X-Git-Url: https://git.distorted.org.uk/~mdw/dnserr/blobdiff_plain/2ff79b439976586a3d20210f5e845340a423253e..f73a26186c15d2fd4b83c822f77a411cd7241ea5:/Makefile

diff --git a/Makefile b/Makefile
index e7370ca..a9f5e61 100644
--- a/Makefile
+++ b/Makefile
@@ -3,9 +3,9 @@
 BASE			 = distorted.org.uk
 ZONE			 = dnserr.$(BASE)
 
-KEYGEN			 = dnssec-keygen -aRSASHA256 -b1024 -Kkey/
+KEYGEN			 = dnssec-keygen -aRSASHA256 -b1024 -r/dev/urandom -Kkey/
 SIGNZONE		 = dnssec-signzone -S -Kkey/ -dds/
-SIGVALID		 = -s20000101000000 -e20500101000000
+SIGVALID		 = -s20000101000000 -e20300101000000
 SIGOLD			 = -s20000101000000 -e20010101000000
 
 all:
@@ -57,16 +57,29 @@ dnserr.zone.sigold: dnserr.zone key/$(ZONE).stamp
 
 TARGETS			+= dnserr.zone.sig
 OLDSIGMATCH		 = $$1 == "expired-rrsig.$(ZONE)." && \
-				$$4 == "RRSIG" && $$5 == "A"
+				$$4 == "RRSIG" && ($$5 == "A" || $$5 == "AAAA")
 BADSIGMATCH		 = $$1 == "invalid-rrsig.$(ZONE)." && \
-				$$4 == "RRSIG" && $$5 == "A"
+				$$4 == "RRSIG" && ($$5 == "A" || $$5 == "AAAA")
 CLEAN			+= t.oldsig
 dnserr.zone.sig: dnserr.zone.sigold dnserr.zone.signew
 	awk '$(OLDSIGMATCH) { print; }' \
 		dnserr.zone.sigold >t.oldsig
-	awk '$(OLDSIGMATCH) { system("cat t.oldsig"); next; } \
-		{ gsub(/invalid-rrsigx/, "invalid-rrsig"); print; }' \
-	dnserr.zone.signew >$@.new
+	awk '$(OLDSIGMATCH) { \
+		if (!doneoldsig) { system("cat t.oldsig"); doneoldsig = 1; } \
+		next; \
+	     } \
+	     $(BADSIGMATCH) { \
+		s = $$13; \
+		for (i = length(s)/2; i > 0; i--) { \
+		  c = substr(s, i, 1); \
+		  if (c != tolower(c)) { c = tolower(c); break; } \
+		  else if (c != toupper(c)) { c = toupper(c); break; } \
+		} \
+		$$13 = substr(s, 1, i) c substr(s, i + 2); \
+	     } \
+	     { print; }' \
+		dnserr.zone.signew >$@.new
+	rm t.oldsig
 	mv $@.new $@
 
 CLEAN			+= $(TARGETS)