+defcmd sign {} {
+ help-text "Sign DNSSEC zones."
+} {
+ global QUIS ZONECFG ZONES CONFFILE
+
+ set rc 0
+
+ ## Read the configuration.
+ confspc-eval toplevel [list source $CONFFILE]
+
+ ## Grind through all of the zones.
+ foreach iview $ZONECFG(all-views) {
+ foreach info $ZONES {
+ array unset zone
+ set compinfo [compute-zone-properties $iview $info]
+ array set zone $compinfo
+ if {![string equal $zone(config-type) master]} { continue }
+ if {[string equal $zone(type) static] && $zone(sign)} {
+ if {![sign-zone-file $compinfo $zone(file-name) $zone(soa-format)]} {
+ set rc 2
+ }
+ } elseif {[string equal $zone(type) dynamic] &&
+ ![string equal $zone(auto-dnssec) off]} {
+ set cmd [build-command $zone(autosign-command) \
+ "%z" $zone(name) \
+ "%v" $iview]
+ if {[catch { exec $cmd } msg]} {
+ puts stderr "$QUIS: failed to reload `$zone(name)'"
+ puts stderr "| [string map [list "\n" "\n| "] $msg]"
+ set rc 2
+ }
+ }
+ }
+ }
+ exit $rc
+}
+