/zkt/man/zkt-signer.8 rename to contrib/zkt-1.1.2/man/zkt-signer.8 index 06de826df8..d182c2b59a 100644 --- a/contrib/zkt/man/zkt-signer.8 +++ b/contrib/zkt-1.1.2/man/zkt-signer.8 @@ -1,4 +1,4 @@ -.TH zkt-signer 8 "Feb 2, 2010" "ZKT 1.0" "" +.TH zkt-signer 8 "Nov 27, 2010" "ZKT 1.1" "" \" turn off hyphenation .\" if n .nh .nh @@ -8,12 +8,14 @@ zkt-signer \(em Secure DNS zone signing tool .SH SYNOPSYS .na .B zkt-signer -.RB [ \-L|--logfile +.RB [ \-L .IR "file" ] -.RB [ \-V|--view +.RB [ \-V .IR "view" ] .RB [ \-c .IR "file" ] +.RB [ \-O +.IR "optstr" ] .RB [ \-fhnr ] .RB [ \-v .RB [ \-v ]] @@ -23,12 +25,14 @@ zkt-signer \(em Secure DNS zone signing tool .RI "" ... ] .br .B zkt-signer -.RB [ \-L|--logfile +.RB [ \-L .IR "file" ] -.RB [ \-V|--view +.RB [ \-V .IR "view" ] .RB [ \-c .IR "file" ] +.RB [ \-O +.IR "optstr" ] .RB [ \-fhnr ] .RB [ \-v .RB [ \-v ]] @@ -38,12 +42,14 @@ zkt-signer \(em Secure DNS zone signing tool .RI "" ... ] .br .B zkt-signer -.RB [ \-L|--logfile +.RB [ \-L .IR "file" ] -.RB [ \-V|--view +.RB [ \-V .IR "view" ] .RB [ \-c .IR "file" ] +.RB [ \-O +.IR "optstr" ] .RB [ \-fhnr ] .RB [ \-v .RB [ \-v ]] @@ -78,6 +84,7 @@ If you have a configuration file with views, you have to use option Alternately you could link the executable file to a second name like .I zkt-signer-viewname and use that command to specify the name of the view. +.br All master zone statements will be scanned for filenames ending with ".signed". These zones will be checked if the necessary zone- and key signing keys @@ -108,30 +115,22 @@ Every secure zone found in a subdirectory below will be signed. However, it is also possible to reduce the signing to those zones given as arguments. -.ig -In directory mode the pre-requisite is, that the directory name is -exactly (including the trailing dot) the same as the zone name. -.. -.PP -In the last form of the command, the functionality is more or less the same -as the -.I dnssec-signzone (8) -command. -The parameter specifies the zone file name and the option -.B \-o -takes the name of the zone. -.PP -If neither +.br +If +.B \-D +is ommitted (and neither .B \-N nor -.B \-D -nor -.B \-o -is given, then the default directory specified in the +.BI \-o origin +is specified) the default directory specified in the .I dnssec.conf file by the parameter .I zonedir will be used as top level directory. +.ig +In directory mode the pre-requisite is, that the directory name is +exactly (including the trailing dot) the same as the zone name. +.. .SH OPTIONS .TP @@ -262,7 +261,7 @@ files. .TP .fam C .B "zkt-signer \-\-config-option='ResignInterval 1d; Sigvalidity 28h; \e -.B ZSK_lifetime 2d;' \-v \-v \-o example.net. zone.db +.B ZSKlifetime 2d;' \-v \-v \-o example.net. zone.db .fam T .br Sign the example.net zone but override some config file values with parameters @@ -278,7 +277,7 @@ Besides the zone file .RI ( zone.db ), there is a signed zone file .RI ( zone.db.signed), -a minimum of four files containing the keying material, +a minimum of four files containing the key material, a file called .I dnskey.db with the current used keys, @@ -314,7 +313,7 @@ The filename is the name of the zone file with the extension .IR .signed . Create an empty file with the name -.IB zonefile .signed +.IB zone.db .signed in the zone directory. .TP Include the keyfile in the zone. @@ -354,7 +353,8 @@ must be formated, so that the serial number is on a single line and left justified in a field of at least 10 spaces! .if t \{\ .fam C -.fi 0 +.\"fi 0 +.nf @ IN SOA ns1.example.net. hostmaster.example.net. ( 60 ; Serial 43200 ; Refresh @@ -366,7 +366,7 @@ left justified in a field of at least 10 spaces! .\} If you use BIND version 9.4 or later and use the unixtime format for the serial number (which is the default since ZKT-1.0) -than this is not necessary. +this is not necessary. See also the parameter Serialformat in .IR dnssec.conf . .TP @@ -389,7 +389,7 @@ Then try to load the file on the name server. .SH ENVIRONMENT VARIABLES .TP ZKT_CONFFILE -Specifies the name of the default global configuration files. +Specifies the name of the default global configuration file. .SH FILES .TP diff --git a/contrib/zkt/man/zkt-signer.8.html b/contrib/zkt-1.1.2/man/zkt-signer.8.html similarity index 83% rename from contrib/zkt/man/zkt-signer.8.html rename to contrib/zkt-1.1.2/man/zkt-signer.8.html index 72dbd8657e..95e82e8817 100644 --- a/contrib/zkt/man/zkt-signer.8.html +++ b/contrib/zkt-1.1.2/man/zkt-signer.8.html @@ -1,5 +1,5 @@ - + @@ -45,21 +45,21 @@

zkt-signer -[−L|--logfile file] -[−V|--view view] [−c -file] [−fhnr] [−v +[−L file] [−V view] +[−c file] [−O +optstr] [−fhnr] [−v [−v]] −N named.conf [zone ...]
-zkt-signer [−L|--logfile file] -[−V|--view view] [−c -file] [−fhnr] [−v -[−v]] [−D directory] -[zone ...]
-zkt-signer [−L|--logfile file] -[−V|--view view] [−c -file] [−fhnr] [−v -[−v]] −o origin -[zonefile]

+zkt-signer [−L file] +[−V view] [−c file] +[−O optstr] [−fhnr] +[−v [−v]] [−D +directory] [zone ...]
+zkt-signer [−L file] +[−V view] [−c file] +[−O optstr] [−fhnr] +[−v [−v]] −o +origin [zonefile]

DESCRIPTION @@ -84,15 +84,16 @@ with views, you have to use option -V viewname or --view viewname to specify the name of the view. Alternately you could link the executable file to a second name like zkt-signer-viewname and use that command to specify -the name of the view. All master zone statements will be -scanned for filenames ending with ".signed". These -zones will be checked if the necessary zone- and key signing -keys are existent and fresh enough to be used in the signing -process. If one or more out-dated keys are found, new keying -material will be generated via the dnssec-keygen(8) -command and the old keys will be marked as depreciated. So -the command do anything needed for a zone key rollover as -defined by [2].

+the name of the view.
+All master zone statements will be scanned for filenames +ending with ".signed". These zones will be checked +if the necessary zone- and key signing keys are existent and +fresh enough to be used in the signing process. If one or +more out-dated keys are found, new keying material will be +generated via the dnssec-keygen(8) command and the +old keys will be marked as depreciated. So the command do +anything needed for a zone key rollover as defined by +[2].

If the resigning interval is reached or any new key must be @@ -107,19 +108,12 @@ form of the command it is possible to specify a directory tree with the option −D dir. Every secure zone found in a subdirectory below dir will be signed. However, it is also possible to reduce the signing -to those zones given as arguments.

- -

In the last -form of the command, the functionality is more or less the -same as the dnssec-signzone (8) command. The -parameter specifies the zone file name and the option -−o takes the name of the zone.

- -

If neither -−N nor −D nor −o is -given, then the default directory specified in the -dnssec.conf file by the parameter zonedir will -be used as top level directory.

+to those zones given as arguments.
+If −D is ommitted (and neither −N +nor −oorigin is specified) the default +directory specified in the dnssec.conf file by the +parameter zonedir will be used as top level +directory.

OPTIONS @@ -252,7 +246,7 @@ directory containing the example.net files.

−−config-option=’ResignInterval 1d; Sigvalidity 28h; \

-

ZSK_lifetime 2d;’ +

ZSKlifetime 2d;’ −v −v −o example.net. zone.db
Sign the example.net zone but override some config file values with parameters given on the commandline.

@@ -269,7 +263,7 @@ separate directory for every secure zone.

are many additional files needed to secure a zone. Besides the zone file (zone.db), there is a signed zone file (zone.db.signed), a minimum of four files containing -the keying material, a file called dnskey.db with the +the key material, a file called dnskey.db with the current used keys, and the dsset- and keyset-files created by the dnssec-signzone(8) command. So in summary there is a minimum of nine files used @@ -298,7 +292,7 @@ zonefile to the named.conf file

The filename is the name of the zone file with the extension .signed. Create an empty -file with the name zonefile.signed in the zone +file with the name zone.db.signed in the zone directory.

