338a195204
Nitpicks: - The timestamps there were useless. - The generator now switched the two keys; I don't know why. I intentionally remove the comments like "state=1 [ ADDPEND ]". The problem is that keys e.g. in ADDPEND state are *not* immediately usable for validation - see RFC5011 for details. I verified that Unbound does disregard this on the format we and Debian use ATM, presumably due to removing parts of the comments, but it would be confusing nevertheless.
11 lines
229 B
Bash
Executable File
11 lines
229 B
Bash
Executable File
#!/usr/bin/env nix-shell
|
|
#!nix-shell -i bash -p busybox unbound
|
|
|
|
TMP=`mktemp`
|
|
unbound-anchor -a "$TMP"
|
|
grep -Ev "^($$|;)" "$TMP" | sed -e 's/ ;;.*//' > root.key
|
|
|
|
unbound-anchor -F -a "$TMP"
|
|
sed '/^;/d' < "$TMP" > root.ds
|
|
rm $TMP
|