From d715bd72e87ab5dee86939f17eb3bb8677ff6e71 Mon Sep 17 00:00:00 2001
From: aupetit <aupetit@crans.org>
Date: Mon, 9 Apr 2012 21:16:25 +0200
Subject: [PATCH] [dnssec] Correction de l'emplacement des clefs

Ignore-this: 590e268bcfb4ef4fedcfb84c05e7957a

darcs-hash:20120409191625-3651d-d01944162cc0bd1e1588abdc9aa7002eb101412c.gz
---
 gestion/dns/generer_KSK.sh          | 5 ++++-
 gestion/dns/generer_ZSK.sh          | 4 +++-
 gestion/dns/generer_include_zone.sh | 4 +++-
 gestion/dns/remplacer_toutes_KSK.sh | 2 +-
 gestion/dns/remplacer_toutes_ZSK.sh | 2 +-
 5 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/gestion/dns/generer_KSK.sh b/gestion/dns/generer_KSK.sh
index a16ede45..7a035cd5 100755
--- a/gestion/dns/generer_KSK.sh
+++ b/gestion/dns/generer_KSK.sh
@@ -3,7 +3,7 @@
 
 DATE=`date --utc +%s`
 
-cd /etc/crans/secrets/dnssec
+cd /usr/scripts/var/dnssec
 
 if [[ $1 == "" ]]
     then echo "Usage: $0 nom_de_la_zone"
@@ -18,6 +18,7 @@ dnssec-keygen -f KSK -r /dev/urandom -a RSASHA256 -b 4096 -n ZONE $1
 mv K$1.+*.key K$1.$DATE.KSK.key
 mv K$1.+*.private K$1.$DATE.KSK.private
 
+
 ## On met a jour les liens symboliques vers la clef actuelle
 rm K$1.KSK.key
 rm K$1.KSK.private
@@ -25,6 +26,8 @@ rm K$1.KSK.private
 ln -s K$1.$DATE.KSK.key K$1.KSK.key
 ln -s K$1.$DATE.KSK.private K$1.KSK.private
 
+chmod 660 K*
+
 ## On genere une nouvelle ZSK
 bash /usr/scripts/gestion/dns/generer_ZSK.sh $1
 
diff --git a/gestion/dns/generer_ZSK.sh b/gestion/dns/generer_ZSK.sh
index fe34c55b..26739fdb 100755
--- a/gestion/dns/generer_ZSK.sh
+++ b/gestion/dns/generer_ZSK.sh
@@ -3,7 +3,7 @@
 
 DATE=`date --utc +%s`
 
-cd /etc/crans/secrets/dnssec
+cd /usr/scripts/var/dnssec
 
 if [[ $1 == "" ]]
     then echo "Usage: $0 nom_de_la_zone"
@@ -26,5 +26,7 @@ rm K$1.ZSK.private
 ln -s K$1.$DATE.ZSK.key K$1.ZSK.key
 ln -s K$1.$DATE.ZSK.private K$1.ZSK.private
 
+chmod 660 K*
+
 ## On met à jour le fichier inclu dans la zone
 bash /usr/scripts/gestion/dns/generer_include_zone.sh $1
diff --git a/gestion/dns/generer_include_zone.sh b/gestion/dns/generer_include_zone.sh
index 6a38c971..16cfba70 100755
--- a/gestion/dns/generer_include_zone.sh
+++ b/gestion/dns/generer_include_zone.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-cd /etc/crans/secrets/dnssec
+cd /usr/scripts/var/dnssec
 
 if [[ $1 == "" ]]
     then echo "Usage: $0 nom_de_la_zone"
@@ -12,3 +12,5 @@ rm zone_$1
 
 cat K$1*.key >> zone_$1
 
+chmod 664 zone_*
+
diff --git a/gestion/dns/remplacer_toutes_KSK.sh b/gestion/dns/remplacer_toutes_KSK.sh
index 63c981dc..1efac2c2 100755
--- a/gestion/dns/remplacer_toutes_KSK.sh
+++ b/gestion/dns/remplacer_toutes_KSK.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 # Replacer les clefs ZSK de toutes les zones
 