Include the keyfile in the diff --git a/contrib/zkt-1.1.2/man/zkt-signer.8.pdf b/contrib/zkt-1.1.2/man/zkt-signer.8.pdf new file mode 100644 index 0000000000000000000000000000000000000000..42fa33424b982540c6335efe937aad9cd76306dc GIT binary patch literal 12556 zcmch7Wn7e7_ckG264Ei0(lE>n4Bg$`&Cm>ubcvvdlG2TIN(urJ(jh4zARW?;Ai@it z=bYm?p7Z>kFYkZ8+%wm`_uAK9Ywfkxp1m1WC8gPc9Nd_U-P=()m=FLLz{%VWQ&5mo z5eBz*w*m0nAnKgbwhrzvR{*E9gPA)_5@z9K2@@8^baQuwnK@#5rS0g?xXwru_)qF6 zuEN^b&4|www0N|J^n2|lUsn?>7fXIbmc(T)6%|Dk1uCv$)m^e)b?;;dgvDDH97dyc zzl??51&z(EyJzk$eqhL=#n_L!Y?w;BvtsZy(EspAt|#;Exy5T*lMgCao-xZJ13C|u z9!Ia>_x2|dGbTGJFR|s|C+{gYne0gi7EZEn&3kvgC36YL9K7~jLIYzi)}oZ^w-(nZ zx-3HJk8~b<-Xf`f*DAJPn>1PzNjK%#B6!du(D87PFDK}}nDJea$bIjHZRIN&j%o85 z(Ba_;<9V$;SsR+i+xr%i5Oa3>hctC(xgo@U)%`Rk@6N9dyA_Ur-r^0ZwIj!xa`L&Q zY^%u?X=k>SFOz+~F23~AXX(CQ!&TAZL@NBkhJ`Y3j%MTy8|b{qzD2^+?+ST(rHM=(n~i!^&7S;=l;)>y4q`b zKA+~II;LpmnB{Gv{bR*SW===)M#WQ4feJ#3h=g6>3#OVkdnlUh-u^=VBh&jQ!HKTR zd3B#E8I9a`>>B;Zhv`0YG^TJMma6oz5#a?7yk4Moja1(puF0~sqXY{T(U2ex9?)qrR>rkfk zqC9ew45O>%rOR*U=c$uJ`qI!Lr(}ye(G$+AYTQV>?rBnX`tGSp6C83v(GlAhn^)AD zP7@DjJinOpeh9%68jO>7?ikH>llyrSmth;Hl#_1Nw_u$FmGGjQA{&!dbu@a zER1zPrkhH^RGKWUCuafB&T;RJaeK^oietC@dO3vJVO>s@dMs)zDa@t(I}S(j$H>U~ z$Qp;XuNd@7|LHCCin_fi_-Bwl=4RGMTk6@KJMBg`NRV);hWK?=C@+MYbsrF8M znlhu#MqLKPsFny#qL97wv=xE>Xbd14N${8>I?Q4of;`o#QS7NpB<7pX6KL8^wRU29 z3b^2!wG^dSk!z;w&^@7#17fvKz0v$=?CpUS9%{H-RmpMo~d@FB$Yz}32g^io4%S~At4`#nfYmR`7+QG`JKFzc;>ib zcUrY)Py+xN;VAYcExTVW?v)tftiKJOH}emB_oDueoy=VASSe;hQUc4lzq9Mat3u2- zOqEkE+jY55s6IC8BG(!mM3rx0G%O{d=BEi^CU{2dQGSmJR4>RukI=opPA5qh&7*QQ zmoTdxM<`y_Ggwfls)N@mXMPva7Chdz!fJ$A_qn3p|FN(%5=Lh3U9n13@9mv14Z5?` z;RlN1#SYb{6zrP85mhV_^^n4LJl#`l#jxbBPEx7_&JOyd;!4V)84N}$el*w9=2Fxn z?F?6QkEXe@8yIVFi8~DaJ`kVSaT2i4ivq+P5yPz8i^0f2PxH*#(o9=l#FBIkW^0** z2IK6%E0g}X-M~pQSEm=758wMrJRrByYSX!HLjCBIxqx{w@n;so(1L@HzA+uFl747S zOQ+zIIcz5KQ11=kgR@XX^v{|N-NlReEzy=46*bIP?f&<5RGByy^s@P$TB0^SGt8a( z9vSx-FEk36C>a42DE41?AQn_Rmvn)|-IY(?`p#9FCnWVX9EU#@TQ#myR&+%C$#M&_ z*$#m{N%%Js&G;Bj#dA{4l;~&9_AVcE9vrh$3Hq4!xg>HOwJ{(WA14g`jRkHhEnw}`K@8J6uFMrKL!VnQ3Qn$)-)j zk8usPi9Ne71lXh`bP8EjXvIIy$SJ#3?+@W?VhrX00;JWvNl6QziUXK?%E+R_Q;|HV zjn+J6q6Ls;hCk7bMLk10sp3$0cpona6p7G$cxvCaS#z9}N65BQuBa-wVi?NgIXD`u zNj8&PTR_0mdO2e9m|=(#?{gs=bPZYRDT@~fm|CjxUex=j zE{a;nRqpyV)4q!0yuPmYj5M-i9*MK&)1ec*UTTnKY!#LJhJ5mbitq`!thj>ZUFcwO z@B#puEqLDY(n_jG;~}HM^pGPxW=W`i`3&jgOKmNZd`GdlxvZ=3&=C&O;q6M>=;RC; z1xBq|QjKOR%{ecw=i|)Ym^P>u_5R;B;KMIdigzUqMJ&N!x#jF?W7Lx*nN63schWl)eYrLviOZ*jGe%&KP2o~rR6Hrjj}7% zI!Zqq*o;%J;#WPBi004xLT^dteM*f_Q9?1&GOHuRP%@HkD@GGf8bHYBoOrV zI81d9$}s%Gj9Umsz8=FnorYMZz;Wy^=aK_R-pKg833sW&gXLCIboSGiSxcFE3!g5? zk7ik;v6)J43q@mI;pT*Hc^lId+sX`Ly*#!iEd(LCn!`{%$Cv!f3M*b`VLYMR>84o} zxqiEMnHXE`la1Y!t(Y$GEXWuGd(O#;H`UD9I0}S|e;$*`M7qj`G=du;3ZqzO;TR{= z*&Hp-e9UKB$kYV+ps1@qgZoWdeGc2Gnkt5JfpM4qv-3VB3&c-7i--69m~j0@*~I{g zasiicp^V+why=Y09!^s`3h zB6i-?m9$rZDq~b^-de^O~D)8QJ!=a`6U2vfmZI&h14JJ?AGb#0*2uDu(_o^L??;Iv8FcCD zdG^vD;7l4qlTy1xgBhf_lLQ5f?m7&9t)GrBGauC9$MqZ6oSH<&i<;6iOF6Kwtb z=8s8BJyg|8yppj5%UHO#5wNPoL41xx2D$qxPSe(Fd>_^JeWfS-Hg6W{_v_JX z@Z;-nhG-`*J49K1Bfcyn2-FNeAJ=|4xJcty1-`sYzx4G!g?u3Jnxbj(I8U6>7*J!N zVl=EhgW7L9`^xWOKt<(L>{wr#J|_xY!75xytI z0l}hGwQ5g6$C7A%PB?@YyOZbku$qnp%|^@ z6HU9uVuD%HG^dker}n@PCTkH#HZ)`Qe%YOMS|0{}j%{l>R<;`{(gaC_dS;T?SL`(| z^FlM2nl(y8(jqh74WS_FI*F=0i4k4p2^U`rPKB2Qd|5sZgF_-xQ>(tahumA-^Q6QdRt+gVo8qP={Uu9XDxT0cqPLsbHo_LJJq+l8LVU=#TJ)B zB}i$W5|OLfsV|Iu46oaKHtTa5ezcQ^XQ#}WnBd2ktMoc5F1MI2^z0H`kP~G zeAO6-JE$6Ib!(_AFx2G9C^IjAj%xE|yrdZEemwwdRp0EO^TXPM>tK;b9_413>g z@_qgsz81H)@WJPFE3(K*_FAWfexA*`LgfC}Hdn|PCs(X+JV2 zl8|$Zxq8ug7taLnlxQ>SV{P1eUK72Vk&T^vn_d{< zs3*s7BH4ncGjQE-X;v4+R762KMUL_vMTXBXS}nuMb}De>348B@#2N;Yd*0En=K7m1 z*|6MLGhQ#SWg&iu41Abjv&M#aX|Yy@C!ptXN0hk);+^D{d4Z_VBq76N?qHlU0)+%z zfK|Du7{5?PCt(qoBBDvRJizjZo$nyUwP7yY6Kr6A2t(5rNt0!L2s3sLI*=@?7>Z@bS6Yixp(oT1H(T7JJM$MJyuxKCSgkbpmzK=!7OK~tFfPKL zq;Fx7hb!;B6uUjG=Wv;;$y{v&OkeSXpU~>$1_xyn7GJ2YR%I=lX6Zs*O1oS_1(!#H zHdmqIq$T>o{eFjbsB{ZQZ9xw`PWqG_P2ISmGrjl($>udrdyi^s2Jq6sWY!Z8(3#hh z`5Fp8X|Kt10xw>elS>dn-A!Lq;kuUU;L5iMfpILiw58}#%qWI;35#Y#n|$Zm0?T?_ zhJ3ht)+7}(sPtbaSU-IqN9v~W7|>f~{N{lj#;jGFPEOFYrG_lrUhViHPVe#<*c0hc zO$fY#(l<%k6F&l_uxu)dxJ2?n1n}4h^~_>c1=oZNhFj`U)xA=QGY)uH0boBAf`x0 zv-xE#sXdzS1vS-R;v(5Ie?=i^L&He1Fp>T@o;OSRxS*$#{D2NhNVANCh%6-HC}z9_b;z$-)W|YIxdqu#8mK#b((DMHjmeJ*qz&0(4FB!fR>dsAFo$*r_Ye+_^^2hl95FB4+Tdi|K@ zb9uz;UP06oa`C`5JJE)N-e{$uyY6$uj!2%T1TiSh)$5H236BNc^1P2sg1J%8SZ__UFMyuR)bTFZFewFY<Q{z)yuTK}EyFhv(Q) zVCJ}$&Onf}BeYkaLtuo%m>nZ9B3KM|c#9NWpz(gFs<(3|y|I=lb@EVe`_w>=bz1GP zs;bgxBc1ZHWs0YveF4fBM#7QEcfp;^RTY1jO^mHwj611?J&OtW*}T|J+>vIm!D z&u*L!`2zg_-%u=+(bZ6z)10SO(r~|A1IJ5JQsKRXP&;J6hFo#wyLh;(l@0Ni6c@;w zYu~N3*V#=xJYKB*--v2CfuDGG%1LF=l)T&@<{dgXSgz!v#27?z;Vrf)$EyZ&#rlpo zVt1Y*y=Ch!xjOpHT3(cf!x;1^l*}W*lf9k{tGP#%XPfhGFUAD182Xq=n!ZP44|}~> z3sG^R4-xy|@Y3QnO|5{_$*XW7AoXcjxg0c7wMD0cWWcc0OCpP{Rir;>TRF5Km3QUJxZW1|FcTg) zo4`8#@-BjLllMvH9q03K0VA)wGG!YbtopPk3{e)K@ll^D>mWGys!0qMDR(LXKd}~g zyG0Byu`tuzH%R#FG z4{mdJP?TwvpP(1DEECd=_3c)6(_ss;y(L(x4cB8tsl0q2w}FZ3(N6vVKHn}lXNEVi z8E!;ZVcL~Z^LeU4#w2cSZKV#cF$|Qc7Ff9WnLq~XD~<)~3vN7a5}&2$ePVQC@X!Pk zuS80UJKwZayQSVu;%qZOKm;M`6HKdsn)z~gWpNbe5eBiQabH&KMdXqSfj#NucAIUP zJ;Ml%o@qram7_EWwUOtnTcf6YJ6GCcfO1M#k9C#+tiNw;DrN7f`QJ&~+7;hEaS_j6 zgwPV^o`j{h2?9RsR(6ac49ey%zAdz{v((+cOWIY|DDpxhn9mZ*rz0IdgN;xQX`Q49 z5}V-M;D-S{MdW}@%2Hs1bkPU&aQXokpQ5p6g>UHu;wZo!WE{ZN32BWA`si2`vWh5f z>D-OWjNZ)+>Ac11(L4G3<3krHnkR4|4?38s78OGXpRAOM`#tWoZ;x-FL_xZ6x(R}8 z9ZyNdP~~ zMkK4L^mSE4VZ<(l)VkMlk)0BKcAG>`?~;}0tG)mAp=49^%z-e;xJV^-Q{C_he|mRo z1;X8WmJw>|_)*)8VAxC@wLs!y0DK6K#{Hh-EK47g+ehB#LZ1OcO5;(}<8vRjow=^-#hUc21=G_Uy8+6*uJl?MVagNu zcp4ZX3^{6CuQILJ%2B1`%JfD=?SsEOO^v>?w+FYp!tXr2KUBD@D)RjeLr@mdI9j@S zm=TTi)Bb~XTM4);7PoMgh!Pw<+*7vso@gw#g7C@lx7BT@{VkJ?P+yu~s>&bb;%!;U z4S|6FC@cAXIji92`d{~|0%0X}?s>(_CmPCY-<}?=x^3}vS}<>_C?DF& zOJA$3ziYQzYM=MRINa}9)zB8k92Le;x1ta$etCJ7$AaQ*)FJ-3U}#UhOziG(&?5rp zj`lW34bE2sXXfD?H2K%b*K_KVC%PeTjiQzV)``o@&!p&kvOmQZU{`py;m{_p$0e!F zs}OoX{1P{JM3HAZi)NQmz>%YxJ1)hjiAje0g_+0Ut7;?UC7x1Y*Vsx=2?Yr~6WROo z@%aWzT=VK|>BXf9-_4(N_y{Q1cl=hsbHlMz%EljUIl|{o)QoQ>Xq0yLNSW*DCIFR}3qk6zdQ#$lp zj(@C*W=IgykOFHTs!?&3m$k;_f~>8+jPEqC$jQ`j+hcsZR#o zd`S!G1{Y0nMQfwDSwxQSg@3yseV4raw9Tz=bV1i2>#$XYc;(rsmz~}?ofB(NAki>* z6(A<{c{wN#TuUdydUWDhgmB^=eV4X?dP|HMx7k{~FPI34P}RIQzmJOcWDLAH2c+qA zV`5$dV_s*y3IpdjR-=8ra)wGc*Dj43^o^rHC40q1O5tkoTNef8`3*bi)%GZDb z6*M`*f&&QTI8x`LQ+*ACs&X}&4+_0{c|O>SDU1{+EmyT{u8;*RDYhSzNu|vX!Z|7e z0|KRn9b7g_q1vM-?(vFR;M6Ol=~p-g&B8JD4MuaL83$B7I}UT2uRbT_(%mTv(cO)> zOBDEC!{mZJ2g@;M%N1$AzO38!sb!<2Fgtm%MTvXo)Kb;ejkla#>W-ELf-Yw)dM|z1AM`EAfTbTXT5^_Dm6g=iz_cb(ODFjJ0tHTjjdI>U zB`l)RPN(rw@(OF(>(0n!}$@bWVT$&$=g2h-jt1;nPeh(L}DRG zRG`9)Rr>w5#tpk;{Zjoy)>-2waW!`5{t{iz5%M>F?A*~k__#j@X2fQnh$svr+6ZZO9|;RWK!DZ&9B3O`l#lH{O zo9G8I4BJ%4lIFImjM4O{Na;D$rQ#Pq55cmoi*-CC)~|V3oqA?Dsbi*QK_M2zDW??& z34NE4JyQ&S;n2U7$IjzV-P#Q#Xbb*UKo>Y#BYX`4I}-0m;APp+AjD!F_KU2I#alr3 zsTRPf%P3Vy?S-ZK>X@PuaUTAq?GKS;cPWrr_gm&9FtewyrOsBL7bbaZlF(-$n}Wt- zn~emrGmn(K$qy5;9HR~6aZoLSr7VpCa0?w4DfPFb9#Q zKGnzJf4pIwljN1+#96-!>+qfPCPL=XCw8+{PYL_fC(!|k=W^Q=FQn~?aT zq0HmSwM7A?^*fG?v@`qp_AZrt5ZvO1nXcdlr3NIMbNGlYMTNMFasn}hQ7_^SY${o+ z5WhvZl5^b~Gg8xG^dxM(6x^mnd(v*gan=PSkie%qfFof1#vFJ-Mzz=#=bxivb#%_vsO|VY|dUBrq|?s zIt{`%H4$u*g8HI{Q>mo9=diU%U&GQYUQv-TM1bESHK%iuLIH@G#>VdwOI}7RU`Y{r z;G!wCVGKm9MYy6@a<~)3l8S)Z@p$sA?9uC><&AQen&k(^<$MQZivt#i@q2AbK5gAH zI!C=Ci|c_>s(s17)F?k{j~_J(5Xkp?jlvE3wMGH|FEvV;_6~f8hv@rW!5ehcNOHTd z9O3Eju7{JRhMR_{6r zthkglYBl!3ycOCFurg*1Mog$^a_%61Dt*f2x4{o>*oZcvK0(SSnWCkB-L9CZ$uR<^oZqCRcEPi*ZohG;gqI^4PQ##>qwQI6Sykv6PUb_ttnDC*v24}*h- zNBGz?cUzYzZh^{P^#pF6%DNWGJ$|EC-5}kNpiiEU!ue5SW`p^IJc`z_Tq1R0S);yk z_6|9nUEZQpXb0!x0ETBx`dbhqLfv&GJ`yo1OqJy)45{kti94nmy(l$kyn2mZ$46|-5(!uMHT?a4h*44;Vu{c}9Ths% zNL0=>Iwm}+jgNTH6UEYq_F>h&=>z;3aK9->DmRB|i$ES&6o0p2(p~$dVk2t!a_IP? z`G;OYTA$jx2B=h-sCE1LA-NKtaZi$Mj%A~}1X~hS*>LhwmTN-fS?+ysxfFUn*n~fke z6lzkZu@5Lm!Frm>zZ*9)r)Dz>{h*M7`)!_6SW3I%n7(}eHhPG@Q52BA{`y%0xfGTm zO~4#b*JJ1%HL~D{PF$5$O*Z(w2NCng7YnCh1d6Eeo{++wwWa0kuAY#)O&A`0LaPZD zq+RV6_cz^1#-|9(D=do$UzlaEF!5q-`#UsYn>)lbsqXu$)UZ9Qe92_T$VvouZ0>UF zSg#x*g{*vH^?Bgc5GAd?{Jgv?Zao?q&BGn(TzCk7t1sTlAYZCiZz3hWw{YNj*}~mc)s%($8hV5q`IiEyu^DO zYy;#07rv+c+(Q$)XN^pC`yP`!IFcml87cW$yKVk0so`D28A+7AiD+q&VZPHtvTE(& zZLb0+D5Me=G((MLeMmaC%#Jbkr)SK-1-)7gfFD>pJ`WOzAzJ{xrNPt}s)RYA!9=)eAMsc0TMxa6CE=EjQSJnY30 z=4S8=u3$6&g`>39DTx;-MH$Wi4Y`4AF#2WmB^g<9YDhSTU2rX~;ENZj6BxKC^MyHz zBjl=E%WTH&zJz#r3K0&^*(1X7oKU$o&+PAEib$j7|% zOJStcPbcBQ0aEoSRQF^Ct=#%vTtw5nnZ(+hUU+#xTHXH|sQ#^WLgP{45!%%i%5l^@ z&act;Hmcr6Umyqw`aSyoj@?{l)AV+RajKeG!#I^-mbPZ%PF?_m+sz_`4+4OKxs5P6 z)t%gLuC@WVZd$p*;O>Ci$gO?@!`z%aTrFU3H$qfhoh&q9?gpGUcjf?`nlLZ-n|{(x zH;sY6wZ6F$$0>31`=-Ae;P%u*9rFgdA^U^b{~;aT-^c!w&W}@=zwm+HG`c1B|6e`a zz<=O#yM6ze4>$M!9iKmJ^QV4(r0Spf{F%CMY<=TCfFJ(j2H;e%wR8g*VE)MCn85!$ zZk4Hy`C|_1m_~pbxgIxu0sh(kf1Tb<6Ek-+2Pf;_<^JJ9zx&Id1US{9m_G*KR0ncn z0&f+ie)AQG3H+g0PIX?)9~QsCxG;gg{RyJZhxtRpKRMuSoBtU69|is)<(IBM4ERge zKidDdQMrFQ{rhv&|EcRw4k~Wu2D@EpoSL?dFgJE_CkM;l*7Pli$teZDxshrMw+3+k zcCe`7VeWpr;&1H+{8Ixz-u~?JzxU&mw6(H=-K_hYg>G5)f&D?DMtI}^h`d?=G&)j}^ z{=dzZ`=>t+{~Nb|(DzS0|E4Ipo3(6f@sDgkzb(jr(bSK(|Eo{_0tqL zWs=fR1<2Sqxw*SpxY|0q1E3s02=h%!y1Aw8ZtDb>yh(6OlKk9UKrSGVoA>4k;)341 zS8}ra=U2kQ|A|Fjt}rW1E&vFK$@RwvzypDRAOI`CZy1n^hwFyZ?FRt=9Ru=m-7NpV zVqB2hDESwRi;oX{<1l~4xVUap)?YCY56?|h{0nw76P_Eh{1xNkg{(E+_>25BA``i3xv`2L=DinGgC41_XkB z#Xyi>_yHkYzl;Io`FRX?S2J4&nCne}0^roJ^?}{^AK<1=bGoUwZZjZ&Qx0zB1h`!Y zH-(yex$iD4pNVq7%)cT=w<+1p-OSbfhf@QAP#_qSkx@!T8uR}F DpT&>V literal 0 HcmV?d00001 diff --git a/contrib/zkt/misc.c b/contrib/zkt-1.1.2/misc.c similarity index 100% rename from contrib/zkt/misc.c rename to contrib/zkt-1.1.2/misc.c diff --git a/contrib/zkt/misc.h b/contrib/zkt-1.1.2/misc.h similarity index 100% rename from contrib/zkt/misc.h rename to contrib/zkt-1.1.2/misc.h diff --git a/contrib/zkt/ncparse.c b/contrib/zkt-1.1.2/ncparse.c similarity index 100% rename from contrib/zkt/ncparse.c rename to contrib/zkt-1.1.2/ncparse.c diff --git a/contrib/zkt/ncparse.h b/contrib/zkt-1.1.2/ncparse.h similarity index 100% rename from contrib/zkt/ncparse.h rename to contrib/zkt-1.1.2/ncparse.h diff --git a/contrib/zkt/nscomm.c b/contrib/zkt-1.1.2/nscomm.c similarity index 100% rename from contrib/zkt/nscomm.c rename to contrib/zkt-1.1.2/nscomm.c diff --git a/contrib/zkt/nscomm.h b/contrib/zkt-1.1.2/nscomm.h similarity index 100% rename from contrib/zkt/nscomm.h rename to contrib/zkt-1.1.2/nscomm.h diff --git a/contrib/zkt/rollover.c b/contrib/zkt-1.1.2/rollover.c similarity index 84% rename from contrib/zkt/rollover.c rename to contrib/zkt-1.1.2/rollover.c index 88d7e0f813..0899ec356d 100644 --- a/contrib/zkt/rollover.c +++ b/contrib/zkt-1.1.2/rollover.c @@ -62,40 +62,63 @@ ** local function definition *****************************************************************/ -static dki_t *genkey (dki_t **listp, const char *dir, const char *domain, int ksk, const zconf_t *conf, int status) +static dki_t *genkey (int addkey, dki_t **listp, const char *dir, const char *domain, int ksk, const zconf_t *conf, int status); + +/* generate the first (or primary) key (algorithm k_algo) */ +static dki_t *genfirstkey (dki_t **listp, const char *dir, const char *domain, int ksk, const zconf_t *conf, int status) +{ + return genkey (0, listp, dir, domain, ksk, conf, status); +} + +/* generate the additional (or second) key (algorithm k2_algo) */ +static dki_t *genaddkey (dki_t **listp, const char *dir, const char *domain, int ksk, const zconf_t *conf, int status) +{ + return genkey (1, listp, dir, domain, ksk, conf, status); +} + + +/* generate a DNSKEY key */ +static dki_t *genkey (int addkey, dki_t **listp, const char *dir, const char *domain, int ksk, const zconf_t *conf, int status) { dki_t *dkp; + int confalgo; + int algo; +#if 0 if ( listp == NULL || domain == NULL ) return NULL; +#else + assert ( listp != NULL ); + assert ( domain != NULL ); +#endif + + if ( addkey ) /* generating an additional key ? */ + confalgo = conf->k2_algo; + else + confalgo = conf->k_algo; + + algo = confalgo; +#if defined(BIND_VERSION) && BIND_VERSION >= 960 + if ( conf->nsec3 != NSEC3_OFF ) /* is nsec3 turned on ? */ + { + if ( confalgo == DK_ALGO_RSASHA1 ) + algo = DK_ALGO_NSEC3RSASHA1; + else if ( confalgo == DK_ALGO_DSA ) + algo = DK_ALGO_NSEC3DSA; + } +#endif if ( ksk ) - dkp = dki_new (dir, domain, DKI_KSK, conf->k_algo, conf->k_bits, conf->k_random, conf->k_life / DAYSEC); + dkp = dki_new (dir, domain, DKI_KSK, algo, conf->k_bits, conf->k_random, conf->k_life / DAYSEC); else - dkp = dki_new (dir, domain, DKI_ZSK, conf->k_algo, conf->z_bits, conf->z_random, conf->z_life / DAYSEC); - dki_add (listp, dkp); - dki_setstatus (dkp, status); - - return dkp; -} - -static dki_t *genkey2 (dki_t **listp, const char *dir, const char *domain, int ksk, const zconf_t *conf, int status) -{ - dki_t *dkp; - - if ( listp == NULL || domain == NULL ) - return NULL; - - if ( ksk ) - dkp = dki_new (dir, domain, DKI_KSK, conf->k2_algo, conf->k_bits, conf->k_random, conf->k_life / DAYSEC); - else - dkp = dki_new (dir, domain, DKI_ZSK, conf->k2_algo, conf->z_bits, conf->z_random, conf->z_life / DAYSEC); + dkp = dki_new (dir, domain, DKI_ZSK, algo, conf->z_bits, conf->z_random, conf->z_life / DAYSEC); dki_add (listp, dkp); dki_setstatus (dkp, status); return dkp; } +/* get expiration time */ static time_t get_exptime (dki_t *key, const zconf_t *z) { time_t exptime; @@ -257,7 +280,7 @@ static int kskrollover (dki_t *ksk, zone_t *zonelist, zone_t *zp) { verbmesg (2, z, "\t\tkskrollover: create new key signing key\n"); /* create a new key: this is phase one of a double signing key rollover */ - ksk = genkey (&zp->keys, zp->dir, zp->zone, DKI_KSK, z, DKI_ACTIVE); + ksk = genfirstkey (&zp->keys, zp->dir, zp->zone, DKI_KSK, z, DKI_ACTIVE); if ( ksk == NULL ) { lg_mesg (LG_ERROR, "\"%s\": unable to generate new ksk for double signing rollover", zp->zone); @@ -434,7 +457,7 @@ int ksk5011status (dki_t **listp, const char *dir, const char *domain, const zco verbmesg (1, z, "\tLifetime of Key Signing Key %d exceeded (%s): Starting rfc5011 rollover!\n", activekey->tag, str_delspace (age2str (dki_age (activekey, currtime)))); verbmesg (2, z, "\t\t=>Generating new standby key signing key\n"); - dkp = genkey (listp, dir, domain, DKI_KSK, z, DKI_PUBLISHED); /* gentime == now; lifetime = z->k_life; exp = 0 */ + dkp = genfirstkey (listp, dir, domain, DKI_KSK, z, DKI_PUBLISHED); /* gentime == now; lifetime = z->k_life; exp = 0 */ if ( !dkp ) { error ("\tcould not generate new standby KSK\n"); @@ -484,7 +507,7 @@ int kskstatus (zone_t *zonelist, zone_t *zp) if ( akey == NULL ) { verbmesg (1, z, "\tNo active KSK found: generate new one\n"); - akey = genkey (&zp->keys, zp->dir, zp->zone, DKI_KSK, z, DKI_ACTIVE); + akey = genfirstkey (&zp->keys, zp->dir, zp->zone, DKI_KSK, z, DKI_ACTIVE); if ( !akey ) { error ("\tcould not generate new KSK\n"); @@ -506,7 +529,7 @@ int kskstatus (zone_t *zonelist, zone_t *zp) if ( akey == NULL ) { verbmesg (1, z, "\tNo active KSK for additional algorithm found: generate new one\n"); - akey = genkey2 (&zp->keys, zp->dir, zp->zone, DKI_KSK, z, DKI_ACTIVE); + akey = genaddkey (&zp->keys, zp->dir, zp->zone, DKI_KSK, z, DKI_ACTIVE); if ( !akey ) { error ("\tcould not generate new KSK for additional algorithm\n"); @@ -584,8 +607,14 @@ int zskstatus (dki_t **listp, const char *dir, const char *domain, const zconf_t if ( akey == NULL && lifetime > 0 ) /* no active key found */ { verbmesg (1, z, "\tNo active ZSK found: generate new one\n"); - akey = genkey (listp, dir, domain, DKI_ZSK, z, DKI_ACTIVE); - lg_mesg (LG_INFO, "\"%s\": generated new ZSK %d", domain, akey->tag); + akey = genfirstkey (listp, dir, domain, DKI_ZSK, z, DKI_ACTIVE); + if ( !akey ) + { + error ("\tcould not generate new ZSK\n"); + lg_mesg (LG_ERROR, "\%s\": can't generate new ZSK", domain); + } + else + lg_mesg (LG_INFO, "\"%s\": generated new ZSK %d", domain, akey->tag); } else /* active key exist */ { @@ -626,29 +655,54 @@ int zskstatus (dki_t **listp, const char *dir, const char *domain, const zconf_t } } } - /* Should we add a new publish key? This is necessary if the active - * key will be expired at the next re-signing interval (The published - * time will be checked just before the active key will be removed. - * See above). - */ - nextkey = (dki_t *)dki_findalgo (*listp, DKI_ZSK, z->k_algo, 'p', 1); - if ( nextkey == NULL && lifetime > 0 && (akey == NULL || - dki_age (akey, currtime + z->resign) > lifetime - (OFFSET)) ) - { - keychange = 1; - verbmesg (1, z, "\tNew key for publishing needed\n"); - nextkey = genkey (listp, dir, domain, DKI_ZSK, z, DKI_PUB); - if ( nextkey ) + /* Should we add a new publish key? */ + nextkey = (dki_t *)dki_findalgo (*listp, DKI_ZSK, z->k_algo, 'p', 1); /* is there a published ZSK? */ +#if defined(ALLOW_ALWAYS_PREPUBLISH_ZSK) && ALLOW_ALWAYS_PREPUBLISH_ZSK + if ( z->z_always ) /* always add a pre-publish ZSK (patch from Hrant Dadivanyan) */ + { + if ( nextkey == NULL ) { - verbmesg (1, z, "\t\t->creating new key %d\n", nextkey->tag); - lg_mesg (LG_INFO, "\"%s\": new key %d generated for publishing", domain, nextkey->tag); + verbmesg (1, z, "\tNew key for pre-publishing needed\n"); + nextkey = genfirstkey (listp, dir, domain, DKI_ZSK, z, DKI_PUB); + if ( nextkey ) + { + keychange = 1; + verbmesg (1, z, "\t\t->creating new key %d\n", nextkey->tag); + lg_mesg (LG_INFO, "\"%s\": new key %d generated for pre-publishing", domain, nextkey->tag); + } + else + { + error ("\tcould not generate new ZSK: \"%s\"\n", dki_geterrstr()); + lg_mesg (LG_ERROR, "\"%s\": can't generate new ZSK: \"%s\"", + domain, dki_geterrstr()); + } } - else + } + else /* do we need a new ZSK ? */ +#endif + { + /* This is necessary if the active key will be expired at the + * next re-signing interval (The published time will be checked + * just before the active key will be removed. See above). + */ + if ( nextkey == NULL && lifetime > 0 && (akey == NULL || + dki_age (akey, currtime + z->resign) > lifetime - (OFFSET)) ) { - error ("\tcould not generate new ZSK: \"%s\"\n", dki_geterrstr()); - lg_mesg (LG_ERROR, "\"%s\": can't generate new ZSK: \"%s\"", - domain, dki_geterrstr()); + verbmesg (1, z, "\tNew ZSK for publishing needed\n"); + nextkey = genfirstkey (listp, dir, domain, DKI_ZSK, z, DKI_PUB); + if ( nextkey ) + { + keychange = 1; + verbmesg (1, z, "\t\t->creating new key %d\n", nextkey->tag); + lg_mesg (LG_INFO, "\"%s\": new zone signing key %d generated for publishing", domain, nextkey->tag); + } + else + { + error ("\tcould not generate new ZSK: \"%s\"\n", dki_geterrstr()); + lg_mesg (LG_ERROR, "\"%s\": can't generate new ZSK: \"%s\"", + domain, dki_geterrstr()); + } } } @@ -660,7 +714,7 @@ int zskstatus (dki_t **listp, const char *dir, const char *domain, const zconf_t if ( akey == NULL ) { verbmesg (1, z, "\tNo active ZSK for second algorithm found: generate new one\n"); - akey = genkey2 (listp, dir, domain, DKI_ZSK, z, DKI_ACTIVE); + akey = genaddkey (listp, dir, domain, DKI_ZSK, z, DKI_ACTIVE); if ( !akey ) { error ("\tcould not generate new ZSK for 2nd algorithm\n"); diff --git a/contrib/zkt/rollover.h b/contrib/zkt-1.1.2/rollover.h similarity index 96% rename from contrib/zkt/rollover.h rename to contrib/zkt-1.1.2/rollover.h index ef9c609433..9bd3c9097b 100644 --- a/contrib/zkt/rollover.h +++ b/contrib/zkt-1.1.2/rollover.h @@ -47,11 +47,7 @@ # define OFFSET ((int) (2.5 * MINSEC)) # define PARENT_PROPAGATION (5 * MINSEC) # define ADD_HOLD_DOWN (30 * DAYSEC) -#if 0 # define REMOVE_HOLD_DOWN (30 * DAYSEC) -#else -# define REMOVE_HOLD_DOWN (10 * DAYSEC) /* reduced for testiing purposes */ -#endif extern int ksk5011status (dki_t **listp, const char *dir, const char *domain, const zconf_t *z); extern int kskstatus (zone_t *zonelist, zone_t *zp); diff --git a/contrib/zkt/soaserial.c b/contrib/zkt-1.1.2/soaserial.c similarity index 75% rename from contrib/zkt/soaserial.c rename to contrib/zkt-1.1.2/soaserial.c index 0f6eb2196e..45e186f06b 100644 --- a/contrib/zkt/soaserial.c +++ b/contrib/zkt-1.1.2/soaserial.c @@ -44,7 +44,7 @@ # include # include #ifdef HAVE_CONFIG_H -# include +# include "config.h" #endif # include "config_zkt.h" # include "zconf.h" @@ -79,12 +79,15 @@ static const char *strfindstr (const char *str, const char *search); ** of at least 10 characters like this: ** 1 ; Serial ** +** Since ZKT 1.1.0 single line SOA records are also supported +** ****************************************************************/ int inc_serial (const char *fname, int use_unixtime) { FILE *fp; char buf[4095+1]; int error; + int serial_pos; /** since BIND 9.4, there is a dnssec-signzone option available for @@ -99,22 +102,32 @@ int inc_serial (const char *fname, int use_unixtime) return -1; /* read until the line matches the beginning of a soa record ... */ - while ( fgets (buf, sizeof buf, fp) && !is_soa_rr (buf) ) - ; + while ( fgets (buf, sizeof buf, fp) ) + { + dbg_val ("inc_serial() checking line for SOA RR \"%s\"\n", buf); + serial_pos = is_soa_rr (buf); + if ( serial_pos ) /* SOA record found ? */ + break; + } if ( feof (fp) ) { fclose (fp); return -2; } + dbg_val ("serial_pos = %d\n", serial_pos); + if (serial_pos > 1 ) /* if we found a single line SOA RR */ + fseek (fp, -(long)serial_pos, SEEK_CUR); /* go back to the beginning of the line */ error = inc_soa_serial (fp, use_unixtime); /* .. inc soa serial no ... */ + dbg_val ("inc_soa_serial() returns %d\n", error); - if ( fclose (fp) != 0 ) + if ( fclose (fp) != 0 ) /* close the zone file in any case */ return -5; return error; } +#if 0 /***************************************************************** ** check if line is the beginning of a SOA RR record, thus ** containing the string "IN .* SOA" and ends with a '(' @@ -126,17 +139,65 @@ static int is_soa_rr (const char *line) assert ( line != NULL ); - if ( (p = strfindstr (line, "IN")) && strfindstr (p+2, "SOA") ) /* line contains "IN" and "SOA" */ + /* line contains "IN" and "SOA" */ + if ( (p = strfindstr (line, "IN")) && strfindstr (p+2, "SOA") ) { p = line + strlen (line) - 1; while ( p > line && isspace (*p) ) p--; - if ( *p == '(' ) /* last character have to be a '(' to start a multi line record */ + if ( *p == '(' ) /* last character must be a '(' to start a multi line record */ return 1; } return 0; } +#else +/***************************************************************** +** +** check if line is the beginning of a SOA RR record, thus +** containing the string "IN .* SOA" and ends with a '(' +** (multiline record) or is a single line record. +** +** returns 1 if it is a multi line record (for compability to +** the old function) or the position of the serial number +** field counted from the end of the line +** +*****************************************************************/ +static int is_soa_rr (const char *line) +{ + const char *p; + const char *soa_p; + + assert ( line != NULL ); + + /* line contains "IN" and "SOA" ? */ + if ( (p = strfindstr (line, "IN")) && (soa_p = strfindstr (p+2, "SOA")) ) + { + int len = strlen (line); + + /* check for multiline record */ + p = line + len - 1; + while ( p > line && isspace (*p) ) + p--; + if ( *p == '(' ) /* last character must be a '(' to start a multi line record */ + return 1; + + /* line is single line record */ + p = soa_p + 3; /* start just behind the SOA string */ + dbg_val1 ("p = \"%s\"\n", p); + p += strspn (p, " \t"); /* skip white space */ + p += strcspn (p, " \t"); /* skip primary master */ + p += strspn (p, " \t"); /* skip white space */ + p += strcspn (p, " \t"); /* skip mail address */ + dbg_val1 ("p = \"%s\"\n", p); + + dbg_val1 ("is_soa_rr returns = %d\n", (line+len) - p); + return (line+len) - p; /* position of serial nr from the end of the line */ + } + + return 0; +} +#endif /***************************************************************** ** Find string 'search' in 'str' and ignore case in comparison. @@ -185,6 +246,7 @@ static ulong serialtime (time_t sec) ** inc_soa_serial (fp, use_unixtime) ** increment the soa serial number of the file 'fp' ** 'fp' must be opened "r+" +** returns 0 on success or a negative value in case of an error *****************************************************************/ static int inc_soa_serial (FILE *fp, int use_unixtime) { @@ -194,7 +256,7 @@ static int inc_soa_serial (FILE *fp, int use_unixtime) int digits; ulong today; - /* move forward until any non ws reached */ + /* move forward until any non ws is reached */ while ( (c = getc (fp)) != EOF && isspace (c) ) ; ungetc (c, fp); /* push back the last char */ @@ -223,7 +285,7 @@ static int inc_soa_serial (FILE *fp, int use_unixtime) fseek (fp, pos, SEEK_SET); /* go back to the beginning */ fprintf (fp, "%-*lu", digits, serial); /* write as many chars as before */ - return 1; /* yep! */ + return 0; /* yep! */ } /***************************************************************** @@ -256,9 +318,10 @@ main (int argc, char *argv[]) now = serialtime (now); printf ("now = %lu\n", now); - if ( (err = inc_serial (argv[1], 0)) <= 0 ) + if ( (err = inc_serial (argv[1], 0)) < 0 ) { - error ("can't change serial errno=%d\n", err); + fprintf (stderr, "can't change serial no: errno=%d %s\n", + err, inc_errstr (err)); exit (1); } diff --git a/contrib/zkt/soaserial.h b/contrib/zkt-1.1.2/soaserial.h similarity index 100% rename from contrib/zkt/soaserial.h rename to contrib/zkt-1.1.2/soaserial.h diff --git a/contrib/zkt/strlist.c b/contrib/zkt-1.1.2/strlist.c similarity index 100% rename from contrib/zkt/strlist.c rename to contrib/zkt-1.1.2/strlist.c diff --git a/contrib/zkt/strlist.h b/contrib/zkt-1.1.2/strlist.h similarity index 100% rename from contrib/zkt/strlist.h rename to contrib/zkt-1.1.2/strlist.h diff --git a/contrib/zkt/tags b/contrib/zkt-1.1.2/tags similarity index 94% rename from contrib/zkt/tags rename to contrib/zkt-1.1.2/tags index fa2d67aecf..f676c06ea3 100644 --- a/contrib/zkt/tags +++ b/contrib/zkt-1.1.2/tags @@ -21,10 +21,10 @@ ISDELIM zconf.c 70;" d file: ISTRUE zconf.c 66;" d file: KEYGEN_COMPMODE dki.c 231;" d file: KEYGEN_COMPMODE dki.c 233;" d file: -KEYSET_FILE_PFX zkt-signer.c 747;" d file: +KEYSET_FILE_PFX zkt-signer.c 748;" d file: KeyWords ncparse.c /^static struct KeyWords {$/;" s file: MAXFNAME log.c 98;" d file: -STRCONFIG_DELIMITER zconf.c 632;" d file: +STRCONFIG_DELIMITER zconf.c 677;" d file: TAINTEDCHARS misc.c 60;" d file: TOK_DELEGATION ncparse.c 59;" d file: TOK_DIR ncparse.c 49;" d file: @@ -70,6 +70,7 @@ create_parent_file zkt-keyman.c /^static int create_parent_file (const char *fna createkey zkt-keyman.c /^static void createkey (const char *keyname, const dki_t *list, const zconf_t *conf)$/;" f file: ctype_t zconf.c /^} ctype_t;$/;" t typeref:enum:__anon2 file: def zconf.c /^static zconf_t def = {$/;" v file: +desc zconf.c /^ const char *desc;$/;" m struct:__anon3 file: dirflag zkt-keyman.c /^static int dirflag = 0;$/;" v file: dirflag zkt-ls.c /^static int dirflag = 0;$/;" v file: dirname zkt-signer.c /^static const char *dirname = NULL;$/;" v file: @@ -105,6 +106,7 @@ dki_prt_comment dki.c /^int dki_prt_comment (const dki_t *dkp, FILE *fp)$/;" f dki_prt_dnskey dki.c /^int dki_prt_dnskey (const dki_t *dkp, FILE *fp)$/;" f dki_prt_dnskey_raw dki.c /^int dki_prt_dnskey_raw (const dki_t *dkp, FILE *fp)$/;" f dki_prt_dnskeyttl dki.c /^int dki_prt_dnskeyttl (const dki_t *dkp, FILE *fp, int ttl)$/;" f +dki_prt_managedkey dki.c /^int dki_prt_managedkey (const dki_t *dkp, FILE *fp)$/;" f dki_prt_trustedkey dki.c /^int dki_prt_trustedkey (const dki_t *dkp, FILE *fp)$/;" f dki_read dki.c /^dki_t *dki_read (const char *dirname, const char *filename)$/;" f dki_readdir dki.c /^int dki_readdir (const char *dir, dki_t **listp, int recursive)$/;" f @@ -159,8 +161,8 @@ extern tcap.c 31;" d file: extern tcap.c 33;" d file: extern zconf.c 61;" d file: extern zconf.c 63;" d file: -extern zfparse.c 58;" d file: -extern zfparse.c 60;" d file: +extern zfparse.c 51;" d file: +extern zfparse.c 53;" d file: extern zkt.c 49;" d file: extern zkt.c 51;" d file: extern zone.c 53;" d file: @@ -173,8 +175,9 @@ filesize misc.c /^size_t filesize (const char *name)$/;" f first zconf.c 74;" d file: force zkt-signer.c /^static int force = 0;$/;" v file: freeconfig zconf.c /^zconf_t *freeconfig (zconf_t *conf)$/;" f -genkey rollover.c /^static dki_t *genkey (dki_t **listp, const char *dir, const char *domain, int ksk, const zconf_t *conf, int status)$/;" f file: -genkey2 rollover.c /^static dki_t *genkey2 (dki_t **listp, const char *dir, const char *domain, int ksk, const zconf_t *conf, int status)$/;" f file: +genaddkey rollover.c /^static dki_t *genaddkey (dki_t **listp, const char *dir, const char *domain, int ksk, const zconf_t *conf, int status)$/;" f file: +genfirstkey rollover.c /^static dki_t *genfirstkey (dki_t **listp, const char *dir, const char *domain, int ksk, const zconf_t *conf, int status)$/;" f file: +genkey rollover.c /^static dki_t *genkey (int addkey, dki_t **listp, const char *dir, const char *domain, int ksk, const zconf_t *conf, int status)$/;" f file: gensalt misc.c /^int gensalt (char *salt, size_t saltsize, int saltbits, unsigned int seed)$/;" f get_exptime rollover.c /^static time_t get_exptime (dki_t *key, const zconf_t *z)$/;" f file: get_parent_phase rollover.c /^static int get_parent_phase (const char *file)$/;" f file: @@ -216,7 +219,7 @@ kskflag zkt-ls.c /^int kskflag = 1;$/;" v kskrollover rollover.c /^static int kskrollover (dki_t *ksk, zone_t *zonelist, zone_t *zp)$/;" f file: kskstatus rollover.c /^int kskstatus (zone_t *zonelist, zone_t *zp)$/;" f kw ncparse.c /^} kw[] = {$/;" v typeref:struct:KeyWords file: -label zconf.c /^ char *label; \/* the name of the paramter *\/$/;" m struct:__anon3 file: +label zconf.c /^ char *label; \/* the name of the parameter *\/$/;" m struct:__anon3 file: labellist zkt-keyman.c /^char *labellist = NULL;$/;" v labellist zkt-ls.c /^char *labellist = NULL;$/;" v last zconf.c 75;" d file: @@ -250,6 +253,7 @@ lifetimeflag zkt-ls.c /^int lifetimeflag = 0;$/;" v linkfile misc.c /^int linkfile (const char *fromfile, const char *tofile)$/;" f list_dnskey zkt.c /^static void list_dnskey (const dki_t **nodep, const VISIT which, int depth)$/;" f file: list_key zkt.c /^static void list_key (const dki_t **nodep, const VISIT which, int depth)$/;" f file: +list_managedkey zkt.c /^static void list_managedkey (const dki_t **nodep, const VISIT which, int depth)$/;" f file: list_trustedkey zkt.c /^static void list_trustedkey (const dki_t **nodep, const VISIT which, int depth)$/;" f file: ljustflag zkt-keyman.c /^int ljustflag = 0;$/;" v ljustflag zkt-ls.c /^int ljustflag = 0;$/;" v @@ -262,22 +266,22 @@ long_options zkt-conf.c /^static struct option long_options[] = {$/;" v typeref: long_options zkt-keyman.c /^static struct option long_options[] = {$/;" v typeref:struct:option file: long_options zkt-ls.c /^static struct option long_options[] = {$/;" v typeref:struct:option file: long_options zkt-signer.c /^static struct option long_options[] = {$/;" v typeref:struct:option file: -lopt_usage zkt-conf.c 306;" d file: -lopt_usage zkt-conf.c 309;" d file: +lopt_usage zkt-conf.c 319;" d file: +lopt_usage zkt-conf.c 322;" d file: lopt_usage zkt-keyman.c 334;" d file: lopt_usage zkt-keyman.c 337;" d file: -lopt_usage zkt-ls.c 314;" d file: -lopt_usage zkt-ls.c 317;" d file: -lopt_usage zkt-signer.c 341;" d file: -lopt_usage zkt-signer.c 344;" d file: -loptstr zkt-conf.c 307;" d file: -loptstr zkt-conf.c 310;" d file: +lopt_usage zkt-ls.c 325;" d file: +lopt_usage zkt-ls.c 328;" d file: +lopt_usage zkt-signer.c 342;" d file: +lopt_usage zkt-signer.c 345;" d file: +loptstr zkt-conf.c 320;" d file: +loptstr zkt-conf.c 323;" d file: loptstr zkt-keyman.c 335;" d file: loptstr zkt-keyman.c 338;" d file: -loptstr zkt-ls.c 315;" d file: -loptstr zkt-ls.c 318;" d file: -loptstr zkt-signer.c 342;" d file: -loptstr zkt-signer.c 345;" d file: +loptstr zkt-ls.c 326;" d file: +loptstr zkt-ls.c 329;" d file: +loptstr zkt-signer.c 343;" d file: +loptstr zkt-signer.c 346;" d file: main domaincmp.c /^main (int argc, char *argv[])$/;" f main log.c /^int main (int argc, char *argv[])$/;" f main misc.c /^main (int argc, char *argv[])$/;" f @@ -292,6 +296,7 @@ main zkt-keyman.c /^int main (int argc, char *argv[])$/;" f main zkt-ls.c /^int main (int argc, char *argv[])$/;" f main zkt-signer.c /^int main (int argc, char *const argv[])$/;" f main zkt-soaserial.c /^int main (int argc, char *argv[])$/;" f +managedkeyflag zkt-ls.c /^static int managedkeyflag = 0;$/;" v file: maxcolor tcap.c /^static int maxcolor;$/;" v file: name ncparse.c /^ char *name;$/;" m struct:KeyWords file: namedconf zkt-signer.c /^static const char *namedconf = NULL;$/;" v file: @@ -358,17 +363,17 @@ setglobalflags zkt-ls.c /^static void setglobalflags (zconf_t *config)$/;" f fil setminmax zfparse.c /^static void setminmax (long *pmin, long val, long *pmax)$/;" f file: short_options zkt-conf.c 73;" d file: short_options zkt-keyman.c 88;" d file: -short_options zkt-ls.c 92;" d file: -short_options zkt-ls.c 94;" d file: +short_options zkt-ls.c 93;" d file: +short_options zkt-ls.c 95;" d file: short_options zkt-signer.c 68;" d file: short_options zkt-signer.c 70;" d file: sign_zone zkt-signer.c /^static int sign_zone (const zone_t *zp)$/;" f file: skiplabel zfparse.c /^static const char *skiplabel (const char *s)$/;" f file: skipws zfparse.c /^static const char *skipws (const char *s)$/;" f file: -sopt_usage zkt-conf.c 304;" d file: +sopt_usage zkt-conf.c 317;" d file: sopt_usage zkt-keyman.c 332;" d file: -sopt_usage zkt-ls.c 312;" d file: -sopt_usage zkt-signer.c 339;" d file: +sopt_usage zkt-ls.c 323;" d file: +sopt_usage zkt-signer.c 340;" d file: splitpath misc.c /^const char *splitpath (char *path, size_t psize, const char *filename)$/;" f start_timer misc.c /^time_t start_timer ()$/;" f stop_timer misc.c /^time_t stop_timer (time_t start)$/;" f @@ -422,6 +427,7 @@ writekeyfile zkt-signer.c /^static int writekeyfile (const char *fname, const dk zconf_para_t zconf.c /^} zconf_para_t;$/;" t typeref:struct:__anon3 file: zkt_list_dnskeys zkt.c /^void zkt_list_dnskeys (const dki_t *data)$/;" f zkt_list_keys zkt.c /^void zkt_list_keys (const dki_t *data)$/;" f +zkt_list_managedkeys zkt.c /^void zkt_list_managedkeys (const dki_t *data)$/;" f zkt_list_trustedkeys zkt.c /^void zkt_list_trustedkeys (const dki_t *data)$/;" f zkt_search zkt.c /^const dki_t *zkt_search (const dki_t *data, int searchtag, const char *keyname)$/;" f zkt_setkeylifetime zkt.c /^void zkt_setkeylifetime (dki_t *data)$/;" f diff --git a/contrib/zkt/tcap.c b/contrib/zkt-1.1.2/tcap.c similarity index 100% rename from contrib/zkt/tcap.c rename to contrib/zkt-1.1.2/tcap.c diff --git a/contrib/zkt/tcap.h b/contrib/zkt-1.1.2/tcap.h similarity index 100% rename from contrib/zkt/tcap.h rename to contrib/zkt-1.1.2/tcap.h diff --git a/contrib/zkt/zconf.c b/contrib/zkt-1.1.2/zconf.c similarity index 85% rename from contrib/zkt/zconf.c rename to contrib/zkt-1.1.2/zconf.c index 25cdb18ddc..08d82dbd14 100644 --- a/contrib/zkt/zconf.c +++ b/contrib/zkt-1.1.2/zconf.c @@ -2,13 +2,13 @@ ** ** @(#) zconf.c -- configuration file parser for dnssec.conf ** -** Most of the code is from the SixXS Heartbeat Client +** The initial code of this module is from the SixXS Heartbeat Client ** written by Jeroen Massar ** ** New config types and many code changes by Holger Zuleger ** ** Copyright (c) Aug 2005, Jeroen Massar. -** Copyright (c) Aug 2005 - Apr 2010, Holger Zuleger. +** Copyright (c) Aug 2005 - Nov 2010, Holger Zuleger. ** All rights reserved. ** ** This software is open source. @@ -105,7 +105,7 @@ static zconf_t def = { RESIGN_INT, KEY_ALGO, ADDITIONAL_KEY_ALGO, KSK_LIFETIME, KSK_BITS, KSK_RANDOM, - ZSK_LIFETIME, ZSK_BITS, ZSK_RANDOM, + ZSK_LIFETIME, ZSK_BITS, ZSK_ALWAYS, ZSK_RANDOM, NSEC3_OFF, SALTLEN, NULL, /* viewname cmdline parameter */ 0, /* noexec cmdline parameter */ @@ -118,11 +118,12 @@ static zconf_t def = { }; typedef struct { - char *label; /* the name of the paramter */ + char *label; /* the name of the parameter */ short used_since; /* compability (from version; 0 == command line) */ short used_till; /* compability (to version) */ ctype_t type; /* the parameter type */ void *var; /* pointer to the parameter variable */ + const char *desc; const void *var2; /* pointer to a second parameter variable */ /* this is a ugly hack needed by cmpconfig () */ } zconf_para_t; @@ -136,12 +137,12 @@ static zconf_para_t confpara[] = { { "", first, 99, CONF_COMMENT, "dnssec-zkt options" }, { "", 100, last, CONF_COMMENT, "zkt-ls options" }, - { "ZoneDir", first, last, CONF_STRING, &def.zonedir }, - { "Recursive", first, last, CONF_BOOL, &def.recursive }, - { "PrintTime", first, last, CONF_BOOL, &def.printtime }, - { "PrintAge", first, last, CONF_BOOL, &def.printage }, - { "LeftJustify", first, last, CONF_BOOL, &def.ljust }, - { "lsColor", 100, last, CONF_STRING, &def.colorterm }, + { "ZoneDir", first, last, CONF_STRING, &def.zonedir, "default zone file directory (also used by zkt-signer)"}, + { "Recursive", first, last, CONF_BOOL, &def.recursive, "looking for keys down the directory tree?" }, + { "PrintTime", first, last, CONF_BOOL, &def.printtime, "print absolute key generation time?" }, + { "PrintAge", first, last, CONF_BOOL, &def.printage, "print relative key age?" }, + { "LeftJustify", first, last, CONF_BOOL, &def.ljust, "zone name is printed left justified?" }, + { "lsColor", 100, last, CONF_STRING, &def.colorterm, "terminal name (for coloring)" }, { "", first, last, CONF_COMMENT, NULL }, { "", first, last, CONF_COMMENT, "zone specific values" }, @@ -159,8 +160,8 @@ static zconf_para_t confpara[] = { { "", first, last, CONF_COMMENT, NULL }, { "", first, last, CONF_COMMENT, "signing key parameters"}, - { "Key_Algo", 99, 100, CONF_ALGO, &def.k_algo }, /* now used as general KEY algoritjm (KSK & ZSK) */ - { "KeyAlgo", 101, last, CONF_ALGO, &def.k_algo }, /* now used as general KEY algoritjm (KSK & ZSK) */ + { "Key_Algo", 99, 100, CONF_ALGO, &def.k_algo }, /* now used as general KEY algorithm (KSK & ZSK) */ + { "KeyAlgo", 101, last, CONF_ALGO, &def.k_algo }, /* now used as general KEY algorithm (KSK & ZSK) */ { "AddKey_Algo", 99, 100, CONF_ALGO, &def.k2_algo }, /* second key algorithm added (v0.99) */ { "AddKeyAlgo", 101, last, CONF_ALGO, &def.k2_algo }, /* second key algorithm added (v0.99) */ { "KSK_lifetime", first, 100, CONF_TIMEINT, &def.k_life }, @@ -176,10 +177,13 @@ static zconf_para_t confpara[] = { { "ZSK_algo", first, 98, CONF_ALGO, &def.k2_algo }, /* if someone using it already, map the algo to the additional key algorithm */ { "ZSK_bits", first, 100, CONF_INT, &def.z_bits }, { "ZSKbits", 101, last, CONF_INT, &def.z_bits }, +#if defined(ALLOW_ALWAYS_PREPUBLISH_ZSK) && ALLOW_ALWAYS_PREPUBLISH_ZSK + { "ZSKpermanent", 102, last, CONF_BOOL, &def.z_always, "Always add a pre-publish zone signing key?" }, +#endif { "ZSK_randfile", first, 100, CONF_STRING, &def.z_random }, { "ZSKrandfile", 101, last, CONF_STRING, &def.z_random }, { "NSEC3", 100, last, CONF_NSEC3, &def.nsec3 }, - { "SaltBits", 98, last, CONF_INT, &def.saltbits }, + { "SaltBits", 98, last, CONF_INT, &def.saltbits, }, { "", first, last, CONF_COMMENT, NULL }, { "", first, 99, CONF_COMMENT, "dnssec-signer options"}, @@ -199,15 +203,15 @@ static zconf_para_t confpara[] = { { "DLV_Domain", first, 100, CONF_STRING, &def.lookaside }, { "DLVdomain", 101, last, CONF_STRING, &def.lookaside }, { "Sig_Randfile", first, 100, CONF_STRING, &def.sig_random }, - { "SigRandfile", 101, last, CONF_STRING, &def.sig_random }, + { "SigRandfile", 101, last, CONF_STRING, &def.sig_random, "a file containing random data" }, { "Sig_Pseudorand", first, 100, CONF_BOOL, &def.sig_pseudo }, - { "SigPseudorand", 101, last, CONF_BOOL, &def.sig_pseudo }, + { "SigPseudorand", 101, last, CONF_BOOL, &def.sig_pseudo, "use pseudorandom data (faster but less secure)?" }, { "Sig_GenerateDS", first, 100, CONF_BOOL, &def.sig_gends }, - { "SigGenerateDS", 101, last, CONF_BOOL, &def.sig_gends }, + { "SigGenerateDS", 101, last, CONF_BOOL, &def.sig_gends, "update DS records based on child zone\' dsset-* files?" }, { "Sig_DnsKeyKSK", 99, 100, CONF_BOOL, &def.sig_dnskeyksk }, - { "SigDnsKeyKSK", 101, last, CONF_BOOL, &def.sig_dnskeyksk }, + { "SigDnsKeyKSK", 101, last, CONF_BOOL, &def.sig_dnskeyksk, "sign dns keyset with ksk only?" }, { "Sig_Parameter", first, 100, CONF_STRING, &def.sig_param }, - { "SigParameter", 101, last, CONF_STRING, &def.sig_param }, + { "SigParameter", 101, last, CONF_STRING, &def.sig_param, "additional dnssec-signzone parameter (if any)" }, { "Distribute_Cmd", 97, 100, CONF_STRING, &def.dist_cmd }, { "DistributeCmd", 101, last, CONF_STRING, &def.dist_cmd }, { "NamedChrootDir", 99, last, CONF_STRING, &def.chroot_dir }, @@ -249,7 +253,9 @@ static void set_all_varptr (zconf_t *cp, const zconf_t *cp2) set_varptr ("resigninterval", &cp->resign, cp2 ? &cp2->resign: NULL); set_varptr ("sigvalidity", &cp->sigvalidity, cp2 ? &cp2->sigvalidity: NULL); set_varptr ("max_ttl", &cp->max_ttl, cp2 ? &cp2->max_ttl: NULL); + set_varptr ("maximumttl", &cp->max_ttl, cp2 ? &cp2->max_ttl: NULL); set_varptr ("key_ttl", &cp->key_ttl, cp2 ? &cp2->key_ttl: NULL); + set_varptr ("dnskeyttl", &cp->key_ttl, cp2 ? &cp2->key_ttl: NULL); set_varptr ("propagation", &cp->proptime, cp2 ? &cp2->proptime: NULL); #if defined (DEF_TTL) set_varptr ("def_ttl", &cp->def_ttl, cp2 ? &cp2->def_ttl: NULLl); @@ -257,17 +263,28 @@ static void set_all_varptr (zconf_t *cp, const zconf_t *cp2) set_varptr ("serialformat", &cp->serialform, cp2 ? &cp2->serialform: NULL); set_varptr ("key_algo", &cp->k_algo, cp2 ? &cp2->k_algo: NULL); + set_varptr ("keyalgo", &cp->k_algo, cp2 ? &cp2->k_algo: NULL); set_varptr ("addkey_algo", &cp->k2_algo, cp2 ? &cp2->k2_algo: NULL); + set_varptr ("addkeyalgo", &cp->k2_algo, cp2 ? &cp2->k2_algo: NULL); set_varptr ("ksk_lifetime", &cp->k_life, cp2 ? &cp2->k_life: NULL); + set_varptr ("ksklifetime", &cp->k_life, cp2 ? &cp2->k_life: NULL); set_varptr ("ksk_algo", &cp->k_algo, cp2 ? &cp2->k_algo: NULL); /* used only in compability mode */ set_varptr ("ksk_bits", &cp->k_bits, cp2 ? &cp2->k_bits: NULL); + set_varptr ("kskbits", &cp->k_bits, cp2 ? &cp2->k_bits: NULL); set_varptr ("ksk_randfile", &cp->k_random, cp2 ? &cp2->k_random: NULL); + set_varptr ("kskrandfile", &cp->k_random, cp2 ? &cp2->k_random: NULL); set_varptr ("zsk_lifetime", &cp->z_life, cp2 ? &cp2->z_life: NULL); + set_varptr ("zsklifetime", &cp->z_life, cp2 ? &cp2->z_life: NULL); // set_varptr ("zsk_algo", &cp->z_algo, cp2 ? &cp2->z_algo: NULL); set_varptr ("zsk_algo", &cp->k2_algo, cp2 ? &cp2->k2_algo: NULL); set_varptr ("zsk_bits", &cp->z_bits, cp2 ? &cp2->z_bits: NULL); + set_varptr ("zskbits", &cp->z_bits, cp2 ? &cp2->z_bits: NULL); +#if defined(ALLOW_ALWAYS_PREPUBLISH_ZSK) && ALLOW_ALWAYS_PREPUBLISH_ZSK + set_varptr ("zskpermanent", &cp->z_always, cp2 ? &cp2->z_always: NULL); +#endif set_varptr ("zsk_randfile", &cp->z_random, cp2 ? &cp2->z_random: NULL); + set_varptr ("zskrandfile", &cp->z_random, cp2 ? &cp2->z_random: NULL); set_varptr ("nsec3", &cp->nsec3, cp2 ? &cp2->nsec3: NULL); set_varptr ("saltbits", &cp->saltbits, cp2 ? &cp2->saltbits: NULL); @@ -284,12 +301,19 @@ static void set_all_varptr (zconf_t *cp, const zconf_t *cp2) set_varptr ("zonefile", &cp->zonefile, cp2 ? &cp2->zonefile: NULL); set_varptr ("keysetdir", &cp->keysetdir, cp2 ? &cp2->keysetdir: NULL); set_varptr ("dlv_domain", &cp->lookaside, cp2 ? &cp2->lookaside: NULL); + set_varptr ("dlvdomain", &cp->lookaside, cp2 ? &cp2->lookaside: NULL); set_varptr ("sig_randfile", &cp->sig_random, cp2 ? &cp2->sig_random: NULL); + set_varptr ("sigrandfile", &cp->sig_random, cp2 ? &cp2->sig_random: NULL); set_varptr ("sig_pseudorand", &cp->sig_pseudo, cp2 ? &cp2->sig_pseudo: NULL); + set_varptr ("sigpseudorand", &cp->sig_pseudo, cp2 ? &cp2->sig_pseudo: NULL); set_varptr ("sig_generateds", &cp->sig_gends, cp2 ? &cp2->sig_gends: NULL); + set_varptr ("siggenerateds", &cp->sig_gends, cp2 ? &cp2->sig_gends: NULL); set_varptr ("sig_dnskeyksk", &cp->sig_dnskeyksk, cp2 ? &cp2->sig_dnskeyksk: NULL); + set_varptr ("sigdnskeyksk", &cp->sig_dnskeyksk, cp2 ? &cp2->sig_dnskeyksk: NULL); set_varptr ("sig_parameter", &cp->sig_param, cp2 ? &cp2->sig_param: NULL); + set_varptr ("sigparameter", &cp->sig_param, cp2 ? &cp2->sig_param: NULL); set_varptr ("distribute_cmd", &cp->dist_cmd, cp2 ? &cp2->dist_cmd: NULL); + set_varptr ("distributecmd", &cp->dist_cmd, cp2 ? &cp2->dist_cmd: NULL); set_varptr ("namedchrootdir", &cp->chroot_dir, cp2 ? &cp2->chroot_dir: NULL); } @@ -422,7 +446,7 @@ static void parseconfigline (char *buf, unsigned int line, zconf_t *z) *((int *)c->var) = DK_ALGO_RSASHA256; else if ( strcmp (val, "10") == 0 || strcasecmp (val, "rsasha5") == 0 || - strcasecmp (val, "rsasha212") == 0 || + strcasecmp (val, "rsasha512") == 0 || strcasecmp (val, "nsec3rsasha5") == 0 || strcasecmp (val, "n3rsasha5") == 0 || strcasecmp (val, "nsec3rsasha512") == 0 || @@ -471,21 +495,24 @@ static void printconfigline (FILE *fp, zconf_para_t *cp) { int i; long lval; + int printnl; assert (fp != NULL); assert (cp != NULL); + printnl = 0; switch ( cp->type ) { case CONF_VERSION: - fprintf (fp, "#\tZKT config file for version %d.