-cd /etc/crans/secrets/dnssec
+cd /usr/scripts/var/dnssec
 
 for zone in  0.0.0.0.0.0.0.0.d.3.e.f.0.4.2.0.1.0.a.2.ip6.arpa 140.231.138.in-addr.arpa 147.231.138.in-addr.arpa 243.42.10.in-addr.arpa adm.v6.crans.org g.crans.org 0.0.0.0.d.3.e.f.0.4.2.0.1.0.a.2.ip6.arpa 141.231.138.in-addr.arpa 148.231.138.in-addr.arpa 4.0.0.0.d.3.e.f.0.4.2.0.1.0.a.2.ip6.arpa clubs.ens-cachan.fr tv.crans.org 136.231.10.in-addr.arpa 142.231.138.in-addr.arpa 149.231.138.in-addr.arpa 4.0.8.c.d.3.e.f.0.4.2.0.1.0.a.2.ip6.arpa crans.ens-cachan.fr v6.crans.org 136.231.138.in-addr.arpa 143.231.138.in-addr.arpa 150.231.138.in-addr.arpa 42.42.10.in-addr.arpa crans.org wifi.crans.org 137.231.138.in-addr.arpa 144.231.138.in-addr.arpa 151.231.138.in-addr.arpa 7.f.0.0.d.3.e.f.0.4.2.0.1.0.a.2.ip6.arpa d.3.e.f.0.4.2.0.1.0.a.2.ip6.arpa wifi.v6.crans.org 138.231.138.in-addr.arpa 145.231.138.in-addr.arpa 186.42.10.in-addr.arpa 9.2.10.in-addr.arpa ferme.crans.org 139.231.138.in-addr.arpa 146.231.138.in-addr.arpa 239.in-addr.arpa adm.crans.org ferme.v6.crans.org 
 do
diff --git a/gestion/dns/remplacer_toutes_ZSK.sh b/gestion/dns/remplacer_toutes_ZSK.sh
index 9d5e7d1f..9d0f4bbb 100755
--- a/gestion/dns/remplacer_toutes_ZSK.sh
+++ b/gestion/dns/remplacer_toutes_ZSK.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 # Replacer les clefs ZSK de toutes les zones
 
-cd /etc/crans/secrets/dnssec
+cd /usr/scripts/var/dnssec
 
 for zone in  0.0.0.0.0.0.0.0.d.3.e.f.0.4.2.0.1.0.a.2.ip6.arpa 140.231.138.in-addr.arpa 147.231.138.in-addr.arpa 243.42.10.in-addr.arpa adm.v6.crans.org g.crans.org 0.0.0.0.d.3.e.f.0.4.2.0.1.0.a.2.ip6.arpa 141.231.138.in-addr.arpa 148.231.138.in-addr.arpa 4.0.0.0.d.3.e.f.0.4.2.0.1.0.a.2.ip6.arpa clubs.ens-cachan.fr tv.crans.org 136.231.10.in-addr.arpa 142.231.138.in-addr.arpa 149.231.138.in-addr.arpa 4.0.8.c.d.3.e.f.0.4.2.0.1.0.a.2.ip6.arpa crans.ens-cachan.fr v6.crans.org 136.231.138.in-addr.arpa 143.231.138.in-addr.arpa 150.231.138.in-addr.arpa 42.42.10.in-addr.arpa crans.org wifi.crans.org 137.231.138.in-addr.arpa 144.231.138.in-addr.arpa 151.231.138.in-addr.arpa 7.f.0.0.d.3.e.f.0.4.2.0.1.0.a.2.ip6.arpa d.3.e.f.0.4.2.0.1.0.a.2.ip6.arpa wifi.v6.crans.org 138.231.138.in-addr.arpa 145.231.138.in-addr.arpa 186.42.10.in-addr.arpa 9.2.10.in-addr.arpa ferme.crans.org 139.231.138.in-addr.arpa 146.231.138.in-addr.arpa 239.in-addr.arpa adm.crans.org ferme.v6.crans.org 
 do