%02d\n", - compversion / 100, compversion % 100); + fprintf (fp, "#\tZKT config file for version %d.%d.%d\n", + compversion / 100, + (compversion / 10 ) % 10, + compversion % 10); break; case CONF_COMMENT: if ( cp->var ) - fprintf (fp, "# %s\n", (char *)cp->var); - else - fprintf (fp, "\n"); + fprintf (fp, "# %s", (char *)cp->var); + printnl = 1; break; case CONF_LEVEL: case CONF_FACILITY: @@ -498,25 +525,30 @@ static void printconfigline (FILE *fp, zconf_para_t *cp) fprintf (fp, "%s:\t", cp->label); for ( p = *(char **)cp->var; *p; p++ ) putc (toupper (*p), fp); - fprintf (fp, "\n"); + // fprintf (fp, "\n"); } else fprintf (fp, "%s:\tNONE", cp->label); } + if ( cp->type == CONF_LEVEL ) + fprintf (fp, "\t\t# (NONE|DEBUG|INFO|NOTICE|WARNING|ERROR|FATAL)\n"); + else + fprintf (fp, "\t\t# (NONE|USER|DAEMON|LOCAL[0-7])\n"); break; case CONF_STRING: if ( *(char **)cp->var ) - fprintf (fp, "%s:\t\"%s\"\n", cp->label, *(char **)cp->var); + printnl = fprintf (fp, "%s:\t\"%s\"", cp->label, *(char **)cp->var); break; case CONF_BOOL: - fprintf (fp, "%s:\t%s\n", cp->label, bool2str ( *(int*)cp->var )); + fprintf (fp, "%s:\t%s", cp->label, bool2str ( *(int*)cp->var )); + printnl = 1; break; case CONF_TIMEINT: lval = *(ulong*)cp->var; /* in that case it should be of type ulong */ fprintf (fp, "%s:\t%s", cp->label, timeint2str (lval)); if ( lval ) fprintf (fp, "\t\t# (%ld seconds)", lval); - putc ('\n', fp); + printnl = 1; break; case CONF_ALGO: i = *(int*)cp->var; @@ -545,12 +577,25 @@ static void printconfigline (FILE *fp, zconf_para_t *cp) fprintf (fp, "\t\t# (On|Off|OptOut)\n"); break; case CONF_INT: - fprintf (fp, "%s:\t%d\n", cp->label, *(int *)cp->var); + fprintf (fp, "%s:\t%d", cp->label, *(int *)cp->var); + printnl = 1; break; case CONF_END: /* NOTREACHED */ break; } + if ( printnl ) + { + if ( cp->desc ) + { + if ( printnl < 20 ) + putc ('\t', fp); + fprintf (fp, "\t# %s\n", cp->desc); + } + else + putc ('\n', fp); + + } } /***************************************************************** @@ -826,6 +871,16 @@ int printconfigdiff (const char *fname, const zconf_t *ref, const zconf_t *z) if ( iscmdline (cp) ) /* skip command line parameter */ continue; + if ( !iscompatible (cp) ) /* is parameter compatible to current version? */ + continue; + + if ( cp->type == CONF_VERSION || cp->type == CONF_END || cp->type == CONF_COMMENT ) + continue; + + dbg_val5 ("printconfigdiff: %d: %s %d %d %d\n", cp->type, cp->label, + compversion, cp->used_since, cp->used_till); + assert ( cp->var2 != NULL ); + switch ( cp->type ) { case CONF_VERSION: @@ -884,11 +939,17 @@ int checkconfig (const zconf_t *z) max_ttl = z->sigvalidity; ret = 0; - if ( strcmp (z->k_random, "/dev/urandom") == 0 ) + if ( z->k_random && strcmp (z->k_random, "/dev/urandom") == 0 ) ret = fprintf (stderr, "random device without enough entropie used for KSK generation \n"); - if ( strcmp (z->z_random, "/dev/urandom") == 0 ) + if ( z->z_random && strcmp (z->z_random, "/dev/urandom") == 0 ) ret = fprintf (stderr, "random device without enough entropie used for ZSK generation\n"); + if ( z->k_bits < 512 || z->z_bits < 512 ) + ret = fprintf (stderr, "Algorithm requires a bit size of at least 512 \n"); + + if ( z->k_algo == DK_ALGO_RSASHA512 && ( z->k_bits < 1024 || z->z_bits < 1024 ) ) + ret = fprintf (stderr, "Algorithm RSASHA 512 requires a bit size of at least 1024 \n"); + if ( z->saltbits < 4 ) ret = fprintf (stderr, "Saltlength must be at least 4 bits\n"); if ( z->saltbits > 128 ) @@ -910,7 +971,7 @@ int checkconfig (const zconf_t *z) } else if ( max_ttl > z->sigvalidity/2 ) - ret = fprintf (stderr, "Max TTL (%ld) should be less or equal signature validity (%ld)\n", + ret = fprintf (stderr, "Max TTL (%ld) should be a few times smaller than the signature validity (%ld)\n", max_ttl, z->sigvalidity); // if ( z->resign > (z->sigvalidity*5/6) - (max_ttl + z->proptime) ) @@ -927,7 +988,7 @@ int checkconfig (const zconf_t *z) ret = fprintf (stderr, "signature lifetime (%ld) (%s)\n", z->sigvalidity, timeint2str(z->sigvalidity - max_ttl)); } - if ( z->z_life > (12 * WEEKSEC) * (z->z_bits / 512.) ) + if ( z->z_life > (24 * WEEKSEC) * (z->z_bits / 512.) ) { fprintf (stderr, "Lifetime of zone signing key (%s) ", timeint2str (z->z_life)); fprintf (stderr, "seems a little bit high "); @@ -939,7 +1000,7 @@ int checkconfig (const zconf_t *z) fprintf (stderr, "Lifetime of key signing key (%s) ", timeint2str (z->k_life)); ret = fprintf (stderr, "should be greater than lifetime of zsk\n"); } - if ( z->k_life > 0 && z->k_life > (26 * WEEKSEC) * (z->k_bits / 512.) ) + if ( z->k_life > 0 && z->k_life > (52 * WEEKSEC) * (z->k_bits / 512.) ) { fprintf (stderr, "Lifetime of key signing key (%s) ", timeint2str (z->k_life)); fprintf (stderr, "seems a little bit high "); diff --git a/contrib/zkt/zconf.h b/contrib/zkt-1.1.2/zconf.h similarity index 94% rename from contrib/zkt/zconf.h rename to contrib/zkt-1.1.2/zconf.h index f35d8f7543..09ed0abce9 100644 --- a/contrib/zkt/zconf.h +++ b/contrib/zkt-1.1.2/zconf.h @@ -49,7 +49,7 @@ # define MONTH (DAY * 30) # define YEAR (DAY * 365) -# define SIG_VALID_DAYS (10) /* or 3 Weeks ? */ +# define SIG_VALID_DAYS (21) /* 3 Weeks */ # define SIG_VALIDITY (SIG_VALID_DAYS * DAYSEC) # define MAX_TTL ( 8 * HOURSEC) /* default value of maximum ttl time */ # define KEY_TTL ( 4 * HOURSEC) /* default value of KEY TTL */ @@ -60,35 +60,36 @@ #endif # define RESIGN_INT ((SIG_VALID_DAYS - (SIG_VALID_DAYS / 3)) * DAYSEC) -# define KSK_LIFETIME (1 * YEARSEC) -#if 0 +# define KSK_LIFETIME (2 * YEARSEC) +#if 1 # define ZSK_LIFETIME ((SIG_VALID_DAYS * 3) * DAYSEC) /* set to three times the sig validity */ #else -# if 0 -# define ZSK_LIFETIME ((MONTH * 3) * DAYSEC) /* set fixed to 3 month */ -# else -# define ZSK_LIFETIME (12 * WEEKSEC) /* set fixed to 3 month */ -# endif +# define ZSK_LIFETIME (12 * WEEKSEC) /* set fixed to 3 month */ #endif /* # define KSK_ALGO (DK_ALGO_RSASHA1) KSK_ALGO renamed to KEY_ALGO (v0.99) */ # define KEY_ALGO (DK_ALGO_RSASHA1) /* general KEY_ALGO used for both ksk and zsk */ # define ADDITIONAL_KEY_ALGO 0 # define KSK_BITS (1300) -# define KSK_RANDOM "/dev/urandom" /* was NULL before v0.94 */ +# define KSK_RANDOM NULL /* # define ZSK_ALGO (DK_ALGO_RSASHA1) ZSK_ALGO has to be the same as KSK, so this is no longer used (v0.99) */ # define ZSK_BITS (512) +# define ZSK_ALWAYS 0 # define ZSK_RANDOM "/dev/urandom" # define NSEC3 0 /* by default nsec3 is off */ # define SALTLEN 24 /* salt length in bits (resolution is 4 bits)*/ +#if 0 # define ZONEDIR "." +#else +# define ZONEDIR CONFIG_PATH +#endif # define RECURSIVE 0 # define PRINTTIME 1 # define PRINTAGE 0 # define LJUST 0 # define LSCOLORTERM NULL /* or "" */ -# define KEYSETDIR NULL /* keysets */ +# define KEYSETDIR ".." /* keysets */ # define LOGFILE "" # define LOGLEVEL "error" # define LOGDOMAINDIR "" @@ -162,6 +163,7 @@ typedef struct zconf { long z_life; /* int z_algo; no longer used; renamed to k2_algo (v0.99) */ int z_bits; + int z_always; /* always pre-publish zsk ? */ char *z_random; nsec3_t nsec3; /* 0 == off; 1 == on; 2 == on with optout */ int saltbits; diff --git a/contrib/zkt/zfparse.c b/contrib/zkt-1.1.2/zfparse.c similarity index 96% rename from contrib/zkt/zfparse.c rename to contrib/zkt-1.1.2/zfparse.c index 07d966ff80..2905691f33 100644 --- a/contrib/zkt/zfparse.c +++ b/contrib/zkt-1.1.2/zfparse.c @@ -40,19 +40,12 @@ # include /* for link(), unlink() */ # include # include -#if 0 -# include -# include -# include -# include -# include -# include -#endif #ifdef HAVE_CONFIG_H # include #endif # include "config_zkt.h" # include "zconf.h" +# include "misc.h" # include "log.h" # include "debug.h" #define extern @@ -184,7 +177,10 @@ int parsezonefile (const char *file, long *pminttl, long *pmaxttl, const char *k dbg_val4 ("parsezonefile (\"%s\", %ld, %ld, \"%s\")\n", file, *pminttl, *pmaxttl, keydbfile); if ( (infp = fopen (file, "r")) == NULL ) + { + error ("parsezonefile: couldn't open file \"%s\" for input\n", file); return -1; + } lnr = 0; keydbfilefound = 0; @@ -220,7 +216,11 @@ int parsezonefile (const char *file, long *pminttl, long *pmaxttl, const char *k if ( keydbfile && strcmp (fname, keydbfile) == 0 ) keydbfilefound = 1; else - keydbfilefound = parsezonefile (fname, pminttl, pmaxttl, keydbfile); + { + int ret = parsezonefile (fname, pminttl, pmaxttl, keydbfile); + if ( ret ) /* keydb found or read error ? */ + keydbfilefound = ret; + } } } else if ( !isspace (*p) ) /* label ? */ diff --git a/contrib/zkt/zfparse.h b/contrib/zkt-1.1.2/zfparse.h similarity index 100% rename from contrib/zkt/zfparse.h rename to contrib/zkt-1.1.2/zfparse.h diff --git a/contrib/zkt/zkt-conf.c b/contrib/zkt-1.1.2/zkt-conf.c similarity index 91% rename from contrib/zkt/zkt-conf.c rename to contrib/zkt-1.1.2/zkt-conf.c index 82a1c33e25..cc03201750 100644 --- a/contrib/zkt/zkt-conf.c +++ b/contrib/zkt-1.1.2/zkt-conf.c @@ -99,8 +99,9 @@ int main (int argc, char *argv[]) int c; int opt_index; int action; - int major; - int minor; + int major = 0; + int minor = 0; + int revision = 0; const char *file; const char *defconfname = NULL; const char *confname = NULL; @@ -115,7 +116,7 @@ int main (int argc, char *argv[]) view = getnameappendix (progname, "zkt-conf"); defconfname = getdefconfname (view); - dbg_val0 ("Load built in config \"%s\"\n"); + dbg_val0 ("Load built in config\n"); config = loadconfig ("", (zconf_t *)NULL); /* load built in config */ if ( fileexist (defconfname) ) /* load default config file */ @@ -130,7 +131,18 @@ int main (int argc, char *argv[]) opterr = 0; opt_index = 0; action = 0; - setconfigversion (100); + + /* set current config version based on ZKT version */ + switch ( sscanf (ZKT_VERSION, "%d.%d.%d", &major, &minor, &revision) ) + { + case 3: major = (major * 100) + (minor * 10) + revision; break; + case 2: major = (major * 100) + (minor * 10); break; + case 1: major = major * 100; break; + default: + usage ("illegal release number"); + } + setconfigversion (major); + #if defined(HAVE_GETOPT_LONG) && HAVE_GETOPT_LONG while ( (c = getopt_long (argc, argv, short_options, long_options, &opt_index)) != -1 ) #else @@ -152,10 +164,11 @@ int main (int argc, char *argv[]) config = loadconfig_fromstr (optarg, config); break; case 'C': - switch ( sscanf (optarg, "%d.%d", &major, &minor) ) + switch ( sscanf (optarg, "%d.%d.%d", &major, &minor, &revision) ) { - case 2: major = major * 100 + minor; - case 1: break; + case 3: major = (major * 100) + (minor * 10) + revision; break; + case 2: major = (major * 100) + (minor * 10); break; + case 1: major = major * 100; break; default: usage ("illegal release number"); } @@ -277,11 +290,11 @@ int main (int argc, char *argv[]) } if ( minttl < (10 * MINSEC) ) - fprintf (stderr, "Min_TTL of %s (%ld seconds) is too low to use it in a signed zone (see RFC4641)\n", + fprintf (stderr, "MinimumTTL of %s (%ld seconds) is too low to use it in a signed zone (see RFC4641)\n", timeint2str (minttl), minttl); else - fprintf (stderr, "Min_TTL:\t%s\t# (%ld seconds)\n", timeint2str (minttl), minttl); - fprintf (stdout, "Max_TTL:\t%s\t# (%ld seconds)\n", timeint2str (maxttl), maxttl); + fprintf (stderr, "MinimumTTL:\t%s\t# (%ld seconds)\n", timeint2str (minttl), minttl); + fprintf (stdout, "MaximumTTL:\t%s\t# (%ld seconds)\n", timeint2str (maxttl), maxttl); if ( writeflag ) { @@ -292,7 +305,7 @@ int main (int argc, char *argv[]) dbg_val ("Load local config file \"%s\"\n", LOCALCONF_FILE); config = loadconfig (LOCALCONF_FILE, config); } - setconfigpar (config, "Max_TTL", &maxttl); + setconfigpar (config, "MaximumTTL", &maxttl); printconfigdiff (confname, refconfig, config); } } diff --git a/contrib/zkt/zkt-keyman.c b/contrib/zkt-1.1.2/zkt-keyman.c similarity index 100% rename from contrib/zkt/zkt-keyman.c rename to contrib/zkt-1.1.2/zkt-keyman.c diff --git a/contrib/zkt/zkt-ls.c b/contrib/zkt-1.1.2/zkt-ls.c similarity index 94% rename from contrib/zkt/zkt-ls.c rename to contrib/zkt-1.1.2/zkt-ls.c index 67e2ce4873..e9ac692bdb 100644 --- a/contrib/zkt/zkt-ls.c +++ b/contrib/zkt-1.1.2/zkt-ls.c @@ -85,18 +85,20 @@ int subdomain_before_parent = 1; static int dirflag = 0; static int recflag = RECURSIVE; static int trustedkeyflag = 0; +static int managedkeyflag = 0; static const char *view = ""; static const char *term = NULL; #if defined(COLOR_MODE) && COLOR_MODE -# define short_options ":HKTV:afC::c:O:dhkLl:prstez" +# define short_options ":HKTMV:afC::c:O:dhkLl:prstez" #else -# define short_options ":HKTV:af:c:O:dhkLl:prstez" +# define short_options ":HKTMV:af:c:O:dhkLl:prstez" #endif #if defined(HAVE_GETOPT_LONG) && HAVE_GETOPT_LONG static struct option long_options[] = { {"list-dnskeys", no_argument, NULL, 'K'}, {"list-trustedkeys", no_argument, NULL, 'T'}, + {"list-managedkeys", no_argument, NULL, 'M'}, {"ksk", no_argument, NULL, 'k'}, {"zsk", no_argument, NULL, 'z'}, {"age", no_argument, NULL, 'a'}, @@ -182,6 +184,12 @@ int main (int argc, char *argv[]) term = getenv ("TERM"); break; #endif + case 'M': + managedkeyflag = 1; + subdomain_before_parent = 0; + zskflag = pathflag = 0; + action = c; + break; case 'T': trustedkeyflag = 1; subdomain_before_parent = 0; @@ -300,6 +308,9 @@ int main (int argc, char *argv[]) case 'T': zkt_list_trustedkeys (data); break; + case 'M': + zkt_list_managedkeys (data); + break; default: zkt_list_keys (data); } @@ -333,13 +344,17 @@ static void usage (char *mesg, zconf_t *cp) sopt_usage ("\tusage: %s -T [-dhrz] [-c config] [file|dir ...]\n", progname); lopt_usage ("\tusage: %s --list-trustedkeys [-dhzr] [-c config] [file|dir ...]\n", progname); fprintf (stderr, "\n"); + fprintf (stderr, "List managed keys (output is suitable for managed-keys section)\n"); + sopt_usage ("\tusage: %s -M [-dhrz] [-c config] [file|dir ...]\n", progname); + lopt_usage ("\tusage: %s --list-managedkeys [-dhzr] [-c config] [file|dir ...]\n", progname); + fprintf (stderr, "\n"); fprintf (stderr, "General options \n"); fprintf (stderr, "\t-c file%s", loptstr (", --config=file\n", "")); fprintf (stderr, "\t\t read config from instead of %s\n", CONFIG_FILE); fprintf (stderr, "\t-O optstr%s", loptstr (", --config-option=\"optstr\"\n", "")); fprintf (stderr, "\t\t read config options from commandline\n"); - fprintf (stderr, "\t-h%s\t no headline or trusted-key section header/trailer in -T mode\n", loptstr (", --nohead", "\t")); + fprintf (stderr, "\t-h%s\t no headline or trusted/managed-key section header/trailer in -T/-M mode\n", loptstr (", --nohead", "\t")); fprintf (stderr, "\t-d%s\t skip directory arguments\n", loptstr (", --directory", "\t")); fprintf (stderr, "\t-L%s\t print the domain name left justified (default: %s)\n", loptstr (", --leftjust", "\t"), ljustflag ? "on": "off"); fprintf (stderr, "\t-l list%s", loptstr (", --label=\"list\"\n\t", "")); diff --git a/contrib/zkt/zkt-signer.c b/contrib/zkt-1.1.2/zkt-signer.c similarity index 99% rename from contrib/zkt/zkt-signer.c rename to contrib/zkt-1.1.2/zkt-signer.c index 7a20ae3469..5a2a285b34 100644 --- a/contrib/zkt/zkt-signer.c +++ b/contrib/zkt-1.1.2/zkt-signer.c @@ -254,13 +254,10 @@ int main (int argc, char *const argv[]) if ( lg_open (progname, config->syslogfacility, config->sysloglevel, config->zonedir, logfile, config->loglevel) < -1 ) fatal ("Couldn't open logfile %s in dir %s\n", logfile, config->zonedir); -#if defined(DBG) && DBG - for ( zp = zonelist; zp; zp = zp->next ) - zone_print ("in main: ", zp); -#endif lg_args (LG_NOTICE, argc, argv); - /* 1.0rc1: If the ttl for dynamic zones is not known or if it is 0, use sig valid time for this */ + /* 1.0rc1: If the ttl is 0 or not known because of dynamic zone signing, ... */ + /* ... use sig valid time for this */ if ( config->max_ttl <= 0 || dynamic_zone ) { // config = dupconfig (config); @@ -316,10 +313,14 @@ int main (int argc, char *const argv[]) free (dir); } - /* none of the above: read current directory tree */ + /* none of the above: read default directory tree */ if ( zonelist == NULL ) parsedir (config->zonedir, &zonelist, config); +#if defined(DBG) && DBG + for ( zp = zonelist; zp; zp = zp->next ) + zone_print ("in main: ", zp); +#endif for ( zp = zonelist; zp; zp = zp->next ) if ( in_strarr (zp->zone, &argv[optind], argc - optind) ) { @@ -550,7 +551,7 @@ static int dosigning (zone_t *zonelist, zone_t *zp) if ( force ) snprintf (mesg, sizeof(mesg), "Option -f"); else if ( newkey ) - snprintf (mesg, sizeof(mesg), "Modfied zone key set"); + snprintf (mesg, sizeof(mesg), "Modified zone key set"); else if ( newkeysetfile ) snprintf (mesg, sizeof(mesg), "Modified KSK in delegated domain"); else if ( file_mtime (path) > zfilesig_time ) @@ -626,7 +627,7 @@ static int dosigning (zone_t *zonelist, zone_t *zp) } /* at last, sign the zone file */ - if ( err > 0 ) + if ( err >= 0 ) { time_t timer; diff --git a/contrib/zkt/zkt-soaserial.c b/contrib/zkt-1.1.2/zkt-soaserial.c similarity index 100% rename from contrib/zkt/zkt-soaserial.c rename to contrib/zkt-1.1.2/zkt-soaserial.c diff --git a/contrib/zkt/zkt.c b/contrib/zkt-1.1.2/zkt.c similarity index 87% rename from contrib/zkt/zkt.c rename to contrib/zkt-1.1.2/zkt.c index 511c08c535..6b6ce69e73 100644 --- a/contrib/zkt/zkt.c +++ b/contrib/zkt-1.1.2/zkt.c @@ -244,6 +244,43 @@ static void list_trustedkey (const dki_t **nodep, const VISIT which, int depth) } } } +static void list_managedkey (const dki_t **nodep, const VISIT which, int depth) +{ + const dki_t *dkp; + + if ( nodep == NULL ) + return; + + dkp = *nodep; + if ( which == INORDER || which == LEAF ) + { +// fprintf (stderr, "list_trustedkey order=%d(pre=0,in=1,post=2,leaf=3) depth=%d %s\n", which, depth, dkp->name); + if ( labellist && !isinlist (dkp->name, labellist) ) + return; + + if ( parent == NULL || !issubdomain (dkp->name, parent->name) ) + { + const dki_t *dkp_head = NULL; + const dki_t *standby = NULL; + + parent = dkp; + + dkp_head = dkp; + /* look for a standby key */ + for ( dkp = dkp_head; dkp; dkp = dkp->next ) + if ( dki_isksk (dkp) && dki_ispublished (dkp) ) + standby = dkp; + + if ( !standby ) /* no standby key found ? */ + return; + + /* print all non-standby ksk */ + for ( dkp = dkp_head; dkp; dkp = dkp->next ) + if ( dki_isksk (dkp) && dkp != standby ) + dki_prt_managedkey (dkp, stdout); + } + } +} # endif #endif @@ -268,6 +305,27 @@ void zkt_list_trustedkeys (const dki_t *data) printf ("};\n"); } +void zkt_list_managedkeys (const dki_t *data) +{ + + /* print headline if list is not empty */ + if ( data && headerflag ) + printf ("managed-keys {\n"); + +#if defined(USE_TREE) && USE_TREE + twalk (data, list_managedkey); +#else + for ( dkp = data; dkp; dkp = dkp->next ) /* loop through list */ + if ( (dki_isksk (dkp) || zskflag) && + (labellist == NULL || isinlist (dkp->name, labellist)) ) + dki_prt_managedkey (dkp, stdout); +#endif + + /* print end of trusted-key section */ + if ( data && headerflag ) + printf ("};\n"); +} + #if defined(USE_TREE) && USE_TREE static void list_dnskey (const dki_t **nodep, const VISIT which, int depth) { diff --git a/contrib/zkt/zkt.h b/contrib/zkt-1.1.2/zkt.h similarity index 97% rename from contrib/zkt/zkt.h rename to contrib/zkt-1.1.2/zkt.h index 2f3398d5fb..01460527ee 100644 --- a/contrib/zkt/zkt.h +++ b/contrib/zkt-1.1.2/zkt.h @@ -40,6 +40,7 @@ extern const dki_t *zkt_search (const dki_t *data, int searchtag, const char *keyname); extern void zkt_list_keys (const dki_t *data); extern void zkt_list_trustedkeys (const dki_t *data); +extern void zkt_list_managedkeys (const dki_t *data); extern void zkt_list_dnskeys (const dki_t *data); extern void zkt_setkeylifetime (dki_t *data); diff --git a/contrib/zkt/zone.c b/contrib/zkt-1.1.2/zone.c similarity index 100% rename from contrib/zkt/zone.c rename to contrib/zkt-1.1.2/zone.c diff --git a/contrib/zkt/zone.h b/contrib/zkt-1.1.2/zone.h similarity index 100% rename from contrib/zkt/zone.h rename to contrib/zkt-1.1.2/zone.h diff --git a/contrib/zkt/dnssec-zkt.c b/contrib/zkt/dnssec-zkt.c deleted file mode 100644 index 744a6f865f..0000000000 --- a/contrib/zkt/dnssec-zkt.c +++ /dev/null @@ -1,816 +0,0 @@ -/***************************************************************** -** -** @(#) dnssec-zkt.c (c) Jan 2005 Holger Zuleger hznet.de -** -** Secure DNS zone key tool -** A wrapper command around the BIND dnssec-keygen utility -** -** Copyright (c) 2005 - 2008, Holger Zuleger HZnet. All rights reserved. -** -** This software is open source. -** -** Redistribution and use in source and binary forms, with or without -** modification, are permitted provided that the following conditions -** are met: -** -** Redistributions of source code must retain the above copyright notice, -** this list of conditions and the following disclaimer. -** -** Redistributions in binary form must reproduce the above copyright notice, -** this list of conditions and the following disclaimer in the documentation -** and/or other materials provided with the distribution. -** -** Neither the name of Holger Zuleger HZnet nor the names of its contributors may -** be used to endorse or promote products derived from this software without -** specific prior written permission. -** -** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED -** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE -** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -** POSSIBILITY OF SUCH DAMAGE. -** -*****************************************************************/ - -# include -# include /* abort(), exit(), ... */ -# include -# include -# include -# include -# include - -#ifdef HAVE_CONFIG_H -# include -#endif -# include "config_zkt.h" -#if defined(HAVE_GETOPT_LONG) && HAVE_GETOPT_LONG -# include -#endif - -# include "debug.h" -# include "misc.h" -# include "strlist.h" -# include "zconf.h" -# include "dki.h" -# include "zkt.h" - -extern int optopt; -extern int opterr; -extern int optind; -extern char *optarg; -const char *progname; - -char *labellist = NULL; - -int headerflag = 1; -int ageflag = 0; -int lifetime = 0; -int lifetimeflag = 0; -int timeflag = 1; -int exptimeflag = 0; -int pathflag = 0; -int kskflag = 1; -int zskflag = 1; -int ljustflag = 0; - -static int dirflag = 0; -static int recflag = RECURSIVE; -static int trustedkeyflag = 0; -static char *kskdomain = ""; -static const char *view = ""; - -# define short_options ":0:1:2:3:9A:C:D:P:S:R:HKTs:ZV:afF:c:O:dhkLl:prtez" -#if defined(HAVE_GETOPT_LONG) && HAVE_GETOPT_LONG -static struct option long_options[] = { - {"ksk-rollover", no_argument, NULL, '9'}, - {"ksk-status", required_argument, NULL, '0'}, - {"ksk-roll-status", required_argument, NULL, '0'}, - {"ksk-newkey", required_argument, NULL, '1'}, - {"ksk-publish", required_argument, NULL, '2'}, - {"ksk-delkey", required_argument, NULL, '3'}, - {"ksk-roll-phase1", required_argument, NULL, '1'}, - {"ksk-roll-phase2", required_argument, NULL, '2'}, - {"ksk-roll-phase3", required_argument, NULL, '3'}, - {"list-dnskeys", no_argument, NULL, 'K'}, - {"list-trustedkeys", no_argument, NULL, 'T'}, - {"ksk", no_argument, NULL, 'k'}, - {"zsk", no_argument, NULL, 'z'}, - {"age", no_argument, NULL, 'a'}, - {"lifetime", no_argument, NULL, 'f'}, - {"time", no_argument, NULL, 't'}, - {"expire", no_argument, NULL, 'e'}, - {"recursive", no_argument, NULL, 'r'}, - {"zone-config", no_argument, NULL, 'Z'}, - {"leftjust", no_argument, NULL, 'L'}, - {"path", no_argument, NULL, 'p'}, - {"nohead", no_argument, NULL, 'h'}, - {"directory", no_argument, NULL, 'd'}, - {"config", required_argument, NULL, 'c'}, - {"option", required_argument, NULL, 'O'}, - {"config-option", required_argument, NULL, 'O'}, - {"published", required_argument, NULL, 'P'}, - {"standby", required_argument, NULL, 'S'}, - {"active", required_argument, NULL, 'A'}, - {"depreciated", required_argument, NULL, 'D'}, - {"create", required_argument, NULL, 'C'}, - {"revoke", required_argument, NULL, 'R'}, - {"remove", required_argument, NULL, 19 }, - {"destroy", required_argument, NULL, 20 }, - {"setlifetime", required_argument, NULL, 'F' }, - {"view", required_argument, NULL, 'V' }, - {"help", no_argument, NULL, 'H'}, - {0, 0, 0, 0} -}; -#endif - -static int parsedirectory (const char *dir, dki_t **listp); -static void parsefile (const char *file, dki_t **listp); -static void createkey (const char *keyname, const dki_t *list, const zconf_t *conf); -static void ksk_roll (const char *keyname, int phase, const dki_t *list, const zconf_t *conf); -static int create_parent_file (const char *fname, int phase, int ttl, const dki_t *dkp); -static void usage (char *mesg, zconf_t *cp); -static const char *parsetag (const char *str, int *tagp); - -static void setglobalflags (zconf_t *config) -{ - recflag = config->recursive; - ageflag = config->printage; - timeflag = config->printtime; - ljustflag = config->ljust; -} - -int main (int argc, char *argv[]) -{ - dki_t *data = NULL; - dki_t *dkp; - int c; - int opt_index; - int action; - const char *file; - const char *defconfname = NULL; - char *p; - char str[254+1]; - const char *keyname = NULL; - int searchtag; - zconf_t *config; - - progname = *argv; - if ( (p = strrchr (progname, '/')) ) - progname = ++p; - view = getnameappendix (progname, "dnssec-zkt"); - - defconfname = getdefconfname (view); - config = loadconfig ("", (zconf_t *)NULL); /* load built in config */ - if ( fileexist (defconfname) ) /* load default config file */ - config = loadconfig (defconfname, config); - if ( config == NULL ) - fatal ("Out of memory\n"); - setglobalflags (config); - - opterr = 0; - opt_index = 0; - action = 0; -#if defined(HAVE_GETOPT_LONG) && HAVE_GETOPT_LONG - while ( (c = getopt_long (argc, argv, short_options, long_options, &opt_index)) != -1 ) -#else - while ( (c = getopt (argc, argv, short_options)) != -1 ) -#endif - { - switch ( c ) - { - case '9': /* ksk rollover help */ - ksk_roll ("help", c - '0', NULL, NULL); - exit (1); - case '1': /* ksk rollover: create new key */ - case '2': /* ksk rollover: publish DS */ - case '3': /* ksk rollover: delete old key */ - case '0': /* ksk rollover: show current status */ - action = c; - if ( !optarg ) - usage ("ksk rollover requires an domain argument", config); - kskdomain = domain_canonicdup (optarg); - break; - case 'T': - trustedkeyflag = 1; - zskflag = pathflag = 0; - /* fall through */ - case 'H': - case 'K': - case 'Z': - action = c; - break; - case 'C': - pathflag = !pathflag; - /* fall through */ - case 'P': - case 'S': - case 'A': - case 'D': - case 'R': - case 's': - case 19: - case 20: - if ( (keyname = parsetag (optarg, &searchtag)) != NULL ) - keyname = domain_canonicdup (keyname); - action = c; - break; - case 'a': /* age */ - ageflag = !ageflag; - break; - case 'f': /* key lifetime */ - lifetimeflag = !lifetimeflag; - break; - case 'F': /* set key lifetime */ - lifetime = atoi (optarg); - lifetimeflag = 1; /* set some flags for more informative output */ - exptimeflag = 1; - timeflag = 1; - action = c; - break; - case 'V': /* view name */ - view = optarg; - defconfname = getdefconfname (view); - if ( fileexist (defconfname) ) /* load default config file */ - config = loadconfig (defconfname, config); - if ( config == NULL ) - fatal ("Out of memory\n"); - setglobalflags (config); - break; - case 'c': - config = loadconfig (optarg, config); - setglobalflags (config); - checkconfig (config); - break; - case 'O': /* read option from commandline */ - config = loadconfig_fromstr (optarg, config); - setglobalflags (config); - checkconfig (config); - break; - case 'd': /* ignore directory arg */ - dirflag = 1; - break; - case 'h': /* print no headline */ - headerflag = 0; - break; - case 'k': /* ksk only */ - zskflag = 0; - break; - case 'L': /* ljust */ - ljustflag = !ljustflag; - break; - case 'l': /* label list */ - labellist = prepstrlist (optarg, LISTDELIM); - if ( labellist == NULL ) - fatal ("Out of memory\n"); - break; - case 'p': /* print path */ - pathflag = 1; - break; - case 'r': /* switch recursive flag */ - recflag = !recflag; - break; - case 't': /* time */ - timeflag = !timeflag; - break; - case 'e': /* expire time */ - exptimeflag = !exptimeflag; - break; - case 'z': /* zsk only */ - kskflag = 0; - break; - case ':': - snprintf (str, sizeof(str), "option \"-%c\" requires an argument.\n", - optopt); - usage (str, config); - break; - case '?': - if ( isprint (optopt) ) - snprintf (str, sizeof(str), "Unknown option \"-%c\".\n", - optopt); - else - snprintf (str, sizeof (str), "Unknown option char \\x%x.\n", - optopt); - usage (str, config); - break; - default: - abort(); - } - } - - /* it's better to do this before we read the whole directory tree */ - if ( action == 'Z' ) - { - fprintf (stderr, "The use of -Z is deprecated. Please use zkt-conf instead\n"); - printconfig ("stdout", config); - return 0; - } - - if ( kskflag == 0 && zskflag == 0 ) - kskflag = zskflag = 1; - - c = optind; - do { - if ( c >= argc ) /* no args left */ - file = config->zonedir; /* use default directory */ - else - file = argv[c++]; - - if ( is_directory (file) ) - parsedirectory (file, &data); - else - parsefile (file, &data); - - } while ( c < argc ); /* for all arguments */ - - switch ( action ) - { - case 'H': - usage ("", config); - case 'C': - createkey (keyname, data, config); - break; - case 'P': - case 'S': - case 'A': - case 'D': - if ( (dkp = (dki_t*)zkt_search (data, searchtag, keyname)) == NULL ) - fatal ("Key with tag %u not found\n", searchtag); - else if ( dkp == (void *) 01 ) - fatal ("Key with tag %u found multiple times\n", searchtag); - if ( (c = dki_setstatus_preservetime (dkp, action)) != 0 ) - fatal ("Couldn't change status of key %u: %d\n", searchtag, c); - break; - case 19: /* remove (rename) key file */ - if ( (dkp = (dki_t *)zkt_search (data, searchtag, keyname)) == NULL ) - fatal ("Key with tag %u not found\n", searchtag); - else if ( dkp == (void *) 01 ) - fatal ("Key with tag %u found multiple times\n", searchtag); - dki_remove (dkp); - break; - case 20: /* destroy the key (remove the files!) */ - if ( (dkp = (dki_t *)zkt_search (data, searchtag, keyname)) == NULL ) - fatal ("Key with tag %u not found\n", searchtag); - else if ( dkp == (void *) 01 ) - fatal ("Key with tag %u found multiple times\n", searchtag); - dki_destroy (dkp); - break; - case 'R': - if ( (dkp = (dki_t *)zkt_search (data, searchtag, keyname)) == NULL ) - fatal ("Key with tag %u not found\n", searchtag); - else if ( dkp == (void *) 01 ) - fatal ("Key with tag %u found multiple times\n", searchtag); - if ( (c = dki_setstatus (dkp, action)) != 0 ) - fatal ("Couldn't change status of key %u: %d\n", searchtag, c); - break; - case 's': - if ( (dkp = (dki_t *)zkt_search (data, searchtag, keyname)) == NULL ) - fatal ("Key with tag %u not found\n", searchtag); - else if ( dkp == (void *) 01 ) - fatal ("Key with tag %u found multiple times\n", searchtag); - dki_prt_dnskey (dkp, stdout); - break; - case 'K': - zkt_list_dnskeys (data); - break; - case 'T': - zkt_list_trustedkeys (data); - break; - case '1': /* ksk rollover new key */ - case '2': /* ksk rollover publish DS */ - case '3': /* ksk rollover delete old key */ - case '0': /* ksk rollover status */ - ksk_roll (kskdomain, action - '0', data, config); - break; - case 'F': - zkt_setkeylifetime (data); - /* fall through */ - default: - zkt_list_keys (data); - } - - return 0; -} - -# define sopt_usage(mesg, value) fprintf (stderr, mesg, value) -#if defined(HAVE_GETOPT_LONG) && HAVE_GETOPT_LONG -# define lopt_usage(mesg, value) fprintf (stderr, mesg, value) -# define loptstr(lstr, sstr) lstr -#else -# define lopt_usage(mesg, value) -# define loptstr(lstr, sstr) sstr -#endif -static void usage (char *mesg, zconf_t *cp) -{ - fprintf (stderr, "Secure DNS Zone Key Tool %s\n", ZKT_VERSION); - fprintf (stderr, "\n"); - fprintf (stderr, "Show zone config parameter as %s file\n", LOCALCONF_FILE); - sopt_usage ("\tusage: %s -Z\n", progname); - lopt_usage ("\tusage: %s --zone-config\n", progname); - fprintf (stderr, "\n"); - fprintf (stderr, "List keys in current or given directory (-r for recursive mode)\n"); - sopt_usage ("\tusage: %s [-dhatkzpr] [-c config] [file|dir ...]\n", progname); - fprintf (stderr, "\n"); - fprintf (stderr, "List public part of keys in DNSKEY RR format\n"); - sopt_usage ("\tusage: %s -K [-dhkzr] [-c config] [file|dir ...]\n", progname); - lopt_usage ("\tusage: %s --list-dnskeys [-dhkzr] [-c config] [file|dir ...]\n", progname); - fprintf (stderr, "\n"); - fprintf (stderr, "List keys (output is suitable for trusted-keys section)\n"); - sopt_usage ("\tusage: %s -T [-dhzr] [-c config] [file|dir ...]\n", progname); - lopt_usage ("\tusage: %s --list-trustedkeys [-dhzr] [-c config] [file|dir ...]\n", progname); - fprintf (stderr, "\n"); - fprintf (stderr, "Create a new key \n"); - sopt_usage ("\tusage: %s -C [-k] [-dpr] [-c config] [dir ...]\n", progname); - lopt_usage ("\tusage: %s --create= [-k] [-dpr] [-c config] [dir ...]\n", progname); - fprintf (stderr, "\t\tKSK (use -k): %s %d bits\n", dki_algo2str (cp->k_algo), cp->k_bits); - fprintf (stderr, "\t\tZSK (default): %s %d bits\n", dki_algo2str (cp->k_algo), cp->z_bits); - fprintf (stderr, "\n"); - fprintf (stderr, "Change key status of specified key to published, active or depreciated\n"); - fprintf (stderr, "\t( := tag | tag:name) \n"); - sopt_usage ("\tusage: %s -P|-A|-D [-dr] [-c config] [dir ...]\n", progname); - lopt_usage ("\tusage: %s --published= [-dr] [-c config] [dir ...]\n", progname); - lopt_usage ("\tusage: %s --active= [-dr] [-c config] [dir ...]\n", progname); - lopt_usage ("\tusage: %s --depreciated= [-dr] [-c config] [dir ...]\n", progname); - fprintf (stderr, "\n"); - fprintf (stderr, "Revoke specified key ( := tag | tag:name) \n"); - sopt_usage ("\tusage: %s -R [-dr] [-c config] [dir ...]\n", progname); - lopt_usage ("\tusage: %s --revoke= [-dr] [-c config] [dir ...]\n", progname); - fprintf (stderr, "\n"); - fprintf (stderr, "Remove (rename) or destroy (delete) specified key ( := tag | tag:name) \n"); - lopt_usage ("\tusage: %s --remove= [-dr] [-c config] [dir ...]\n", progname); - lopt_usage ("\tusage: %s --destroy= [-dr] [-c config] [dir ...]\n", progname); - fprintf (stderr, "\n"); - fprintf (stderr, "Initiate a semi-automated KSK rollover"); - fprintf (stderr, "('%s -9%s' prints out a short description)\n", progname, loptstr ("|--ksk-rollover", "")); - sopt_usage ("\tusage: %s {-1} do.ma.in.\n", progname); - lopt_usage ("\tusage: %s {--ksk-roll-phase1|--ksk-newkey} do.ma.in.\n", progname); - sopt_usage ("\tusage: %s {-2} do.ma.in.\n", progname); - lopt_usage ("\tusage: %s {--ksk-roll-phase2|--ksk-publish} do.ma.in.\n", progname); - sopt_usage ("\tusage: %s {-3} do.ma.in.\n", progname); - lopt_usage ("\tusage: %s {--ksk-roll-phase3|--ksk-delkey} do.ma.in.\n", progname); - sopt_usage ("\tusage: %s {-0} do.ma.in.\n", progname); - lopt_usage ("\tusage: %s {--ksk-roll-status|--ksk-status} do.ma.in.\n", progname); - fprintf (stderr, "\n"); - - fprintf (stderr, "\n"); - fprintf (stderr, "General options \n"); - fprintf (stderr, "\t-c file%s", loptstr (", --config=file\n", "")); - fprintf (stderr, "\t\t read config from instead of %s\n", CONFIG_FILE); - fprintf (stderr, "\t-O optstr%s", loptstr (", --config-option=\"optstr\"\n", "")); - fprintf (stderr, "\t\t read config options from commandline\n"); - fprintf (stderr, "\t-h%s\t no headline or trusted-key section header/trailer in -T mode\n", loptstr (", --nohead", "\t")); - fprintf (stderr, "\t-d%s\t skip directory arguments\n", loptstr (", --directory", "\t")); - fprintf (stderr, "\t-L%s\t print the domain name left justified (default: %s)\n", loptstr (", --leftjust", "\t"), ljustflag ? "on": "off"); - fprintf (stderr, "\t-l list\t\t print out only zone keys out of the given domain list\n"); - fprintf (stderr, "\t-p%s\t show path of keyfile / create key in current directory\n", loptstr (", --path", "\t")); - fprintf (stderr, "\t-r%s\t recursive mode on/off (default: %s)\n", loptstr(", --recursive", "\t"), recflag ? "on": "off"); - fprintf (stderr, "\t-a%s\t print age of key (default: %s)\n", loptstr (", --age", "\t"), ageflag ? "on": "off"); - fprintf (stderr, "\t-t%s\t print key generation time (default: %s)\n", loptstr (", --time", "\t"), - timeflag ? "on": "off"); - fprintf (stderr, "\t-e%s\t print key expiration time\n", loptstr (", --expire", "\t")); - fprintf (stderr, "\t-f%s\t print key lifetime\n", loptstr (", --lifetime", "\t")); - fprintf (stderr, "\t-F days%s=days\t set key lifetime\n", loptstr (", --setlifetime", "\t")); - fprintf (stderr, "\t-k%s\t key signing keys only\n", loptstr (", --ksk", "\t")); - fprintf (stderr, "\t-z%s\t zone signing keys only\n", loptstr (", --zsk", "\t")); - if ( mesg && *mesg ) - fprintf (stderr, "%s\n", mesg); - exit (1); -} - -static void createkey (const char *keyname, const dki_t *list, const zconf_t *conf) -{ - const char *dir = ""; - dki_t *dkp; - - if ( keyname == NULL || *keyname == '\0' ) - fatal ("Create key: no keyname!"); - - dbg_val2 ("createkey: keyname %s, pathflag = %d\n", keyname, pathflag); - /* search for already existent key to get the directory name */ - if ( pathflag && (dkp = (dki_t *)zkt_search (list, 0, keyname)) != NULL ) - { - char path[MAX_PATHSIZE+1]; - zconf_t localconf; - - dir = dkp->dname; - pathname (path, sizeof (path), dir, LOCALCONF_FILE, NULL); - if ( fileexist (path) ) /* load local config file */ - { - dbg_val ("Load local config file \"%s\"\n", path); - memcpy (&localconf, conf, sizeof (zconf_t)); - conf = loadconfig (path, &localconf); - } - } - - if ( zskflag ) - dkp = dki_new (dir, keyname, DKI_ZSK, conf->k_algo, conf->z_bits, conf->z_random, conf->z_life / DAYSEC); - else - dkp = dki_new (dir, keyname, DKI_KSK, conf->k_algo, conf->k_bits, conf->k_random, conf->k_life / DAYSEC); - if ( dkp == NULL ) - fatal ("Can't create key %s: %s!\n", keyname, dki_geterrstr ()); - - /* create a new key always in state published, which means "standby" for ksk */ - dki_setstatus (dkp, DKI_PUB); -} - -static int get_parent_phase (const char *file) -{ - FILE *fp; - int phase; - - if ( (fp = fopen (file, "r")) == NULL ) - return -1; - - phase = 0; - if ( fscanf (fp, "; KSK rollover phase%d", &phase) != 1 ) - phase = 0; - - fclose (fp); - return phase; -} - -static void ksk_roll (const char *keyname, int phase, const dki_t *list, const zconf_t *conf) -{ - char path[MAX_PATHSIZE+1]; - zconf_t localconf; - const char *dir; - dki_t *keylist; - dki_t *dkp; - dki_t *standby; - int parent_exist; - int parent_age; - int parent_phase; - int parent_propagation; - int key_ttl; - int ksk; - - if ( phase == 9 ) /* usage */ - { - fprintf (stderr, "A KSK rollover requires three consecutive steps:\n"); - fprintf (stderr, "\n"); - fprintf (stderr, "-1%s", loptstr ("|--ksk-roll-phase1 (--ksk-newkey)\n", "")); - fprintf (stderr, "\t Create a new KSK.\n"); - fprintf (stderr, "\t This step also creates a parent- file which contains only\n"); - fprintf (stderr, "\t the _old_ key. This file will be copied in hierarchical mode\n"); - fprintf (stderr, "\t by dnssec-signer to the parent directory as keyset- file.\n"); - fprintf (stderr, "\t Wait until the new keyset is propagated, before going to the next step.\n"); - fprintf (stderr, "\n"); - fprintf (stderr, "-2%s", loptstr ("|--ksk-roll-phase2 (--ksk-publish)\n", "")); - fprintf (stderr, "\t This step creates a parent- file with the _new_ key only.\n"); - fprintf (stderr, "\t Please send this file immediately to the parent (In hierarchical\n"); - fprintf (stderr, "\t mode this will be done automatically by the dnssec-signer command).\n"); - fprintf (stderr, "\t Then wait until the new DS is generated by the parent and propagated\n"); - fprintf (stderr, "\t to all the parent name server, plus the old DS TTL before going to step three.\n"); - fprintf (stderr, "\n"); - fprintf (stderr, "-3%s", loptstr ("|--ksk-roll-phase3 (--ksk-delkey)\n", "")); - fprintf (stderr, "\t Remove (rename) the old KSK and the parent- file.\n"); - fprintf (stderr, "\t You have to manually delete the old KSK (look at file names beginning\n"); - fprintf (stderr, "\t with an lower 'k').\n"); - fprintf (stderr, "\n"); - fprintf (stderr, "-0%s", loptstr ("|--ksk-roll-stat (--ksk-status)\n", "")); - fprintf (stderr, "\t Show the current KSK rollover state of a domain.\n"); - - fprintf (stderr, "\n"); - - return; - } - - if ( keyname == NULL || *keyname == '\0' ) - fatal ("ksk rollover: no domain!"); - - dbg_val2 ("ksk_roll: keyname %s, phase = %d\n", keyname, phase); - - /* search for already existent key to get the directory name */ - if ( (keylist = (dki_t *)zkt_search (list, 0, keyname)) == NULL ) - fatal ("ksk rollover: domain %s not found!\n", keyname); - dkp = keylist; - - /* try to read local config file */ - dir = dkp->dname; - pathname (path, sizeof (path), dir, LOCALCONF_FILE, NULL); - if ( fileexist (path) ) /* load local config file */ - { - dbg_val ("Load local config file \"%s\"\n", path); - memcpy (&localconf, conf, sizeof (zconf_t)); - conf = loadconfig (path, &localconf); - } - key_ttl = conf->key_ttl; - - /* check if parent-file already exist */ - pathname (path, sizeof (path), dir, "parent-", keyname); - parent_phase = parent_age = 0; - if ( (parent_exist = fileexist (path)) != 0 ) - { - parent_phase = get_parent_phase (path); - parent_age = file_age (path); - } - // parent_propagation = 2 * DAYSEC; - parent_propagation = 5 * MINSEC; - - ksk = 0; /* count active(!) key signing keys */ - standby = NULL; /* find standby key if available */ - for ( dkp = keylist; dkp; dkp = dkp->next ) - if ( dki_isksk (dkp) ) - { - if ( dki_status (dkp) == DKI_ACT ) - ksk++; - else if ( dki_status (dkp) == DKI_PUB ) - standby = dkp; - } - - switch ( phase ) - { - case 0: /* print status (debug) */ - fprintf (stdout, "ksk_rollover:\n"); - fprintf (stdout, "\t domain = %s\n", keyname); - fprintf (stdout, "\t phase = %d\n", parent_phase); - fprintf (stdout, "\t parent_file %s %s\n", path, parent_exist ? "exist": "not exist"); - if ( parent_exist ) - fprintf (stdout, "\t age of parent_file %d %s\n", parent_age, str_delspace (age2str (parent_age))); - fprintf (stdout, "\t # of active key signing keys %d\n", ksk); - fprintf (stdout, "\t parent_propagation %d %s\n", parent_propagation, str_delspace (age2str (parent_propagation))); - fprintf (stdout, "\t keys ttl %d %s\n", key_ttl, age2str (key_ttl)); - - for ( dkp = keylist; dkp; dkp = dkp->next ) - { - /* TODO: Nur zum testen */ - dki_prt_dnskey (dkp, stdout); - } - break; - case 1: - if ( parent_exist || ksk > 1 ) - fatal ("Can\'t create new ksk because there is already an ksk rollover in progress\n"); - - fprintf (stdout, "create new ksk \n"); - dkp = dki_new (dir, keyname, DKI_KSK, conf->k_algo, conf->k_bits, conf->k_random, conf->k_life / DAYSEC); - if ( dkp == NULL ) - fatal ("Can't create key %s: %s!\n", keyname, dki_geterrstr ()); - if ( standby ) - { - dki_setstatus (standby, DKI_ACT); /* activate standby key */ - dki_setstatus (dkp, DKI_PUB); /* new key will be the new standby */ - } - - // dkp = keylist; /* use old key to create the parent file */ - if ( (dkp = (dki_t *)dki_findalgo (keylist, 1, conf->k_algo, 'a', 1)) == NULL ) /* find the oldest active ksk to create the parent file */ - fatal ("ksk_rollover phase1: Couldn't find the old active key\n"); - if ( !create_parent_file (path, phase, key_ttl, dkp) ) - fatal ("Couldn't create parentfile %s\n", path); - break; - - case 2: - if ( ksk < 2 ) - fatal ("Can\'t publish new key because no one exist\n"); - if ( !parent_exist ) - fatal ("More than one KSK but no parent file found!\n"); - if ( parent_phase != 1 ) - fatal ("Parent file exists but is in wrong state (phase = %d)\n", parent_phase); - if ( parent_age < conf->proptime + key_ttl ) - fatal ("ksk_rollover (phase2): you have to wait for the propagation of the new KSK (at least %dsec or %s)\n", - conf->proptime + key_ttl - parent_age, - str_delspace (age2str (conf->proptime + key_ttl - parent_age))); - - fprintf (stdout, "save new ksk in parent file\n"); - dkp = keylist->next; /* set dkp to new ksk */ - if ( !create_parent_file (path, phase, key_ttl, dkp) ) - fatal ("Couldn't create parentfile %s\n", path); - break; - case 3: - if ( !parent_exist || ksk < 2 ) - fatal ("ksk-delkey only allowed after ksk-publish\n"); - if ( parent_phase != 2 ) - fatal ("Parent file exists but is in wrong state (phase = %d)\n", parent_phase); - if ( parent_age < parent_propagation + key_ttl ) - fatal ("ksk_rollover (phase3): you have to wait for DS propagation (at least %dsec or %s)\n", - parent_propagation + key_ttl - parent_age, - str_delspace (age2str (parent_propagation + key_ttl - parent_age))); - /* remove the parentfile */ - fprintf (stdout, "remove parentfile \n"); - unlink (path); - /* remove or rename the old key */ - fprintf (stdout, "old ksk renamed \n"); - dkp = keylist; /* set dkp to old ksk */ - dki_remove (dkp); - break; - default: assert (phase == 1 || phase == 2 || phase == 3); - } -} - -/***************************************************************** -** create_parent_file () -*****************************************************************/ -static int create_parent_file (const char *fname, int phase, int ttl, const dki_t *dkp) -{ - FILE *fp; - - assert ( fname != NULL ); - - if ( dkp == NULL || (phase != 1 && phase != 2) ) - return 0; - - if ( (fp = fopen (fname, "w")) == NULL ) - fatal ("can\'t create new parentfile \"%s\"\n", fname); - - if ( phase == 1 ) - fprintf (fp, "; KSK rollover phase1 (old key)\n"); - else - fprintf (fp, "; KSK rollover phase2 (new key)\n"); - - dki_prt_dnskeyttl (dkp, fp, ttl); - fclose (fp); - - return phase; -} - -static int parsedirectory (const char *dir, dki_t **listp) -{ - dki_t *dkp; - DIR *dirp; - struct dirent *dentp; - char path[MAX_PATHSIZE+1]; - - if ( dirflag ) - return 0; - - dbg_val ("directory: opendir(%s)\n", dir); - if ( (dirp = opendir (dir)) == NULL ) - return 0; - - while ( (dentp = readdir (dirp)) != NULL ) - { - if ( is_dotfilename (dentp->d_name) ) - continue; - - dbg_val ("directory: check %s\n", dentp->d_name); - pathname (path, sizeof (path), dir, dentp->d_name, NULL); - if ( is_directory (path) && recflag ) - { - dbg_val ("directory: recursive %s\n", path); - parsedirectory (path, listp); - } - else if ( is_keyfilename (dentp->d_name) ) - if ( (dkp = dki_read (dir, dentp->d_name)) ) - { - // fprintf (stderr, "parsedir: tssearch (%d %s)\n", dkp, dkp->name); -#if defined (USE_TREE) && USE_TREE - dki_tadd (listp, dkp, 1); -#else - dki_add (listp, dkp); -#endif - } - } - closedir (dirp); - return 1; -} - -static void parsefile (const char *file, dki_t **listp) -{ - char path[MAX_PATHSIZE+1]; - dki_t *dkp; - - /* file arg contains path ? ... */ - file = splitpath (path, sizeof (path), file); /* ... then split of */ - - if ( is_keyfilename (file) ) /* plain file name looks like DNS key file ? */ - { - if ( (dkp = dki_read (path, file)) ) /* read DNS key file ... */ -#if defined (USE_TREE) && USE_TREE - dki_tadd (listp, dkp, 1); /* ... and add to tree */ -#else - dki_add (listp, dkp); /* ... and add to list */ -#endif - else - error ("error parsing %s: (%s)\n", file, dki_geterrstr()); - } -} - -static const char *parsetag (const char *str, int *tagp) -{ - const char *p; - - *tagp = 0; - while ( isspace (*str) ) /* skip leading ws */ - str++; - - p = str; - if ( isdigit (*p) ) /* keytag starts with digit */ - { - sscanf (p, "%u", tagp); /* read keytag as number */ - do /* eat up to the end of the number */ - p++; - while ( isdigit (*p) ); - - if ( *p == ':' ) /* label follows ? */ - return p+1; /* return that */ - if ( *p == '\0' ) - return NULL; /* no label */ - } - return str; /* return as label string if not a numeric keytag */ -} - diff --git a/contrib/zkt/examples/flat/example.net/Kexample.net.+008+08406.key b/contrib/zkt/examples/flat/example.net/Kexample.net.+008+08406.key deleted file mode 100644 index fa33d5a6a0..0000000000 --- a/contrib/zkt/examples/flat/example.net/Kexample.net.+008+08406.key +++ /dev/null @@ -1,3 +0,0 @@ -;% generationtime=20100311225233 -;% lifetime=60d -example.net. IN DNSKEY 257 3 8 BQEAAAABDUkWE4dtbBTfkAnlOJSbnYSikE7cyHPg6qFItoYObenlTGkG TECQb1flWaKLDhQZ54CdnYN3FdlRVHKmkkxZOwH0HvW+fGXTGv35adGJ JBDqlJWJC0bxHsrlUZTdczt2B6g9AHUUg2WSXTa5KZHJGjFiACFzfln9 SQlVj/UzWGv2sDwQb+XiOIHkZ2VmMPx3SvFOOIG4nmTla76XYTNfUJPY BQ== diff --git a/contrib/zkt/examples/flat/example.net/Kexample.net.+008+08406.private b/contrib/zkt/examples/flat/example.net/Kexample.net.+008+08406.private deleted file mode 100644 index b2832b23a6..0000000000 --- a/contrib/zkt/examples/flat/example.net/Kexample.net.+008+08406.private +++ /dev/null @@ -1,10 +0,0 @@ -Private-key-format: v1.2 -Algorithm: 8 (RSASHA256) -Modulus: DUkWE4dtbBTfkAnlOJSbnYSikE7cyHPg6qFItoYObenlTGkGTECQb1flWaKLDhQZ54CdnYN3FdlRVHKmkkxZOwH0HvW+fGXTGv35adGJJBDqlJWJC0bxHsrlUZTdczt2B6g9AHUUg2WSXTa5KZHJGjFiACFzfln9SQlVj/UzWGv2sDwQb+XiOIHkZ2VmMPx3SvFOOIG4nmTla76XYTNfUJPYBQ== -PublicExponent: AQAAAAE= -PrivateExponent: AeHyClC8SYdKB3mQtwWx/z08pCjHEs18KF9HbWddQnQrrJKP1lh1r6DGmJ5oigg3i2x/NEBUXw345FYQ7ynaVewt4KoQ2c6vT1ZyOXuoCmJknMxXKaVma5L3+hrGwdaS7tbJXGQrq6FHaYOO/2un8G7qRU5zoods+iR8qCRktkYVk2PS7wrdeQu9XaGUl5pPwh7fmNmjpfe16kyk3M2xoThEUQ== -Prime1: A9GgY74jQxKOqTEMivti0zJIuxjlN7k1+MlTDQliH8EiFy8b/6HqRqddgdeuPDt8s0jv1cGxnMig4761JszH7CQeHbefeoLw95OXu7v6hpw3Uw== -Prime2: A3qansKrFaIwWJw7n0//qO52mEKCxoljeMzbeXx4f+pgADmyMcv8ysHMUPP6BEwVxlxHVyv9a3lxQRa8ZdPtFV+QK3Zy3PfAV8SoahbYgi2ARw== -Exponent1: v6z/wlryoSYkgnlkxM6uC6AEc7ZQQdla7cG+iaeEJq8pfzPClkU+WiBP9MJroO8ExM1mj/bjIfw3/Vel5NuLD9uU+BIV1qzcWKbPwo7xZnqh -Exponent2: OPEA/pb22DU0GDyS1UmOmJGjyp2Irxe1LJL6J16bK/lCqPNenT8qIYbLY2EKUoRhAirvurd4/fXqnzNVYdw369C/DBtfZ6AeAfs4no/+Fnfx -Coefficient: /pte3nUM+M1VmAs7z3bhTdbPWIJZk7z0RkcBhFvUn4ZGgImUSFF8/psPzvQFy9pyGzinviE16aI0UVEBxL7NkFfSs9cMX0jpItFDyJTcxvjA diff --git a/contrib/zkt/examples/flat/example.net/Kexample.net.+008+36257.key b/contrib/zkt/examples/flat/example.net/Kexample.net.+008+36257.key deleted file mode 100644 index 3ded31f8fe..0000000000 --- a/contrib/zkt/examples/flat/example.net/Kexample.net.+008+36257.key +++ /dev/null @@ -1,3 +0,0 @@ -;% generationtime=20100311225233 -;% lifetime=14d -example.net. IN DNSKEY 256 3 8 BQEAAAABy5vGV4emguE++EM1DlDEro5fPi7oHyQ4N95DZE//Wtr+/twH y339QiyRFhYcZrb8Wt6ZgT3qXbL2RUVQ9X8ZCQ== diff --git a/contrib/zkt/examples/flat/example.net/Kexample.net.+008+36257.private b/contrib/zkt/examples/flat/example.net/Kexample.net.+008+36257.private deleted file mode 100644 index d13ba75f20..0000000000 --- a/contrib/zkt/examples/flat/example.net/Kexample.net.+008+36257.private +++ /dev/null @@ -1,10 +0,0 @@ -Private-key-format: v1.2 -Algorithm: 8 (RSASHA256) -Modulus: y5vGV4emguE++EM1DlDEro5fPi7oHyQ4N95DZE//Wtr+/twHy339QiyRFhYcZrb8Wt6ZgT3qXbL2RUVQ9X8ZCQ== -PublicExponent: AQAAAAE= -PrivateExponent: uHA+A2dABi4t2afEHHud8MajxjMLqxw/+t0yzsRgye6eiAkJVuhYSdxxqmlqMmSayrBNSX2jYHdKmY49W6kmUQ== -Prime1: 6pzzNfud8Hzw9UdeitwJwVzFaAfV/RmRmTCm4OLBGD0= -Prime2: 3itJLwoOTYkb2rOQNjZ/4hMNov3plClxo5e9iPSARL0= -Exponent1: w/gumsQA0FOkuuMBp5PcTsbHbebL9SAVDURQgLo2ZMU= -Exponent2: ILYpsGsfTcHDSAmGbQBRSsFQEKw7Ghx/mIcWoUIN250= -Coefficient: cwmz0VwEQ4Jjc3+T0tDgH9fhUiyISbuV/0Bz25E5bYA= diff --git a/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+02048.key b/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+02048.key deleted file mode 100644 index 92cea13a34..0000000000 --- a/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+02048.key +++ /dev/null @@ -1,3 +0,0 @@ -;% generationtime=20100311224635 -;% lifetime=3d -sub.example.net. IN DNSKEY 256 3 7 AwEAAZeWiMSfoNTQkZhKHK2+OXmKRSXgBjad7VBC9tZ40aIr5pPtDWCg 8iELYF4M6ybq0M1ffUO+GHZt89A624SkWps= diff --git a/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+02048.published b/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+02048.published deleted file mode 100644 index da71bf9c49..0000000000 --- a/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+02048.published +++ /dev/null @@ -1,10 +0,0 @@ -Private-key-format: v1.2 -Algorithm: 7 (NSEC3RSASHA1) -Modulus: l5aIxJ+g1NCRmEocrb45eYpFJeAGNp3tUEL21njRoivmk+0NYKDyIQtgXgzrJurQzV99Q74Ydm3z0DrbhKRamw== -PublicExponent: AQAB -PrivateExponent: ItWA0E4uUzkqe+hr9rED3B4eDboRM3PPGOaKenaBFdbONA8X6GbCTCAE6oF7DGSebfi6I9HTjLs24ZItD7bHwQ== -Prime1: yLZLkD+0SqDwPDKXlK6qHMRKwGDcNw5MxELfv3ftyRM= -Prime2: wVginHuVgdmvAxTX51WmK922+KTwk/w+Od+/W2N6IVk= -Exponent1: XE5aGhDyHZA+a7DovVxGp8wuhKMHI9rTuz72H9xL4zk= -Exponent2: XemKfknFGBp9WNjR+kru+RWrn2C2fpsiOohE8YYDN5k= -Coefficient: ZmS8ZDDLz6CtwYEvGJgTsNTw/bj6JMaZ8cFh3x1Zd4Y= diff --git a/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+41747.key b/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+41747.key deleted file mode 100644 index d91daac257..0000000000 --- a/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+41747.key +++ /dev/null @@ -1,3 +0,0 @@ -;% generationtime=20100308221149 -;% lifetime=3d -sub.example.net. IN DNSKEY 256 3 7 AwEAAcIDTNHrG9ssCz/VueiPUQaw4IAM5GvECljWsX+SfXSCkhHg5loq +FXNRa80EJCyh5b0sicbdVOhJ9DVNaRKYxU= diff --git a/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+41747.private b/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+41747.private deleted file mode 100644 index 749ba93907..0000000000 --- a/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+41747.private +++ /dev/null @@ -1,10 +0,0 @@ -Private-key-format: v1.2 -Algorithm: 7 (NSEC3RSASHA1) -Modulus: wgNM0esb2ywLP9W56I9RBrDggAzka8QKWNaxf5J9dIKSEeDmWir4Vc1FrzQQkLKHlvSyJxt1U6En0NU1pEpjFQ== -PublicExponent: AQAB -PrivateExponent: fYBY/ynROTQCiuacfh3HUka00uCEGloUP2eSJm4CjYyQyy/he5haU0hcJw5JvxhI0pGj+eDEzaE+5oq1pKntOQ== -Prime1: 4YRNB1cSh3F9+pQglY5/H4STx2pIADAO0mRFO2Lu+Mc= -Prime2: 3DzZhCWENMYZvx9ovZTtIUIUpXEPtN4p7FqYC0OFgUM= -Exponent1: Dk7UjEir9kfvFDzdrF90FU3WCmrl0o06A4M1GUV3n/U= -Exponent2: ppnBUZ2vrNxOja2M5hzKZOZACAbHAuMsg4bkjWC+lVE= -Coefficient: LA7G4rCRiDP8P+Cg+JQUKBUgZ8F+dpGA3E/aVOYhaWw= diff --git a/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+42834.key b/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+42834.key deleted file mode 100644 index 984cbbe6ed..0000000000 --- a/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+42834.key +++ /dev/null @@ -1,3 +0,0 @@ -;% generationtime=20100124184339 -;% lifetime=7d -sub.example.net. IN DNSKEY 257 3 7 AwEAAfTQL8DTr3eYpPziT+cnKnzMewbEBtRxfkb697qoRK4pKkGYGVWu jIEyjts/aluYd+Nw85rvRFPNVJwmM63jvJapql1pKfyFPSl4YVJMxaCv OMhd1JATDnrTq70evQQmOHyxVKe8k9zk0GKeRgX8sl228AvdiGOfxWmT BoOxYowx diff --git a/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+42834.private b/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+42834.private deleted file mode 100644 index a0f44d7982..0000000000 --- a/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+42834.private +++ /dev/null @@ -1,10 +0,0 @@ -Private-key-format: v1.2 -Algorithm: 7 (NSEC3RSASHA1) -Modulus: 9NAvwNOvd5ik/OJP5ycqfMx7BsQG1HF+Rvr3uqhErikqQZgZVa6MgTKO2z9qW5h343Dzmu9EU81UnCYzreO8lqmqXWkp/IU9KXhhUkzFoK84yF3UkBMOetOrvR69BCY4fLFUp7yT3OTQYp5GBfyyXbbwC92IY5/FaZMGg7FijDE= -PublicExponent: AQAB -PrivateExponent: nn1ZLQDejBKqXX02NXPJsdm/m/W0ZjzDf7hiQNlG/WlxDd4mKK5EEDBnA9HeTUY792bcjuVv2sEHkb+5nU3efHdZypvY8wsvKKNUtxWJl9O5ip7GXh4/7YQeNKW/zgE1Xz+Yu6ht3e8XuxaIXHuQ5mBC0E5AUUYPhVBCTR08CkE= -Prime1: /MeAn2UCjXS8VIoi5Zp90w2qB6ub0wqeLCI0zpXCxWlLTrDSpFORdGuPEctE5cNlDX7y9gq6a5vxnN/b+DnNdQ== -Prime2: 9+6zb1zEpyJzcscrSVVjacjNbyI9OwfrA7XjU5PppCyFLRvP3+L/pjqgDhyoZmCo3VMqnOjxpIeffvmDsUjATQ== -Exponent1: ddE+4AwifnAUf4rK7R1u2/oYb+7KeDkQtB1VY5xl5cFH+mtsIm9Y8lxXmMGXYUgLR5kOASPK8/EBUk78pdu7KQ== -Exponent2: OIT16sEfI2q7HsNAnusUSp04F8maY8aeUK46MGdbr81mXq4kaUl6Ng7PRehKi2wlkq7O3A5OZ89zEKMY3mVTUQ== -Coefficient: ZO4OrBf5SCcbAccN63xHAlm/Pelu4wWw3yo/BaWPYE3Sf+FJt0O3TJQsmm5B+KbrruLsX6lWWHf4ZerizKFhKQ== diff --git a/contrib/zkt/examples/flat/sub.example.net/zktlog-sub.example.net. b/contrib/zkt/examples/flat/sub.example.net/zktlog-sub.example.net. deleted file mode 100644 index 01111fd312..0000000000 --- a/contrib/zkt/examples/flat/sub.example.net/zktlog-sub.example.net. +++ /dev/null @@ -1,321 +0,0 @@ -2010-02-06 00:26:54.532: debug: Check RFC5011 status -2010-02-06 00:26:54.532: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-02-06 00:26:54.533: debug: Check KSK status -2010-02-06 00:26:54.533: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 5d4h43m15s -2010-02-06 00:26:54.533: debug: Check ZSK status -2010-02-06 00:26:54.533: debug: Re-signing not necessary! -2010-02-06 00:26:54.533: debug: Check if there is a parent file to copy -2010-02-06 00:29:31.290: debug: Check RFC5011 status -2010-02-06 00:29:31.290: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-02-06 00:29:31.290: debug: Check KSK status -2010-02-06 00:29:31.290: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 5d4h45m52s -2010-02-06 00:29:31.290: debug: Check ZSK status -2010-02-06 00:29:31.290: debug: Re-signing not necessary! -2010-02-06 00:29:31.290: debug: Check if there is a parent file to copy -2010-02-06 00:40:35.043: debug: Check RFC5011 status -2010-02-06 00:40:35.043: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-02-06 00:40:35.043: debug: Check KSK status -2010-02-06 00:40:35.043: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 5d4h56m56s -2010-02-06 00:40:35.043: debug: Check ZSK status -2010-02-06 00:40:35.043: debug: Re-signing not necessary! -2010-02-06 00:40:35.043: debug: Check if there is a parent file to copy -2010-02-06 00:52:55.402: debug: Check RFC5011 status -2010-02-06 00:52:55.402: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-02-06 00:52:55.402: debug: Check KSK status -2010-02-06 00:52:55.403: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 5d5h9m16s -2010-02-06 00:52:55.403: debug: Check ZSK status -2010-02-06 00:52:55.403: debug: Re-signing not necessary! -2010-02-06 00:52:55.403: debug: Check if there is a parent file to copy -2010-02-07 13:53:47.883: debug: Check RFC5011 status -2010-02-07 13:53:47.883: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-02-07 13:53:47.883: debug: Check KSK status -2010-02-07 13:53:47.883: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 6d18h10m8s -2010-02-07 13:53:47.883: debug: Check ZSK status -2010-02-07 13:53:47.883: debug: Re-signing necessary: re-signing interval (1d) reached -2010-02-07 13:53:47.884: notice: "sub.example.net.": re-signing triggered: re-signing interval (1d) reached -2010-02-07 13:53:47.884: debug: Writing key file "./sub.example.net/dnskey.db" -2010-02-07 13:53:47.884: debug: Signing zone "sub.example.net." -2010-02-07 13:53:47.884: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 880820 -C -g -p -d ../keysets -o sub.example.net. -e +172800 -N unixtime zone.db K*.private 2>&1" -2010-02-07 13:53:48.303: debug: Cmd dnssec-signzone return: "zone.db.signed" -2010-02-07 13:53:48.304: debug: Signing completed after 1s. -2010-02-07 13:54:03.465: debug: Check RFC5011 status -2010-02-07 13:54:03.465: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-02-07 13:54:03.465: debug: Check KSK status -2010-02-07 13:54:03.466: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 6d18h10m24s -2010-02-07 13:54:03.466: debug: Check ZSK status -2010-02-07 13:54:03.466: debug: Re-signing not necessary! -2010-02-07 13:54:03.466: debug: Check if there is a parent file to copy -2010-02-07 13:54:07.955: debug: Check RFC5011 status -2010-02-07 13:54:07.955: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-02-07 13:54:07.955: debug: Check KSK status -2010-02-07 13:54:07.955: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 6d18h10m28s -2010-02-07 13:54:07.955: debug: Check ZSK status -2010-02-07 13:54:07.956: debug: Re-signing necessary: Option -f -2010-02-07 13:54:07.956: notice: "sub.example.net.": re-signing triggered: Option -f -2010-02-07 13:54:07.956: debug: Writing key file "./sub.example.net/dnskey.db" -2010-02-07 13:54:07.956: debug: Signing zone "sub.example.net." -2010-02-07 13:54:07.956: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 325964 -C -g -p -d ../keysets -o sub.example.net. -e +172800 -N unixtime zone.db K*.private 2>&1" -2010-02-07 13:54:08.003: debug: Cmd dnssec-signzone return: "zone.db.signed" -2010-02-07 13:54:08.003: debug: Signing completed after 1s. -2010-02-07 13:54:08.003: notice: "sub.example.net.": distribution triggered -2010-02-07 13:54:08.003: debug: Distribute zone "sub.example.net." -2010-02-07 13:54:08.003: debug: Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net/zone.db.signed " -2010-02-07 13:54:08.013: debug: ./dist.sh distribute return: "scp ./sub.example.net/zone.db.signed localhost:/var/named/sub.example.net./" -2010-02-07 13:54:08.013: notice: "sub.example.net.": reload triggered -2010-02-07 13:54:08.013: debug: Reload zone "sub.example.net." -2010-02-07 13:54:08.013: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net/zone.db.signed " -2010-02-07 13:54:08.019: debug: ./dist.sh reload return: "rndc reload sub.example.net. " -2010-02-07 14:06:27.669: debug: Check RFC5011 status -2010-02-07 14:06:27.669: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-02-07 14:06:27.669: debug: Check KSK status -2010-02-07 14:06:27.669: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 6d18h22m48s -2010-02-07 14:06:27.669: debug: Check ZSK status -2010-02-07 14:06:27.669: debug: Re-signing not necessary! -2010-02-07 14:06:27.670: debug: Check if there is a parent file to copy -2010-02-07 14:06:33.713: debug: Check RFC5011 status -2010-02-07 14:06:33.713: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-02-07 14:06:33.713: debug: Check KSK status -2010-02-07 14:06:33.713: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 6d18h22m54s -2010-02-07 14:06:33.713: debug: Check ZSK status -2010-02-07 14:06:33.714: debug: Re-signing necessary: Option -f -2010-02-07 14:06:33.714: notice: "sub.example.net.": re-signing triggered: Option -f -2010-02-07 14:06:33.714: debug: Writing key file "./sub.example.net/dnskey.db" -2010-02-07 14:06:33.714: debug: Signing zone "sub.example.net." -2010-02-07 14:06:33.714: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 4A3DFB -C -g -p -d ../keysets -o sub.example.net. -e +172800 -N unixtime zone.db K*.private 2>&1" -2010-02-07 14:06:33.745: debug: Cmd dnssec-signzone return: "zone.db.signed" -2010-02-07 14:06:33.745: debug: Signing completed after 0s. -2010-02-07 14:06:33.745: notice: "sub.example.net.": distribution triggered -2010-02-07 14:06:33.745: debug: Distribute zone "sub.example.net." -2010-02-07 14:06:33.745: debug: Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net/zone.db.signed " -2010-02-07 14:06:33.749: debug: ./dist.sh distribute return: "scp ./sub.example.net/zone.db.signed localhost:/var/named/sub.example.net./" -2010-02-07 14:06:33.749: notice: "sub.example.net.": reload triggered -2010-02-07 14:06:33.749: debug: Reload zone "sub.example.net." -2010-02-07 14:06:33.749: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net/zone.db.signed " -2010-02-07 14:06:33.753: debug: ./dist.sh reload return: "rndc reload sub.example.net. " -2010-02-21 12:50:43.176: debug: Check RFC5011 status -2010-02-21 12:50:43.176: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-02-21 12:50:43.176: debug: Check KSK status -2010-02-21 12:50:43.176: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 2w6d17h7m4s -2010-02-21 12:50:43.176: debug: Check ZSK status -2010-02-21 12:50:43.176: debug: Lifetime(259200 +/-150 sec) of active key 7505 exceeded (1345179 sec) -2010-02-21 12:50:43.176: debug: ->depreciate it -2010-02-21 12:50:43.176: debug: ->activate published key 57167 -2010-02-21 12:50:43.176: notice: "sub.example.net.": lifetime of zone signing key 7505 exceeded: ZSK rollover done -2010-02-21 12:50:43.176: debug: New key for publishing needed -2010-02-21 12:50:43.445: debug: ->creating new key 49712 -2010-02-21 12:50:43.445: info: "sub.example.net.": new key 49712 generated for publishing -2010-02-21 12:50:43.445: debug: Re-signing necessary: Modfied zone key set -2010-02-21 12:50:43.445: notice: "sub.example.net.": re-signing triggered: Modfied zone key set -2010-02-21 12:50:43.445: debug: Writing key file "./sub.example.net/dnskey.db" -2010-02-21 12:50:43.445: debug: Signing zone "sub.example.net." -2010-02-21 12:50:43.445: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 2E31B5 -C -g -p -d ../keysets -o sub.example.net. -e +172800 -N unixtime zone.db K*.private 2>&1" -2010-02-21 12:50:43.580: debug: Cmd dnssec-signzone return: "zone.db.signed" -2010-02-21 12:50:43.580: debug: Signing completed after 0s. -2010-02-21 12:50:51.158: debug: Check RFC5011 status -2010-02-21 12:50:51.158: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-02-21 12:50:51.158: debug: Check KSK status -2010-02-21 12:50:51.159: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 2w6d17h7m12s -2010-02-21 12:50:51.159: debug: Check ZSK status -2010-02-21 12:50:51.159: debug: Re-signing necessary: Modfied zone key set -2010-02-21 12:50:51.159: notice: "sub.example.net.": re-signing triggered: Modfied zone key set -2010-02-21 12:50:51.159: debug: Writing key file "./sub.example.net/dnskey.db" -2010-02-21 12:50:51.159: debug: Signing zone "sub.example.net." -2010-02-21 12:50:51.159: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 41F65A -C -g -p -d ../keysets -o sub.example.net. -e +172800 -N unixtime zone.db K*.private 2>&1" -2010-02-21 12:50:51.205: debug: Cmd dnssec-signzone return: "zone.db.signed" -2010-02-21 12:50:51.205: debug: Signing completed after 0s. -2010-02-21 12:51:23.497: debug: Check RFC5011 status -2010-02-21 12:51:23.497: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-02-21 12:51:23.497: debug: Check KSK status -2010-02-21 12:51:23.497: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 2w6d17h7m44s -2010-02-21 12:51:23.497: debug: Check ZSK status -2010-02-21 12:51:23.497: debug: Re-signing not necessary! -2010-02-21 12:51:23.497: debug: Check if there is a parent file to copy -2010-02-21 19:16:18.384: debug: Check RFC5011 status -2010-02-21 19:16:18.384: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-02-21 19:16:18.384: debug: Check KSK status -2010-02-21 19:16:18.385: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 2w6d23h32m39s -2010-02-21 19:16:18.385: debug: Check ZSK status -2010-02-21 19:16:18.385: debug: Lifetime(390 sec) of depreciated key 7505 exceeded (23135 sec) -2010-02-21 19:16:18.385: info: "sub.example.net.": old ZSK 7505 removed -2010-02-21 19:16:18.401: debug: ->remove it -2010-02-21 19:16:18.401: debug: Re-signing necessary: Modfied zone key set -2010-02-21 19:16:18.401: notice: "sub.example.net.": re-signing triggered: Modfied zone key set -2010-02-21 19:16:18.401: debug: Writing key file "./sub.example.net/dnskey.db" -2010-02-21 19:16:18.401: debug: Signing zone "sub.example.net." -2010-02-21 19:16:18.401: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 3DADF2 -C -g -p -d ../keysets -o sub.example.net. -e +172800 -N unixtime zone.db K*.private 2>&1" -2010-02-21 19:16:18.593: debug: Cmd dnssec-signzone return: "zone.db.signed" -2010-02-21 19:16:18.593: debug: Signing completed after 0s. -2010-02-21 19:32:11.378: debug: Check RFC5011 status -2010-02-21 19:32:11.378: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-02-21 19:32:11.378: debug: Check KSK status -2010-02-21 19:32:11.378: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 2w6d23h48m32s -2010-02-21 19:32:11.378: debug: Check ZSK status -2010-02-21 19:32:11.378: debug: Re-signing not necessary! -2010-02-21 19:32:11.378: debug: Check if there is a parent file to copy -2010-02-21 19:32:15.930: debug: Check RFC5011 status -2010-02-21 19:32:15.930: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-02-21 19:32:15.930: debug: Check KSK status -2010-02-21 19:32:15.930: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 2w6d23h48m36s -2010-02-21 19:32:15.930: debug: Check ZSK status -2010-02-21 19:32:15.930: debug: Re-signing necessary: Option -f -2010-02-21 19:32:15.930: notice: "sub.example.net.": re-signing triggered: Option -f -2010-02-21 19:32:15.930: debug: Writing key file "./sub.example.net/dnskey.db" -2010-02-21 19:32:15.931: debug: Signing zone "sub.example.net." -2010-02-21 19:32:15.931: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 623FD7 -C -g -p -d ../keysets -o sub.example.net. -e +172800 -N unixtime zone.db K*.private 2>&1" -2010-02-21 19:32:15.982: debug: Cmd dnssec-signzone return: "zone.db.signed" -2010-02-21 19:32:15.982: debug: Signing completed after 0s. -2010-02-21 19:32:32.203: debug: Check RFC5011 status -2010-02-21 19:32:32.203: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-02-21 19:32:32.203: debug: Check KSK status -2010-02-21 19:32:32.203: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 2w6d23h48m53s -2010-02-21 19:32:32.203: debug: Check ZSK status -2010-02-21 19:32:32.203: debug: Re-signing necessary: Option -f -2010-02-21 19:32:32.203: notice: "sub.example.net.": re-signing triggered: Option -f -2010-02-21 19:32:32.203: debug: Writing key file "./sub.example.net/dnskey.db" -2010-02-21 19:32:32.203: debug: Signing zone "sub.example.net." -2010-02-21 19:32:32.203: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 C522CA -C -g -p -d ../keysets -o sub.example.net. -e +172800 -N unixtime zone.db K*.private 2>&1" -2010-02-21 19:32:32.232: debug: Cmd dnssec-signzone return: "zone.db.signed" -2010-02-21 19:32:32.232: debug: Signing completed after 0s. -2010-02-25 00:12:26.443: debug: Check RFC5011 status -2010-02-25 00:12:26.443: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-02-25 00:12:26.443: debug: Check KSK status -2010-02-25 00:12:26.443: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 3w3d4h28m47s -2010-02-25 00:12:26.443: debug: Check ZSK status -2010-02-25 00:12:26.443: debug: Lifetime(259200 +/-150 sec) of active key 57167 exceeded (300103 sec) -2010-02-25 00:12:26.443: debug: ->depreciate it -2010-02-25 00:12:26.444: debug: ->activate published key 49712 -2010-02-25 00:12:26.444: notice: "sub.example.net.": lifetime of zone signing key 57167 exceeded: ZSK rollover done -2010-02-25 00:12:26.444: debug: New key for publishing needed -2010-02-25 00:12:26.902: debug: ->creating new key 65009 -2010-02-25 00:12:26.902: info: "sub.example.net.": new key 65009 generated for publishing -2010-02-25 00:12:26.902: debug: Re-signing necessary: Modfied zone key set -2010-02-25 00:12:26.902: notice: "sub.example.net.": re-signing triggered: Modfied zone key set -2010-02-25 00:12:26.902: debug: Writing key file "./sub.example.net/dnskey.db" -2010-02-25 00:12:26.902: debug: Signing zone "sub.example.net." -2010-02-25 00:12:26.902: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 9AA7CB -C -g -p -d ../keysets -o sub.example.net. -e +172800 -N unixtime zone.db K*.private 2>&1" -2010-02-25 00:12:27.016: debug: Cmd dnssec-signzone return: "zone.db.signed" -2010-02-25 00:12:27.016: debug: Signing completed after 1s. -2010-02-25 23:42:20.653: debug: Check RFC5011 status -2010-02-25 23:42:20.653: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-02-25 23:42:20.653: debug: Check KSK status -2010-02-25 23:42:20.653: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 3w4d3h58m41s -2010-02-25 23:42:20.653: debug: Check ZSK status -2010-02-25 23:42:20.653: debug: Lifetime(390 sec) of depreciated key 57167 exceeded (84594 sec) -2010-02-25 23:42:20.653: info: "sub.example.net.": old ZSK 57167 removed -2010-02-25 23:42:20.661: debug: ->remove it -2010-02-25 23:42:20.661: debug: Re-signing necessary: Modfied zone key set -2010-02-25 23:42:20.661: notice: "sub.example.net.": re-signing triggered: Modfied zone key set -2010-02-25 23:42:20.661: debug: Writing key file "./sub.example.net/dnskey.db" -2010-02-25 23:42:20.662: debug: Signing zone "sub.example.net." -2010-02-25 23:42:20.662: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 2942EB -C -g -p -d ../keysets -o sub.example.net. -e +172800 -N unixtime zone.db K*.private 2>&1" -2010-02-25 23:42:21.012: debug: Cmd dnssec-signzone return: "zone.db.signed" -2010-02-25 23:42:21.012: debug: Signing completed after 1s. -2010-03-02 10:59:11.845: debug: Check RFC5011 status -2010-03-02 10:59:11.845: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-03-02 10:59:11.845: debug: Check KSK status -2010-03-02 10:59:11.846: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 4w1d15h15m32s -2010-03-02 10:59:11.846: debug: Check ZSK status -2010-03-02 10:59:11.846: debug: Lifetime(259200 +/-150 sec) of active key 49712 exceeded (470805 sec) -2010-03-02 10:59:11.846: debug: ->depreciate it -2010-03-02 10:59:11.846: debug: ->activate published key 65009 -2010-03-02 10:59:11.846: notice: "sub.example.net.": lifetime of zone signing key 49712 exceeded: ZSK rollover done -2010-03-02 10:59:11.846: debug: New key for publishing needed -2010-03-02 10:59:12.256: debug: ->creating new key 27377 -2010-03-02 10:59:12.256: info: "sub.example.net.": new key 27377 generated for publishing -2010-03-02 10:59:12.256: debug: Re-signing necessary: Modfied zone key set -2010-03-02 10:59:12.256: notice: "sub.example.net.": re-signing triggered: Modfied zone key set -2010-03-02 10:59:12.256: debug: Writing key file "./sub.example.net/dnskey.db" -2010-03-02 10:59:12.256: debug: Signing zone "sub.example.net." -2010-03-02 10:59:12.256: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 F9A34F -C -g -p -d ../keysets -o sub.example.net. -e +172800 -N unixtime zone.db K*.private 2>&1" -2010-03-02 10:59:12.415: debug: Cmd dnssec-signzone return: "zone.db.signed" -2010-03-02 10:59:12.416: debug: Signing completed after 0s. -2010-03-03 23:22:00.127: debug: Check RFC5011 status -2010-03-03 23:22:00.127: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-03-03 23:22:00.127: debug: Check KSK status -2010-03-03 23:22:00.127: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 4w3d3h38m21s -2010-03-03 23:22:00.127: debug: Check ZSK status -2010-03-03 23:22:00.127: debug: Lifetime(390 sec) of depreciated key 49712 exceeded (130969 sec) -2010-03-03 23:22:00.127: info: "sub.example.net.": old ZSK 49712 removed -2010-03-03 23:22:00.127: debug: ->remove it -2010-03-03 23:22:00.127: debug: Re-signing necessary: Modfied zone key set -2010-03-03 23:22:00.127: notice: "sub.example.net.": re-signing triggered: Modfied zone key set -2010-03-03 23:22:00.127: debug: Writing key file "./sub.example.net/dnskey.db" -2010-03-03 23:22:00.127: debug: Signing zone "sub.example.net." -2010-03-03 23:22:00.127: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 A3B721 -C -g -p -d ../keysets -o sub.example.net. -e +172800 -N unixtime zone.db K*.private 2>&1" -2010-03-03 23:22:00.394: debug: Cmd dnssec-signzone return: "zone.db.signed" -2010-03-03 23:22:00.394: debug: Signing completed after 0s. -2010-03-08 23:11:49.663: debug: Check RFC5011 status -2010-03-08 23:11:49.663: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-03-08 23:11:49.663: debug: Check KSK status -2010-03-08 23:11:49.663: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 5w1d3h28m10s -2010-03-08 23:11:49.664: debug: Check ZSK status -2010-03-08 23:11:49.664: debug: Lifetime(259200 +/-150 sec) of active key 65009 exceeded (562358 sec) -2010-03-08 23:11:49.664: debug: ->depreciate it -2010-03-08 23:11:49.664: debug: ->activate published key 27377 -2010-03-08 23:11:49.664: notice: "sub.example.net.": lifetime of zone signing key 65009 exceeded: ZSK rollover done -2010-03-08 23:11:49.664: debug: New key for publishing needed -2010-03-08 23:11:50.060: debug: ->creating new key 41747 -2010-03-08 23:11:50.060: info: "sub.example.net.": new key 41747 generated for publishing -2010-03-08 23:11:50.060: debug: Re-signing necessary: Modfied zone key set -2010-03-08 23:11:50.061: notice: "sub.example.net.": re-signing triggered: Modfied zone key set -2010-03-08 23:11:50.061: debug: Writing key file "././sub.example.net/dnskey.db" -2010-03-08 23:11:50.061: debug: Signing zone "sub.example.net." -2010-03-08 23:11:50.061: debug: Run cmd "cd ././sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 71C04F -C -g -p -d ../keysets -o sub.example.net. -e +172800 -N unixtime zone.db K*.private 2>&1" -2010-03-08 23:11:50.169: debug: Cmd dnssec-signzone return: "zone.db.signed" -2010-03-08 23:11:50.169: debug: Signing completed after 0s. -2010-03-08 23:18:52.243: debug: Check RFC5011 status -2010-03-08 23:18:52.243: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-03-08 23:18:52.243: debug: Check KSK status -2010-03-08 23:18:52.243: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 5w1d3h35m13s -2010-03-08 23:18:52.243: debug: Check ZSK status -2010-03-08 23:18:52.243: debug: Lifetime(390 sec) of depreciated key 65009 exceeded (423 sec) -2010-03-08 23:18:52.243: info: "sub.example.net.": old ZSK 65009 removed -2010-03-08 23:18:52.243: debug: ->remove it -2010-03-08 23:18:52.243: debug: Re-signing necessary: Modfied zone key set -2010-03-08 23:18:52.243: notice: "sub.example.net.": re-signing triggered: Modfied zone key set -2010-03-08 23:18:52.243: debug: Writing key file "././sub.example.net/dnskey.db" -2010-03-08 23:18:52.243: debug: Signing zone "sub.example.net." -2010-03-08 23:18:52.243: debug: Run cmd "cd ././sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 CF729B -C -g -p -d ../keysets -o sub.example.net. -e +172800 -N unixtime zone.db K*.private 2>&1" -2010-03-08 23:18:52.287: debug: Cmd dnssec-signzone return: "zone.db.signed" -2010-03-08 23:18:52.287: debug: Signing completed after 0s. -2010-03-11 23:46:35.497: debug: Check RFC5011 status -2010-03-11 23:46:35.497: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-03-11 23:46:35.497: debug: Check KSK status -2010-03-11 23:46:35.497: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 5w4d4h2m56s -2010-03-11 23:46:35.498: debug: Check ZSK status -2010-03-11 23:46:35.498: debug: Lifetime(259200 +/-150 sec) of active key 27377 exceeded (261286 sec) -2010-03-11 23:46:35.498: debug: ->depreciate it -2010-03-11 23:46:35.498: debug: ->activate published key 41747 -2010-03-11 23:46:35.498: notice: "sub.example.net.": lifetime of zone signing key 27377 exceeded: ZSK rollover done -2010-03-11 23:46:35.498: debug: New key for publishing needed -2010-03-11 23:46:35.768: debug: ->creating new key 2048 -2010-03-11 23:46:35.768: info: "sub.example.net.": new key 2048 generated for publishing -2010-03-11 23:46:35.768: debug: Re-signing necessary: Modfied zone key set -2010-03-11 23:46:35.768: notice: "sub.example.net.": re-signing triggered: Modfied zone key set -2010-03-11 23:46:35.768: debug: Writing key file "./sub.example.net/dnskey.db" -2010-03-11 23:46:35.768: debug: Signing zone "sub.example.net." -2010-03-11 23:46:35.768: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 B86C9F -C -g -p -d ../keysets -o sub.example.net. -e +172800 -N unixtime zone.db K*.private 2>&1" -2010-03-11 23:46:35.814: debug: Cmd dnssec-signzone return: "zone.db.signed" -2010-03-11 23:46:35.814: debug: Signing completed after 0s. -2010-03-11 23:52:33.132: debug: Check RFC5011 status -2010-03-11 23:52:33.132: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-03-11 23:52:33.132: debug: Check KSK status -2010-03-11 23:52:33.132: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 5w4d4h8m54s -2010-03-11 23:52:33.132: debug: Check ZSK status -2010-03-11 23:52:33.132: debug: Re-signing not necessary! -2010-03-11 23:52:33.132: debug: Check if there is a parent file to copy -2010-03-11 23:53:27.804: debug: Check RFC5011 status -2010-03-11 23:53:27.804: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2010-03-11 23:53:27.804: debug: Check KSK status -2010-03-11 23:53:27.804: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 5w4d4h9m48s -2010-03-11 23:53:27.804: debug: Check ZSK status -2010-03-11 23:53:27.804: debug: Lifetime(390 sec) of depreciated key 27377 exceeded (412 sec) -2010-03-11 23:53:27.804: info: "sub.example.net.": old ZSK 27377 removed -2010-03-11 23:53:27.804: debug: ->remove it -2010-03-11 23:53:27.804: debug: Re-signing necessary: Modfied zone key set -2010-03-11 23:53:27.804: notice: "sub.example.net.": re-signing triggered: Modfied zone key set -2010-03-11 23:53:27.804: debug: Writing key file "./sub.example.net/dnskey.db" -2010-03-11 23:53:27.804: debug: Signing zone "sub.example.net." -2010-03-11 23:53:27.805: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 67AA7F -C -g -p -d ../keysets -o sub.example.net. -e +172800 -N unixtime zone.db K*.private 2>&1" -2010-03-11 23:53:27.856: debug: Cmd dnssec-signzone return: "zone.db.signed" -2010-03-11 23:53:27.856: debug: Signing completed after 0s. diff --git a/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+09743.key b/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+09743.key deleted file mode 100644 index e00ff0f004..0000000000 --- a/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+09743.key +++ /dev/null @@ -1,3 +0,0 @@ -;% generationtime=20100331230548 -;% lifetime=28d -example.de. IN DNSKEY 256 3 5 BQEAAAABx4bzjHCRCraU9v/UP2O9dQ7YVF1vMhDWjWofWonrvX+T1Rb/ 2qIYq9kNPbQABLG5X/oe3dJIN4OGZAfL46sceQ== diff --git a/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+09743.published b/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+09743.published deleted file mode 100644 index 52e1797fa2..0000000000 --- a/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+09743.published +++ /dev/null @@ -1,10 +0,0 @@ -Private-key-format: v1.2 -Algorithm: 5 (RSASHA1) -Modulus: x4bzjHCRCraU9v/UP2O9dQ7YVF1vMhDWjWofWonrvX+T1Rb/2qIYq9kNPbQABLG5X/oe3dJIN4OGZAfL46sceQ== -PublicExponent: AQAAAAE= -PrivateExponent: MWWd0AvKmimZrtVrPrTAK/UD0ZrJuL3Rcxw6qzxPWE5S3KcdJNtt5HzOPeGWIZVN8rBtPCSRhiksjugrMqkMRQ== -Prime1: 48VMTrU7heYjFQ5ou7rSOpqt2Eot+EBDjYUPKeOR268= -Prime2: 4EGLA3LuyNrDfBHTn0xmGHdO3DvHn6YUmJKh/98WzFc= -Exponent1: WhbPWcw2bisYr9cS59vOFmLxvbXUQgJZTZVYSDW3EF0= -Exponent2: BoCEx7RES9scWl7PFrUZzrzjDIZiBUICbw4BViSUVWs= -Coefficient: DmwngpeIb8+dzC9ETnQOojRJTv1MRpW4k0Jo1NfAC+c= diff --git a/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+39599.key b/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+39599.key deleted file mode 100644 index 316ed4061f..0000000000 --- a/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+39599.key +++ /dev/null @@ -1,3 +0,0 @@ -;% generationtime=20100224232104 -;% lifetime=28d -example.de. IN DNSKEY 256 3 5 BQEAAAABsbG8YGFKUQkJl2jdfLpO6yhnttoFp8lmfzCQfbMdIG6riFes ZIO2aMevhBM/+RWN7lNSCu8+vA4Ph7Mzp8OMCQ== diff --git a/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+39599.private b/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+39599.private deleted file mode 100644 index da24c84685..0000000000 --- a/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+39599.private +++ /dev/null @@ -1,10 +0,0 @@ -Private-key-format: v1.2 -Algorithm: 5 (RSASHA1) -Modulus: sbG8YGFKUQkJl2jdfLpO6yhnttoFp8lmfzCQfbMdIG6riFesZIO2aMevhBM/+RWN7lNSCu8+vA4Ph7Mzp8OMCQ== -PublicExponent: AQAAAAE= -PrivateExponent: PHPdKKwdgE+02a+6R+2xk7RfPUmjIW0dclILS0uQ2GL2lYJCaFKoMEZJb/30CkJLWBBGUS4XUPzplYQ8VLn6gQ== -Prime1: 5efr+OinaF8nLpI/N1EuTxuoSbILnPn5pSWVpwJPgTk= -Prime2: xdzEgtE9CEHT06oa0yM+lLMJp2K6RlBiByRo13Sd8VE= -Exponent1: dE2UZNfo/uln1Yq9lz3pImp5gWDjeT+sYIdBBk8qfOk= -Exponent2: TPXU6D9veGi9J41RR3KvLo4s3u/rQWHXyQrO6jQwX0E= -Coefficient: t1ysP5l5JUhi+d3GvFN0EyZAv1nW31lsL+4979deLsw= diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+07295.key b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+07295.key deleted file mode 100644 index ac38acdc2e..0000000000 --- a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+07295.key +++ /dev/null @@ -1,3 +0,0 @@ -;% generationtime=20100311230027 -;% lifetime=3d -sub.example.de. IN DNSKEY 256 3 5 BQEAAAABxKxfV/mwTsnyVaZLWg8vyG5U97RMupLke5t50q2pJdHLzb2+ fqswgt/pBwAYbYWTBQr2UTnQ4TBRunBiRSuapQ== diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+07295.private b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+07295.private deleted file mode 100644 index 3aec6098e3..0000000000 --- a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+07295.private +++ /dev/null @@ -1,10 +0,0 @@ -Private-key-format: v1.2 -Algorithm: 5 (RSASHA1) -Modulus: xKxfV/mwTsnyVaZLWg8vyG5U97RMupLke5t50q2pJdHLzb2+fqswgt/pBwAYbYWTBQr2UTnQ4TBRunBiRSuapQ== -PublicExponent: AQAAAAE= -PrivateExponent: LDta/Lx7ETLqQamSm9XAERno+ixf6Dl/cq10zcd8QNLuvleFqMvtRURxfhFhNlrvFTuckz1IzIX7ufecSrarYQ== -Prime1: 5x1rjqJnLrLUd+i4DUmSutQQrQZWg+vzwurpGkxBCTc= -Prime2: 2dmVy5A1h7avKD9Ez0rcg1G96wxVkdp+/8AvXEYe+QM= -Exponent1: Fx9QLrquictb9W74f5gmRs5wQcsyWjkNVXUE/eb84l0= -Exponent2: kexPooMJG2rfGbnWG0Mnav28EcV7q7xNnIHELjRCfWU= -Coefficient: Liq85Ma7Ki3tZePKv/v+he9UgH7J5tgDnmHof0370/M= diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+40559.key b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+40559.key deleted file mode 100644 index 1cc8af8d35..0000000000 --- a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+40559.key +++ /dev/null @@ -1,3 +0,0 @@ -;% generationtime=20100331230548 -;% lifetime=3d -sub.example.de. IN DNSKEY 256 3 5 BQEAAAABwp1NkMWtDJ+B7uvjb4nejqCDAtmqfy0LRTq13tdgm33A04T2 uvdzfFpnd/t3giXCC588xP/ZT0pXekaZEyfhew== diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+40559.published b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+40559.published deleted file mode 100644 index a6a00f8211..0000000000 --- a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+40559.published +++ /dev/null @@ -1,10 +0,0 @@ -Private-key-format: v1.2 -Algorithm: 5 (RSASHA1) -Modulus: wp1NkMWtDJ+B7uvjb4nejqCDAtmqfy0LRTq13tdgm33A04T2uvdzfFpnd/t3giXCC588xP/ZT0pXekaZEyfhew== -PublicExponent: AQAAAAE= -PrivateExponent: Xgmu9fyg1QoKridDOUywH7mZg92dEvGVIcz5QrpXMYZDhi/Z1NLB4UJwaO4Kmbg9EyAT+ms3fjjC8ncy+mVnEQ== -Prime1: 9wrDpiFEJkYGuCC0JriZgA+uaLBYtzudTzUByr8BGU0= -Prime2: yavdgu+a7BloewO3Fzg6JwxYvJYrfeAgYLVr4uXzwec= -Exponent1: Z8tEYnN2N5LxFjL9+mdfnOjNhVxAouZ/wyyokWf0C4U= -Exponent2: axnHnwpVRfb5Xt25+8oIVoVH4YdTXDCbr4nkcjru4As= -Coefficient: dvqfAzS1VFtC6dvzFTgh+GoFt3EwIxHDXcskNmbFDto= diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+63530.depreciated b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+63530.depreciated deleted file mode 100644 index 6bfb3dcaec..0000000000 --- a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+63530.depreciated +++ /dev/null @@ -1,10 +0,0 @@ -Private-key-format: v1.2 -Algorithm: 5 (RSASHA1) -Modulus: wBxCT/MYqHr+xX1vViWWlt36h1dkkx+qtfeY3603p+J4QlglYkStawB4atu2je/RrEUQXco40iGnYuqqUWQsdw== -PublicExponent: AQAAAAE= -PrivateExponent: mcrUc9cypiq7j30rntMoCrIxE9SemJxzTJ/USNZPGqfa4MpfsfvIt6A+8JzgS0Sx+6piSk9d8QSdr55aVqgEYQ== -Prime1: 6dRm4EGvg7WN5LFAMv/8HzeyZbNu7FlQwf08QZOmgYc= -Prime2: 0lM7LrrOzTThb372TCC+7Wz0S6GuqfjhM33MWwNEeZE= -Exponent1: Q8jFuxbjffHEGZxuUdLkkmWka0hDlACozr31blXYgCc= -Exponent2: yqc1ijD9jaK8b5IUIqsx42nbJ6boeMyx77wfOUoXw7E= -Coefficient: R4QnEkjxtLd7bPChAqblYPb9A8lcsD7KGh5fTR9LcFM= diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+63530.key b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+63530.key deleted file mode 100644 index 776c4a95e5..0000000000 --- a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+63530.key +++ /dev/null @@ -1,3 +0,0 @@ -;% generationtime=20100302100004 -;% lifetime=2d -sub.example.de. IN DNSKEY 256 3 5 BQEAAAABwBxCT/MYqHr+xX1vViWWlt36h1dkkx+qtfeY3603p+J4Qlgl YkStawB4atu2je/RrEUQXco40iGnYuqqUWQsdw== diff --git a/contrib/zkt/man/dnssec-zkt.8.pdf b/contrib/zkt/man/dnssec-zkt.8.pdf deleted file mode 100644 index 4e88297601fa3af80e11c2fb134df5f57cd6b01b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 12950 zcmch7WmsIxwk?vN0TSG4+-VvbcXxN!#vOtaJOp=0aQEPr;7)Lt5L|-0274s?>~prA z``z#Txc#TQ$C_1ZtZ6lC)udDu6=wu7u^>_Q?MLSzu>qI?_QqC7yu3hJh@H8M1%Ukt zQ3i@z+PFZR06=jYBNvD$#Khhd!q1Q7?BWD5vPE)FJJ30>Tj0dLKPp^li^XBnxI?GS zVjN3{3$)>}Yyf@U&N~yS+7=~PIF)p&*>TY~jMezUb4W?MOYhWB6Nn0jK~58=O>wlj z`ss=|>|BAS`&sZ-;X{k2g77)fUDNwJFzF>?i7(^Kw*A=`gJsFH4sR|;B7`_hsgZGS zJ|kgcyzH9`3P}z~F-}di#`LXVOJ+{TW8s;voEd2Wh4|U?h+;!oLS$BkKxlpWfOzvs z`*sv}>1WuWd_(ID`GBKn+2t8zd}CtiV6&i<@2lF6b<04b(c$aA7ME&d!{9Zw|Q;X1u~Oq8pE(E3+w`bfd1&&urzfO`X9g zP2azs&3qBkeuh~;c-#@J^(R%s{RLORN}iU!)dpB^HJv6CM|+}q0bX? z3W5gprJgEXvmX?Ku&ia@?3%#5KjkF5=mOKj`FOp5oH(Md+8#qR`F4aHeGk3`r-8^o z=7iTH66A-63lEY|Dd;Ey#1(PQEuLX-H=-(Eq6K{w{6sHOZ`c%Krn(Y4PK@4{g#%co z7^)#|JH+p{g(Gp;79X~Zl=NI&^Cj+_w<0c%19eWBq90~5->q|%; zOEppN2L#?|sNJI_G^)}vAS|n#4CrQd9Nuu7IkaVy_HZVMDPKelLU-K z$PD$kGd--1(nVZ3xk91((;}Dm8d#_9Db|R!ermyeffpd*`!>EAC>Ht_2}U{6{=wuN zvGOxrh1o@2;JarxR*4It*F|JOCT;i2Uc`o7(CRSk7hW68cnxd|`c(N;uZisnhM-mK z!NVuq9rI={+0)hpL<%0(f>qHcB_ji61mKzY{BBd*A(^nrMD6!-D{sBp8B6oB|xZ3Oq$#Ie)XHwh{h+BCl*zZU7?QabnM*cFqw!cfoZFJI zf=~X7(9G-&es?fxT+##R-Sh+O7sChRrISW;{Xrv(JFiV}#1Fou%d>w8*58wZ%yXJ3 z8$VwZ$}zNjS(l4Iwa?i{psHtO8Z*dYp&>lG1q-`b-_NcVdYXRX_yK1xZy?La$&O!2 zo&M-*W$&FXZ8cg2QPnN`fg9U3)JaJ1{oVly@5Lu}$} z^Ai|wdISUup{X((7i_MwCSI`*4DKWw&t)|Vf4JtVB<$udrc}`&#VwYwxb4*l15274 zt2(H4HIA_xnM6ofujgz@Oz&S-Ka0Hk2y|=e;7y24>aeo+7!x{P`geJ19g%qmVk|p@K zD^7X6W!7>4oc~M$bheI(lOBm?dBt?m&-^Lf$R>1LKu&~4=k(#OW*2=^r>kvsgaS^U z_A5nv)9M?9psbiW;Ioik5!{Mz>9>@_P!W4Cw!O=hisOwP5ix0oaPSBC$KNrBJf8c$ zvQ=Z%<7Cc4Lna90mHsUIJ<=R{tO-N;{>L9K`9RRKPcbWFZPEDk&c4dGWZ+ig~^+ zo55!0wh?>9l#2MF;4nSCX;m3xr)r{(G-3gKIG+7_v3*;y*MkoYyg_{PXSTcJBLS%& z#ig^^G&b^{f{hS#7TweFV_qh*}DZ0}R-*&!DY85<$B7o+V>C1VL5qT_1Ss|zl zO{sE12D$PzNfu=_7g6OVRAN(^w5&9Yeb(WO`HLEV#~77Yh5UJxmIIpeapavwL*5ty zDuO+oFHBOaAMQ5Jd&YS*=CdSKI&Sxrw^^34kZp4~fXc{ufk*kY8Q+2*ngf%Skg4im zvWM21lwZvGOrB(jgk5b?289-llM!NUPNtNk*7o2MEik_`lwEg;%tBEM?owB*m1lab z1hdTXK}sQ?D}^tWTFk!^ z%7K3rkxLKQ6-j&q!$P;vpZIj(O1)FN4KS$N?MA&^9RD(&Y7QKyrzgDf?b|y%5L`ga z8hK}B=2Db0U1asfWp*%wKN8pDAmP4f0Lg`6+2o^dA86ZnAI+@TvIH zU1ojCrE7g=+65H!-)Iu|3UPb&a#mg8!M^l%(Ht>w?c@?Cco;9vE}!E8LQL+yG2fu&rQ==0izRjs=GfSOH{ZNvmCMUl= z@KMaD^%?B89+j9?8p9c+Zh&25E4u<~X)D5yLM@JMuk3O0>vKM`lraYzgMD4pme=)g zr|bd3V+j}}wj^1uF8XR$t%4qK&>Z=lgp88?D@413Ms}?f*xXBbmS&1F>PZ+`@ZYkZ zk+Y1!2KW*BiHbGHy6SAX8_xtt!aRevJ1;$rU{Q2xRvCJ;Iq#3Z7lZ8dQ%9{0>p?@AZJik98N`|# zfQcvqz9OwgLq&~pv_y%XFTlWvyio8vwpc+Hp_9UiUcI!QxGu#t_F_{y>)hT zzMYa8Gl*43-+pW~fJA@jRo=$6H&U}2T_>4)eUl$|R6n_B7jyl6BbTwQC<=(5aG3hh zFY^&5#oXrrVrTlVvh(TJ&r0cO#^>1}72>ib(WP7w0;=a|t@>#AB zyrE1>fTM!a_fx$QiaqF#wdI=GARXWG=jq;`=pyZ-kSLwzxYoENnM8RB=*P39OfFR} zX|YJMfLbh6$h3QqHXe|Sc&XwwIs;jlc+5%(K#Xc#=Ct;44-ChE0I zj!0!tm^wG2TgsnB*c?{mRPT7T=(R1Q&BiwC$M!sGq#Crx5i*8Gl&xB;=!->H>}Mt{ zP~_8TaM=X;+D3~AxLiLgq@A~cCE(3=ESNayFps`gjEJs$|9LZdq5kH;6-B+I{>G|R z2~I*m)wO=yWw~wxtfU;rwtlTB3rTuE*g6ACi|?(i=$~m@;Vz948!A@HC{z8jzI25?vi@jP8?<+XxKy6qw`+wB*~tPS8M#ErhJD3_F@L=XFP=K zVk^5Z!$>pT0h{BN0Jomqwp3qP2~$U546{*m6{ECE^?1^E6fzbmw2({>j5raRZ$u)?J9|h*RPA9WHV{ttK!;>Q8X2*%(eq#-?$L$jcIgO{m1yRL_G+)##(M_ro8P<2t08 z4-+eBr9P!6PRb!LMGS)sI8pPiH8jPlCoxMZLt^-)duRt}&4oKIxCj;tdi1={7#TF% zmqS11<__d07Wt~_;E>ieQs5wwmdjW$Z{dyBOC4kmHt)PC+h))V#ss4|^_5w>jY1vv z2yXddfkMvsGT}DW=tWsxTFC5Xr-onbsUyKNJld7YTP_dBl)#!Yse5J^VmXGZ zJvY+)noto1xzMXa1&)zViHAGh$!TVx4d=Fd^{csc6qiCrE{$?2%sW0&(Oo@DSRv#w z+c+vxPtBhi% zv*%-CAKkisB&!IhHigu%nvz{+Akx7v0rNO&g(6UjCe1^Jg_Re4`HMS9ukM`|)A|Kn zr=Un)a&ID>a@jav_uO`3d7wZ%gjJGthyAAd-?(U1X^J#OTmsq?8HMH6j z6pi5Ubv0(~JkA0YML+18ie24gbkK22Nugj)YqY+=!!}I-8Q=xbVInxG7H4SXW=hbr z(vZGPu0CV-ka(WsoJZN{wn7G1$jSuM3LCd-S?jE?MU6yOoWRqby6v&p&~GZ@2>aaF z)IcU2bLwj3-O=85Ar?U}Ekb1=vC9?C=~?IVdUTP-cfGU+JNIiU->R}eoq#tysemy5;M@)eX7dF8ZZiK zOP=Ot%0|yxBe2_pZ9l-8K=phCB61&L?_()eW*qk{R1j!!O6w zXB>%IenFaJ&D)nhhLkV;;7Hh@C8UAaj`?c;k=CYR47U@-*w^L@5vH^S>#IkibAivg zKyievxGc^sB7Zo>G!G?hos;8`BD@NBZ~I zKfH_h;I2-N!qeKT(mkuQmUcXg=LOM@S*IFZt85)cq#Wk^2)c*AyH(lC+U|s0;0Ct% zt1ze>zivzO8&1{E^OW&gHpqZR?9b7a3yd>F+h~@ak zDC{dv=`&7T+FD=%trfGRqAF!oAo=ds3Dfp(!L;xN{kq#s>#BMBL%su)eHdP~KjL0> z!{rlS*>fau^F7~{toZ`D93FxS_2G8?eAMS@R;E*hU&u+CZqZKFpKRh(rcCIDOzcCG zUPyL)dIo*;3JzRzb+Gf?W!M?YJs}iP&pm&Ar=YxkEW|}b^ApZ<0>yx7SJb$mbOmB) zifKA%GHhA#;n|KNKKPvvo&}!wr>VXe$MgszAKx0(+iIZmJTw3u9ZE7jM_n?!2Ux21 zPKN}3*gOnIU*bXxu*|U}N8qDv^-ocgwb@Z31n``bn7_rjtms&1Fiq)RH|&f+{cgVm zSj?7kq$Be_qoTR0TKpQyb#7z8DE=BoGttYTQ7(X;1fM&xL~5^RLjNJy7CO8Nx*O4h z1ywPBAid-ED%*WClssj-%LKchK5p9>THcn!>s3 zn{Pdue4I>uE@#c}KQrRXeL0(mP=`*8``)oP4oVEX%0V~ZJRC8v5rQsJ>)*ld?6BHP zYZ@cx)QY*;NEv+2aV41%p}%D%R5+XMnI@ZxwLs569&fU3HnT?8uszbo%Mzd=shDs1 zhRPi)8Hd9D6}OIQN11Qh#Bx1R?HGLSD{O$0;7#$BD1W)8tIPoTtB-Vrqjm@3cxQ*= zI#@kit=fKs&u6y3c3q2O3Gl03RKh`=3f7iVG}6W-#l(C94zb6~lkl-!;)bMolcb;+ zFd_c-Ze{!U(`&x^b_nkXU)N~YsOCK8d@t0YF$&@%CmbR`Mr;kd)NMbBTDB>FKzw|F z_qw2q`CFa*s{sC0D08rb|6M3^{Jl`-{NEJHb=pey-`LULTvY%rDXjs6F_^T{Xg-qh z`i`^2F*5a>S*|1-i8g!9^tO~AiE!=_KV_~xy0cPcp9W7 zkj8jcVjDiZ+t76A^g%Zx{!82F>?2p8Pbq@>cL#hs%kXmg($u5`tQ|XK-P0|TT~rms zM218MK$+XbQyi2ZRO?gsSfJ+*Fy2-((!4QnOj0IQsb1^!)?CKk81aT~!qT!I3Cen- zbMh_|_W`$_(vmEY_f*lYVWR|)TG0QQ%xxfUINLI;gxq5uGqv1~SjvN_OwuzsKkl+K zL$ppBPriK zv+asfdhdNmA4?xFfUaq=^hK0Zvvx)1o$E-^p`4|7tE?qHEAc`!y%4!`OAlXh2)>h) z$4lNZ~!tr|<&ia>s|#`QTOBE7IdCht6PDD#VdC5?UmJgHa<}o7~%SfSyB8 z9?0f!mbqbzrhBD88GA;|PVYqWD*)LhURnW?$bn_rE2@vFM5W3?eni?YLpx~{nLN9g zQq)4*hfbL(380C<$24n;G@j zN?wF|F9a~fsj2r2(T7J#{(iK+zzkZC0__^#Szqmo(N>D2nXKBbjs5=@+gisE)iM~vb$muCORF) zGdk^&61N7qkG-U3=nmAWVboSO80}Aps|KgM;u?|aI9J`+NsGuKmKBkAddNxJXxXJ+ zhr)8;LUg<{(OZr!OXUumq>zVoN#ukwImua|Fm{m)#l;qsdu?%G-L!#=pPkg@+vZPY#%ABW4VWk&1W-@w=yRw@o zXE5#c*~^=T%NG4`o`>NlhRBfBIZoUf>$r&VBs0B|)7%hs8d!X5X+upXXahV~wXts8 z*3St)Kjcf=&Xgr&7^_(i zAFsH@AQ{YgxzPsmpdXzOG~szCSoR z`Yy#($y2T$Gh0DT^tOPk^1hII{qnNDU%}DxU7Z&8g9O?DyB-&>Fd#PNY(6IQo-*K( zEtui$A!AUlRCN$B(%B|vRB!t*7Y2~?byzOa-YS&Dr^h!ReP)9+1%kTP< zIQjda!GgGDtp4w z2Ajux$bVBciJyunAa7CA;r$F<_ z>jAt9Iv6HG`YhF3pS2OkSYSA$jSj-icgY zj|m!+N|2ILPOKyognVoX%?26Zs&bQ@c96U~Q}PJ&Hg8K~rn7&*fIGHQ(J-*1TEM`U zu<@Jct$TlQR3N$(9TU-npdLWvf*#p%Qa`vC2101o#U-ykMF!ErA6FXeIN9maQLNk>rJ9yo1ioaZ5IsIM9V14Vf>q z?6mBQ7aCXDa5 z6(^zGd>uDEl_=K4HV&$JoZshyWIo;L*1vu69*1DBvm-)O#egoaF1Z^qn6?vL+$fAA8imR|nI;(~|XJzK|cvZ45?VLZEk%%I`iw=*=YT|9- zj2?U5zBrf$R1pj@jveW@4rmUd5_WfLU5vVqa_^=hqHCv+P6=>QxgznJsmLih@+xm4 zHI~plHT0K(eIalK5Iglu&gRhwHPfslwIR3Cbd6D-^{RYUmY3hO#tPT?FaeTi;y^k439*Nks=4g>`5 zu8D4TCKsI3LaC)0+8#$J(an7fa1@G%?cInxtokW3;r95!kZDqBA#~_THpyVNj&lSI z?qT#2&#B9@wYlhni)N9e3+Sgspps*wUYMRvp zEvb!lJj&xNVL$fWaGAEwZ`Wzie)*HMI2}i{+^10UZD%zL43elNcC9=QgLd#NYZgLe zwY^@KM`5E^-bF;C!@WZuz6)~;X9x^cH+C;fqH_Lw`1L6{mB4811aIL}vpFtiwa542 z$_H!f`f%{uvGRdoQWeJYO^l9nX;k;z7IAME#nP)g2-LEWF)j!&vx8w9p?8V|9Nc)~>xud+vDVM%QGQpq)77>}4_me3mo ztxhk;8*fKb_!Yw@3N7_0#){$_XUM%74dVSM^1cl(uRVOF*cz4be5N!PJ{#&dVnoeT z%w%!WxfI=Xt3AeV6PiN9t{Zd^lpT(=pikq@uX2o|5p`RIw=_NDdN(|M>IrI9M=pt=FDRT5XebO{&28 zFc1Q#jkU@Aj?juGGihH{m`gw7=gmJmZq{B*?t#tX%kq3ZfYvUFkxJ&97qpg_6zLm^ z$m91x>NG1%xFz(CfH1?_{6((QZa$Q?Azcc6k!$Gv%>h&k;Yij1A494XC#Mm`htj#` z+6%^uX47@>aTjhVM#@|0{Vz8O_i~jqkwwO9?gRDgp7jkEM&WM*n-*YbsKs+y_-4O+ zW_mNWCX~#054F5l+p_dQUcqD`8Hg2e%u^cMnzDbmz>Ue~zAUgG5<;@Xf&_6#@KDIOGn4brUliEe3)yYllvu>!JMzvJi zM4VN1G2>FCdyU?6YIwtk&lwhL+~e7MVyCTmE#5BGlwuVLtf3GFw{(4~c!N;k`NI!| z|M~K3(r@R4qtyI?$F1gNrb_P`AJ+?-!2vQD89p3czOTO2ThW9Fku0xTJsJwc=J)3> z?H(P}7Js#TMQouHZb1&918AFBIg@;Hf7#17O66~RyPXHqieWWAS-3__4PNor0mdmZ zYFl-Uo_+6W}*+iZt*;$(hh|MAHS$Paz{ORKiPf!VYaFN;L{QM z?im&STASW`?vonKLS*u<6v}{#Z?!(1S}$?;nvnPC6YzKkutXh_5zefyHKOANB5WPe z!FPv83z*EEM8sg)ek5oCmf*Amhg9>bm!-n~>Z4*p;4e^mRNqS7m7~$I9kwU^o*`{^ z;>rm`elIXFde1QXUT#!;@+JR=`t>zZvlme9yWrbbU_$s;+L+!MtUPoG_CRNJUKoW%0zVuzNM-NcMm(<1tu{V#x z@K{TLrk`H!@3a-tprfRnZPE{Fpe^1-tZGC6-h^AJ}Fx!HDiMm6d9#4&{#~!|IVLAf+P)ELpvXVhV=Bq+UJ9+C; zgcvy8}BUmaISRbWTs70hY zajz`!V-60Ee3a{Bl{~hd3?_(ye(sf)sqOH`U`(!w0XwX0n8SGRb5&hUq`7yJR8Bs1 zaQfQ^xR86^bqhD7vDYAI(Qq0N1^Jt)*8wc25O{i?@8updNfW)(##Yy!c zkoZ?&vu-qu0*?OPb>WRx?yfFWs`F%Zp^7x}p5NOD*6wI0y?pu1o^WKw_8~1Jk|-Wet-vrxQy>Fh^Mx zQ!-oc6x?2-8ijpil=G$+Bmrg3T#?|!9cZOVMwKmRFX}=3<#hFm?qhi{^rqe>SoI`a zetf=2nrB9Up8F#J7=GB<@5D(k98wr)Y2j3I$l(v-#8>EDHE*w5cjP2u#CG6K?SdMS zvoq0C3R|D)PSdF$jBwz+$B*3|_pyU@_b z+96BxHowX4crmb><2m+CH{6tQnlkT!ExEMuO!_4i_sqp%hQJa%mN>M6Z|5AK**}8j${UK@F8z09_0yfE1-~WMmCi+WE-hdGAZcPZ z0R3(K__Z$lTt7f;%>Q0LejZc*#GX1ZRXrRaKt&^S2v81UYH1{F?+(yme!9#KVgYb) zvFITImF-=g`Y{2_Pf|`0I~TyuV{hdr7~*XI+Q|gs{4|N8lf8)w#6{=nm`5A{RE4;^ zJdG2#e-Z}$T&a|ip87a}B2WLH#ybOk_J96@p2+@U_H*g_Kce&Rd;f>duXFrA@%jC< z|NlTeT)*q$4}5;UF8w1PmY??cztIoNZ^r$TxqcNJf8_I@zK17UKe-R!m;X2efHIb* z&Hx>xUri85PyX}sF+jh1dy#%UgEEpH;ORMEKlugtr%U{9|35$8lZcUvk&V6i@ALkf z)9>6co8%A82Q-ZTHE^ZnBFzvlZl#V5-;Swfr`h3#!j|C!^j=mY*Yj(@PtudMW6IQ|2j zKUnGCY<^Ri)RQM!n*1}H-@4BK8=Jo-f&aqhmzw^dncvIxr`+)uD*s(Azj^R~Bk~7t z_@C7Bi^xA3>ksMmDN&ogHi0TX` zl<{dqxmlQ*xtKYb!7LzFRxs%4x}3e~KVRbK|5tFjJ3-8lm;o%DNX-BK0NB~sSlIw( zfZs3>h=uFP);~W0yWcSu5ZjX#|BQj2z`tV5?BJ*H|C8L)pTEg5vv9CIMZ}-vKp-~u zC-eLnV`2W8sQ!$BI60nj&R;MN)~D?97mOABH#uew&c9+$TsZ#9g_({0XAJ#iJ}~p& zxG;0EJUPIhdzPpGuIz<<>F*yX#;V3DoOxA6-!UZlMex&iVypzBI0LS2LPq)%!fS~q3Gw4`y<`ca${k?InC#i~3FS(HnIqbFY4yXzJ8*$zk9r0IJJ3`=FR%^7x#P6c9u#5szgNQ z>9RxgUT@K2-;w8E2@7*#+|yns)xpO)=j#>daJNK4EEQyie9Vu`rn62psG*uW0<0jI zTU!y8!ny6+9y}!QNM=m3!zpKvsDI`nNi@|$y_=u(B`(S;pWVVS1ivV zI*oifpq64bjeJkKaBrx+|81D2Tw!02=67jn;B5Ds%t#eu(x$Der>p00un&oeweFnF zwJsfH_-_t)Q;%S2K;)Jg?Q*`7V0}xUYu$MVu$=V2vP&q{Q`f*!`!TNt#q?T6KD60U z#d~<+DC)N-Ja*;7n`l&$mclvxfisk_p}k#u<9Yyi9-cNW zDwO#0J4=hFJIKsC7yl0L@}Hgb*@J-`#x9$ zE6>rAG{hp?;@jcYzVQBPg~j0({i}IDUOWckqC)hmj0F5PUbQjNuD*Nq@%!>5HLi~q zEKQ<0PVO#;9B`Uu)>jk7F}h|tkw$z>O_sZz;z`VVG|x4l(nz~3x;1t5GN4XwHcF?H zPTyRuwyV^QlSkcWp~@ljC|;X=k&lir*i~&0E0KxklP!OB;d8?Yh5Jc!#j4;$QH{*X z)d-7Y0Z8e@t^LihG)(d1P$@X za8so9)hJsNdk2+14<)JC=_^hIZOdh&^-=B7yEgbC9hPG)c0E*U( z8q6N(X(3A{&~0J1)&>Rl)noi6?%+()of}5$*&D#`HwbtGq+dKEX<{82mn^fg#)A<> zs|YH+$IFp1_vjh_QsHqbv5x z#gyU_gD;LLEHr(9=_vzeRSiFv@3A#}*{7^SuFQ=9FLoq|^LR^lww1Dyd-!#1)zdGz zeQfXQKMBW$AaJfyQPLSqRS@`6*szG-+)5@+<_L*13UH-sC2@B`&S!ZzE zLpD^QkP43-P*0}6;N5KnQ(WeUXw#eC4aJ7zMj5DGc;mKj*3|WOH94(sFJ@(3y(4^P zc=q1vnB(R4dKGPu-Cx4%9wCmMf=PdF$3q`JUGVbwRGr4I0ycKNIZFDypS}){o?t;f zd)^#UJk~6o79g>Rty%k;ZEKh4X6~+eZ9py_$J0oRu`GCXh%vI-?0&ROzAiJzCRwjd zD51wKOs>xJ{s?HMkEl%DO|feXeFU1lx1N!3+jqp-INE$_svMP)-4DSkP5FHHLCG!D zr>Vln+!Er$eLdg4w1yPCC{@NamXOiWRHR57v-Rj++MxKskjF|8Qp~qQBBDmv9~gDC zjIg<*Pt3NnGRPncI9N-}`|U;98ba%FD?R&n>QMs{_}OYdyPJub`t7C%Z{nN3~8x~4mf8)rn#y;<$Bold-x@Co{*6qV~J-F0Id zy*VWC8asl7Ai3|YO`3Y0;LTXWDvA^-_YanAO-QB16VcSgk6je@{ErxJ$F-4P!P@gl zT>%)rfeE$o^iYP&>YPyk^D5(=0}M#Jqn7xjytx)@*%kpXsk7*T|aqPG{&1Se{bbv|O7BV_DiFO+Si$KyUphsZdjQZdAvt zly53ZB|+!$im9WYS9j1EA)PP;q1mv~OvU4VSo1NBW9028#g@oks+T%qD<%gfueeA; zf5RTi^C*Zap5N78{#`azgP-69c`65IrF8_xdPw0WD()N}KjxuBBD-c&ucxjMo2~9P@ z^_qAZv1Cq~TYLJbp2pF};+8foAK+anVm9{3IQ$!DaC#%VSI>S_cK7OeqfstS+jn;+ zNz}R0-r&tgoQ-J`5P8a%31lAH&tT#jgTd>#M6o#5EMP*z4chd`PE|wvV3=;c33G;B zLtDEeW0pIagbz!;)r1c+lF6P%oZG2G?UwjJ)!vp|-U|_*t z3TH6ne^WV+8_pnS6v_Q34Q}sgR}oD1eMX3CMKpo*MvrKCHUc`M#N&aPQ)ba2S+YLe)sn#90J=euv9_1gIWy7)7 zZU>T-7VNRnqVu^?xl#9FHe5!U;n`-EZxxyWv2 zKj*}fqS^XpeLCLl2-~QV!N^sd?}tlEH=XtKLWxa*)FON|U&$8+#(WGA3Zd<@3Uw=7 zJa==()%9-=*JZgoiD9!&*av5&?ZvLznbXcq1+q(Na*^H@z&rY>CkHF;5~iGGXG&Cq_&;RaojtOC(^ymcgAo8YsyO@_>rq*Q8P%(Ssv-2ifats ztCrLYK^~v>@!LQV_Wg^rk50?K_O-zSZ#wEzQhzbXG2dq*BSf2m+9l!hrcqWM&Z3K{ z^J|U{%4vSyQ2=ptvoWp<88@9>x6HiNNYR!(6Mf~WHZC5%PV9arqkM{F^PFC7+5DU+ z&ufwjE#rQz0b2yPVmMW3mFSx64dk-%7bxnkeyA^$q_iV7o`#|_QsPOtgnQS0vyk`# zl?wM;HrU$@FIsNnwGkaKG&NOy!Y-S3yV@<>aEh%$o{-icgmeK`RYnGa9 z)KR;f3sZtazZ7ZAoR=21q;*P1X6c>G(kl*MuhK8wCCtq$IWh3?_bq-Tp@$Xl@pFns zY{)e@^Mk92)^x*>&>HZc5V8%s2wm+Zm zEpE*$?HjBunz{M72Gq`Y3B5~{iXUlh3s@b4FO+&qB0mgqtR=YgmQiXNEgQ8Y!=SYL zq{}_s{2k^`_Rb_SdPj7G6Kob0V`AE|f#!}0V!lb@*ImVw2IraX?EA61fSS*n9_=ce zS0Pw!Vv;!k@)FMiHOfT8Tgei9b^WN3efZ3cw$7fiC+?4Dj(|x=ro91C^yxvac^r=K zU4!T=@>2yeoJ;NmjmNKganbXz{r!0eHJGW+ z7cZvpK$R<4J)>u&KGUgR$RPj6i=;Ge6uit>{2Ee+?eJ>Gbax{wSjU$+f3SL)M8i_} zrcVR&i&j^pU;sW7Zd%6=5iR+ggN=>Z7=wnA{8sf!HrA-|kMEymDexA1O-bfa(h}S! zXB(#~sQdhgx_Moi)W0?^%gt%euT&FT|7ltf)T5;h;VH%Fm(5XJ;rVx_pu@LictW_Zgj~G;pf4 zs;y{l0CC4U(L!tTx#4d*AKWVX7Mhy-4S;}Ei94-5!3G4)-_ZK`fmcv!;cMpDBp9L~zx|wZD-fGE-bcu~j57rbyN+;gs%~Xp%XcZAS8q_jBhLQTbv2c3T z;2KA}iMJVxTwmZ7A%9MC-LjQUVsnRqs#?9IQ%VeL^)j;FyuFrf+Pv)eXh9&v##-*#Q!Ts3mC14aWiFDO8+T0EG>=&i1~k6uN_#v| z3kZJl4qHNEP~n%=w7ydQ3!~Qq9JzUQjH3KC--?ngFOVg55iyb3+ z?o2=bR%3BIUczK*sIv{&7nf&DtD};za31k3^}LIjZuf9pM_yZwR#j^MEYh=T6B_hqzF67VTLdkQ{eS}wO_~d73PpXQi zjYMv=^oKmGq4AeZ8VZ7i2#`%DkPYXeHAM$qhkKT4Og(7t8};UY?{nwoUD29>hd2d3 zkM3nDeV03D?3}syY&k4xX#}g1e$sF`QP;QC?BnQ+>^hqX%%FBU@|T}bA& z9Jy4#uB-h~y|0*^?$icBP{0uX6$$+`RhA#qVv$|CwYQ1m(Pgx5Hd+q}J2S%UnHYV9 zytc25Ee)*%KMT0;)ek6;Ag*nx%gOOwjDpX!uqG85tKKEMD{;rL*OZq2kPz)k z#BO>mrme=E_cK5&PzF3aFk}BS`LapZCM@;3QW3{xc&xmgQ&K65#>o6>$`t&iru>mQ zTT%`|c%_5smX%)l)4N6mN4JVP7S439;OE;G#b+_jx>VC|CCM^Bv>FX!*;UW7H!nb3 zHEatv?xN3`a3d73uxw8cU#GYS(L0OrM()aJ^sMYEvJyX$do8|`iAcz?9p7Y`j{)NKD!lb!kclE;g{7dsLvRF5~1AC`&2 zMmrj^n!=x*XFWB?($iK}R(;Fd@)}Ny$Icf6tMHT(77PuSL@Rg?l|ITBe~8m2v%qq? zDwRKUaOimJBb8qB*?GR#Xk&aSxsu%c)qGzOdeU67pw}fb9y3og791eKd~sz-@EQ@$ z+33$V>{m|N84tE2W(nhVZY~X1YrfOrUC;s%G(LPRxb^j!SXRP$*}ZnPv2mjYAG_<% zL0*wh-{*Bilow)(j}!s36$@Ryfk`$Cb{nI_9iQESs6wf=g}Da2vq^VSaZ6qAA4=G^ zZG<65pxCzf5l@$Lw*cMM<>J*-zEEKls&F)bOi{DyaXBotQz1+DMdn`o#Oj%D`MhYV zd-NzlS36fM%Y1ftbW0UMZWWDB(+gGd@7|ikp9a=mE)BkbGNuw_ioR~-l!(!onV?Wg zb>h~`SH@$=@|JJek!ZE%-)?iRm{b2W>ma)_Xbj?W>dfx#38i_6<%w;6vhyE3bE>08|80PJ~?tK>o=q}tA0a8a;+rwp1 z-ar$6OtX-P5D*3tFavWGZ071G4Zx75kMHHqp7<}0q^Nt@Rhxv~g?+(1U8_)(|pg+$%0vO=`iOyeZ|A)@y zk?U`K{ydodKZr-H=Qs%N+<(wYPQ$ngA}(hXC+}6tw~1 z%X=1p84xoe`a)Yj3;OSJ#&m&uz@1RGe@^(jW`9!5h4TJTjJ7b~k{3uD%ntxxSco=A zTLf^)AEXTfTqd%ghW>N`^nV?CG3PI<{`*otWmQ?YJL1CZK)UwM2zOp>lrtRpyMTWJ$ARSSZEO%2FTj|+2>>hz10kHP z;qG<-FoYjuV-Ele3xb^Ok!W|b|4eo%t3M|DiyuZeZuST_URjir^?xUL={KN%BlweI zE*us3KMD6QHor?t1!D{LR{x#NrEUEyn}7Q6zp(jt8T}cfFb?+*QvWWXOJn_4 zO8@bh-#7Gsru5UEFwxB#ZG~{-QqZ{zRI)?4d$?P<*}HfEVSHerTbRIxxxDnSMIt% z1SaweXDC19SI)wMzhW@xFPJdDz%T0xgQ36dLs;-40{po*4>!2I6T%IXd4V7udmjWw z=Riz`MPV}KMMwpLRFF0(;HA3(Kq~S;6E5)sWq~I);ZjT9rB9 z4dVpcgxyqy+wvQ-GFV+kqFTkZ z&od7*jw& zCRe?X)vF^(TfLBt`2Ib~wnQ7${Raz^;pnUL6Pu&M8h2S*q--|hSvbuCNH}^wiH?32 z;&^+iH!8A!5o-aIM5=1Z#D(zY8~*#c?N{PyLGEIoS-ZA#8w4(~n?4O2j1R_JXl<{5nKE<-1V_@FE*rDMX4bFtYvYniPXEd2}?V zh^K@mx$b(Jw8P|d>;+xLy8`wDN@qaZ4y5XY+kLBRc~;$nFNdEFCwmc>-ci4wkTHit z#`v~Jp+kWVm8Ot?j-)T5;s`>+3AU32;__hH%*8eveD@k&Qr#2$)?Pt6bx_ZPlTX%u z;34DJjs5|lx?B=>JatXhv=`+|+azBu{G&w9x;vcGouGMK6)9-}gZw3r73WzwN(^;d z`UYf#iA6z7i4oPj8g#R{1-DTcZj?L@tcb^!vZtTVZ)&>(C`TyGw*AvFEI0W|=FN!9 zd^TCk{oXLK*VWC7EqBrQ8wZY7lz6=OJaBzYVnf`=ip|11>TM9V!3)7i0kYxQZdYg1 zqp}S%Ve=;{FuIdwTB4qMeOZX*z0|HVn~g1ncG%9M6s^9cz#a7~Vs)u_QiDkB{AlBX3*t`2@5Rg6092Q)<0Qrb)mGOU3|Nuseb4Hw=(9E+Wj#UG(J2%S{Zbl?jh zoW37k-aOY6K;qCsre53lrRVO=!j}bq>jL%qX8_m$I23(#OtaoYj~w{Zgn+qO4Xm8! zP(@P8K0Rl*;Y+#BXDk-+Y>k&0{#OI6L`e1*nARs#Cthh5;Ec5wO;$~Z8eiz8(KL&^6E9F)H=R;XiWXwJ!nr7?bRL z&kq{CRWbl5I>ypAk#EM;$oQuNUc~3A(-BM%_W97BPkQG9_+1dggW?95YET_kn{Zf5 z47=pnk^Sa7trAjkWW;zBI66-|=VjOWNYD^g%irl6Z{d4~z!c7ORDVi?J`1YV)#ep> z$#(7x1E2aSOn2rBl}7D$zg@Jb0tsF~y8)Z>1!=fS+D`rE)xe_Mx^g;S>>~r~nNGjK zsBh8nOfaCh!s_Rf)!b%gZM?v>f$aA$_t_7{@142m8TsHt^ALd;W^h#xCDVf$Pwh@AGCEz8y)>1B{Y zR1LuGfWiDSthFw|gX%r5)j~gy%Ff>@*bqX5z3DZeCUR{`;?YC?j9+anXvRS{yuX?q_I=5lPJd7@9vP39iX_kuYKOIsWl$ zuI8-{e2;nv3S6_Rp6H55zNNsS>C3%=M~Z;#???GbzPeJ4n)G4}AHpkx4^^_CwU|5e zY6L4bAjx3R9=I^1o_3O{MqZD0e&XsLtaESAEJyp-0c(3 z%tI`z;-(j-#xDasU&PBEZJyH(a;ygAj^QSOI=)&TWeMLevp> zP3NL47rr>bc}=)yO=)A?K`JU^X1T(&W~$|*9g87?RHh+sa%dwko+65Li=0sTq==|C za-c)jFm1nf=^>n&SXy{DG%W1{UuO5GdTyMfBj&eCQO_7ZvZ_C?U{5W1Sqdn=A{nOf z4}ZMyYRFH2#dV=L{;T;;+Va4l0iq$;?2D@cD{}{%rk!4PH<;4HA^c9M2f5Q|sT0}x zg&?UTXF$4CsQ*9Qj^$9vY($LbyTrc71c>Hauz6!MAyABx; zVEQ|6ByF{l%h#R_96bd;2F^J4mQlAl-^>WSPb$iXw-clJ2qs4S#M-=@B!ne&%8!H{ z$Yoz+%0@dm(lWe|t!#kzQ6{|Y!fjM@&*Z+ zXzuJlU`h#b1umsOxBB$6A&d^ z1e$mn_n4S)ML{lA$07``iZL5>CUQ6D&=!oO!N1PYwNYF z7YJdYFCQuR!khe1i?4C=w{89&M%TuJ#}Z|fSLj0!WWTtyGm9a=MA+X>b_DK_!xp4N zEFuY+UI>_&OC0T{YSq#8@_BrhC3rhGP?z0)ew5r|x}l2uh!ArSJTt7>x~3?nl`Yun zrA)SWGxn7H^1YMECyvX^co}DuJI9Dh@f41?e06wAnr%p4l;}Wkx@-kE%Mmv%2v&r* zJHrP&Vw~GnJ$oJ*vJe{?yO4aqriZM+jvsAjs@cxXjwhK&LO000`vm%|>W8i-+t=Vq zGtT;v7n4}Dltp@FbKLnQ9GA}|u)RHhe48>XYVvlqX>C8WVg1-rE1I+dtq9176!v|t^_PUYphU+MJ|q-)88Z z-Oei!vGo-(5SCr$9LxK1+&4&n&~Mn6BwU0n=(s=U4mge*oQ<+w(NY|xBouUP>rl?{ za>J*vjuNuwE`Lu{F7PVvicT)1cexjQEV#|6Z%E>a21NwWM8=8R@|12{&&~5SE~`5d8M`r>Y(nQ9HsYUWfP>k@<@Q z;j%-^KzVfv+->Po)=D<(=Mwl9i&cFkK<*1WZnZCSB&wQ8RiP}&M@(tA!j;1Y&vsuf zqhP)VxP3D=$HyQOeB}^0vIR{F>3+?w<#^YnmaZ@dV^Cd9^i(*XPXf^h%gdi4&3woM5D164rzgxS z`fIe24?I{N#d4pKRDLnD#usJ=7p3$Luns@^-h(dP<+Zd>j?t#7|3SQp990G^MU9Pm zW33)xt)D~#_Z3Y<#6?25wQ-aU4Iu=sK}qjGa{is%TeGB!uZFd9oG*#RIYTr62Z#`X z+@~u$&kJ4!D~0z*2hy}-nT-f3N;_1W2o{(&@Ysb`*n>A0&Yr)~=X@1gI4LX2Sh@RI zn~07${&|eHIyv5yKFN>=soWdVXzAyGP~6yZvLm|i#WE7Qj*WcG!?df!%w=k4@ckwj zl{l5I4r_Q?K2?X@GdF&W1u=Kny-5fEB9y+?#J(efFQr> z!8b7rT<&}}oD9*SSCZC;im=y8?I;U$NCg}4naI{JR>F#7o;5}&yTkme{N;0CMt z4i;h<0&jebXxXrB)hW@#l8TAeRRC0_^(6&B&5MHsgo`yEY|IEfG1W&dsGQd!Xw)^G z{q(q-rt-;7_;~eVc`JuXQy8tZ6ti13U2>4bb8)FTe}ho32=S3erbhkR)3D?I=)N)G zcs&*4{g1DBA?&z)YI(@s9D=l!GV6Uq`*l+%@0!yZ)`K!Z?PCpNxWYzX6QpE|Lb}Of z-7eEeqcO{zc!xgFS`qq7W{yxBdJbqvrCq!S_{M1y*Jd>Vu3!Y5Dwl#t8w6!lvKOe)6s5@P zqqLvjnlYo4c-PmM-9*}`fBl9piT3i^M~2%!A&}Lqb8WAQu%kN0f3^d)_Aha z6DXp+ssP_@Zf^B_+}FI4>iB!zX2F#+?Dr6%jTQLx4J$UsKtydUOPZa8t%PxkrJU+S zrk*KGYd)*FoV9r{G6J*O%7YjOy$s+dTyZg0jq49jO=t?H7t7f$A$CW{Y;Zkq5tm9i)by+r# zWFdPD8=__g^!MZ33iUv3C8hP=&w12F=B83f&0ghj`H9sHXK@{>pQBD0TT%s{sF1LN z@%mdrYGnh3#k}COa8w;M&^TjGz~;0HBS?pkQhyoNL+y4uhQ^STiGb8rBTI!bjM2x> zI3hJZXx<$v))WSREr50|5>E|(;hp@zeOL@k>=vLPn^hg8OD839Hxn}>qLmXDT-YWU z!VW%)IX_P`3eDhuB2l`2wML*NIM#>Tk!z%znQb$y*qnz*k}7SBNW-_W2u1;&_L?8G zDwL0J=0?pqaiFG{ST^1LKt7mT6f6Y+vZLHhwemVbCC5%Qkpru5q>680Hp+giN>Dh? zEAMlp9*|pLcjsld#}GMpRh9J7hG-pbeLQQ+XaZVYZjptg`H7TOe^rhwI=5d~&ipzl zy&&@O=3BHu-6L&1s3%ZKn;s7TP46!C|7l*jN65XYb#xY_89ewR~S%^x&O?(5epvZHhRy7CFDD2-?I z4uVr)XO0ER7<3p)76`&dP-48=@Gk|v(mo?FaqUQng988@5ZopFGbj7Pm**?fsm%P^q#HJWsEbLPWQfzsWm+Pq?EheXoXsCO%<53ztJN# zT_%yFti(Nn^Vv`EdLwHHzByL2(@k|?bD?UJhPdx_mv3#!nw|!42{Xzif|X&nsZPa& zak%5>lH`<6MdP+`iLTBIIftdD>0+$=5>*_=uqtz&;HItA0)E?=&=wmH(S%Do{LDiR z0rKXgMORmb06qb(X|FK26+jV^n5~+rN<|12W=XK5jl&0N!qM7U?(8uh7`2i|B;o5X zG!l(NBDUb}-B;fTsAMccdm|QToFJwT#(NGJ@2jw(&4MJ7;sboPom91CE|SVV|lN48#E@ z_uG633jzQ*$Jv$CY9<){BI}AgHFξn_^NEK%AMwmaOeflFYWa4~zlXV7)Y-IAb$IWZtSG*9B`y+%@;IY<)XUYxt(H7by)iCBI zFuS!y>09TGPagLL-8$VMT$;IAdny8`C}YG8?{L?Y$2uZZj=~!Y;_PVFO|z|l8e#MWf6=2S?~3uuv=S($d5azQO8P}{z2RlExY7K%oYo8c zMFPmv0|fV>bi%!|hD@D$xebObRg6rkX$>@fz3tgR@b%ilJT9RXM8T&qzl2=vFX6sF!CcC(ZMCv2JU|h|2^uBn`n6|D%Q(y!>*&lF+h5gCsCcremE%vS>akYcVEd zrs18PU_3>r0~9>W>xpF_g$*I1b5Iy(`R&6vv2vn=KfeRN z$EH)keiJJpB;r+0$%1r0A9S_w(<2Y^N06M%xh&a=7F!}k6dqw+wPMUp;Bp*O2Gcc< zFn&FH4Hm}WH5FpHeFg1ZF`_b2`N)%JPzHWfO*0QeWyxpEALGQvFH3f({DhXX@4bjf z!qG88NulHgZOBtmbw>ejWgnJOlbYp7Tu>CLIq)VmP`)aFE z0|CS>)j=?I>w%DYE9+ioMrPb3^tns`S=iYZ0Xhjy@%9FKkhz zI+nU&nqoUCXSwlC+`qyxoeATxN+F+)nXWli{hZ=p`A%)|s$k>8MEom?;rHHj332x0 z7rQa=cCbXS*G#Z6?fv1S@8GS$?6*oo!O%*gncf1ccawCo6Ij!b1-8QXWq{tS3xDd+ z;mGdIk!4jRJ-3`LlwzDi6xpIuN1bgexGwXGiYr)2M1d1z+kLnuqgXg(NpX_!$B1-a zKN_mM$}%P-{-&_q_H7LCUSD51chQ0dy{&9GdknC>IXu&!hu^#M<*fHh==e5Ie#vS{ zX$Q&=zLw^j(=VS+nwq%4Y0GP@7c5vZOx^5)7z8bX31<{9QI5Z#87~!+qR%z_=td%7 z#rNdc45IF&Cb?Y^+8!0)!)o`8C+}F`thVx9AcXLAU*~{O+j9$Fud6=Ux}AP0K%$I0 zE+zc@xvHW>VZfC>r%UiCa+OGQ?GlVyU{;rw5^o41<#c1zs&w}(ZIC`gf%Rv~%9 zOfK(n=byF~I+#Bp)-7T(OLwguP-6kPWLoT$?NPWrl}pMrTkydMu?>5}J}z{gA@7YS zP4WCn{m1w`1=99~flIq9IS2gNsuyOF!}d$oQ_>mpV8F{|2Y4mEo^&kt zX00|BgRSaT`gL2PtYxi_3U!%>p zjSF1n9ROBX8F`7jXcDjOe7MCv}a1$5~bZOc=*jIcp=cdW`yXQ#wKp<-n7>lYu)--uZcjDlzOrS@PHbHQ1ZbHp1 z8#gqmQ(+FG-(lk^TOw+D&^YgGrFDjZHIG>`>}EwbKJrBmGkh+$YcVXd&vu0!QyagY zeIULr$OOtXOI}2vp;lrRGQT?2(>&UE9c;9oBuGauTxquW0%FX0`E4Lytb4KTW7&Jg z4_Ee}xm=jqypI$&O9xI{?ifpG=I`QH5_YC?0nAPm#`p!#d?!L%WBA^tZU~HU)~SIZ zA~vEwh}a0F;Pvf&7D3uBVe7WeqK3G&0oNAYH%u)Su^Aj-FOUam3VtoA z`a~x;2Rd!-1@J;8Q%1++GaKO;P{N`lq_uQ*um~oYhI+(R7YEB$_{aw&`MEC}DwfDl<>j-+dBsu?Qusg}LgLAj&pZ zXf)F+EE5P0&fb_DBsp0J+;m$Q=De$YYXw;_Byc3<4lYWr)N_%WY8r9L_Z%T2R@yyu zKE`4{`=+lZDl8|_GmFBFl(Op(mjHu-*mQT}AD}BiO7!5{$J?NAOiq+9T_Q6=PF3 zp<6?oJ9*RoxUIs)_7YqBm8ja--AS;~$nNl*LPO6yyz*JB(fICC`G*#FB$PVJ#vcUH zLgYb3Z13frz2?qScH3b+*SUz=4Jm$r>D9M6T3gZ-kh~j-U19@d5oj)HSA0v*gl6EZ z)4nmS@RU9I5Fk>Tr|?c7XHG_^I_R8%QZ5;PQAih`hsqFpt#q}4CGs(;$Nm>#`i4!V zlF)|!{`Ap8vKej5tSvRjV0l;B)$Q@Hf$@r6Z7_E!Z{MDaWIWCf8%GR5h$%i7}sf@R-pDT>{y$2a|k6bQ%O6OCK#`rXLcyUQqkU=~1 zYoUKA;17i!#0dueUg&?P-Cu^&aDM>-s2E#70E!SZsIj>HOKQD`9W56h7d0;@*Z>Wn zX77A|HI5p1&*ccQbEbY+B-HN75GQ*VM^lK?y$}^gdsB6YvmW67&K)&C1M<@Oew?)Z zJu~Px?)xis0EzqG_v4+YAC6tr(C$gUpTqng!r}RS?tjDic?|RyJiPZz4<`HnZyqq{ zZ}2?4WB4;3F!=ut&mX?|w|#zg1%Jl#?=Ioq*Z1K={WE@?r~&d&Gbd_2w4W`*eZ2it z1N2}_HME~PsG%89-^+Emj|xPD&!>M5`QOI@B%$W!ko&y9PjtO|p8^5qP&5z^2f!9;=i+4W zZwWtb|1SxDV7m9UBNXEJUr_z#oqt00C%^oxQ~!YK@8CT6|DWI}o7g}dTz)gc&oYGu z_y+`k0`P}YzZqK1-qzUe?=AgXK>mY7@SlA5-*n>O1wd@gjGZk1tI;1K`X99Xdu%@= z|DUu4|LN`Kf5Y}S_Wskz|1i|k`&@>a{w*4g-xBg4EcNs0{~D8jio`!v%lmc7%*7Pq z$Rwq%LM>xy@8s-c>Ii+|OwG#<;$psElJ0MLJ45a5B<~kECP{uU5CjBrfbah}c{n)k zpDWs%{rw|h;eXYlmyQr~G$1tx2o3nhhnky4+wlntiSNx|9Duk{z~KE;=2#5ztBJ+4vzau`Bxf{kLN$-fk503rv57* zh?DPEJ}~#MG!W=lJ$N2!|6k?ZL;g=1kc0bSarg@#kQ)sAPZ|iwbKi^nl@A02|Dx~x z*oOfAt2|y#o?qqh{(=Pr