Simplification and refactoring

diff --git a/.gitignore b/.gitignore
new file mode 100644 (file)
index 0000000..8e58f3e
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+/*.zone

diff --git a/cryptoparty.ru.zsh b/cryptoparty.ru.zsh
index b32e0487f6997408f5275e5a06b957009cea806b..0a735624082dff202a7f516b3c73bad87337ef67 100644 (file)
--- a/cryptoparty.ru.zsh
+++ b/cryptoparty.ru.zsh
@@ -1,6 +1,3 @@
-zone_start 2012011621
+zone_start 2012011622
 add_mx @
-add_subdomain @ "$GW4 $GW6 $VPS4 $VPS6" "nospf"
-add_dane @ $DOMAIN
-print y AAAA $Y6
-print y TXT $NoSPF
+Y=1 NOSPF=1 add_subdomain @ "$GW4 $GW6 $VPS4 $VPS6"

diff --git a/nncpgo.org.zsh b/nncpgo.org.zsh
index aad88805f4bbc36df376116da5e13c9d354822e6..2b4f7175cbba014fea1dc476ec65292f7bf8802b 100644 (file)
--- a/nncpgo.org.zsh
+++ b/nncpgo.org.zsh
@@ -1,5 +1,5 @@
-zone_start 2012011632
+zone_start 2012011633
 add_mx @
-add_subdomain www "$GW4 $GW6 $VPS4 $VPS6" "tls y"
-add_subdomain openpgpkey "$GW4 $GW6" "tls y"
+Y=1 add_subdomain www "$GW4 $GW6 $VPS4 $VPS6"
+Y=1 add_subdomain openpgpkey "$GW4 $GW6"
 add_pgp releases@nncpgo.org

diff --git a/rc.zsh b/rc.zsh
index df27dd8ee306c92f2119dae03da45be9c44b3d07..31a6113ca980885bf37a8850fa508a9bb08496f6 100644 (file)
--- a/rc.zsh
+++ b/rc.zsh
@@ -1,3 +1,5 @@
+path=(~/work/zeasypki $path)
+
 NoSPF='"v=spf1 -all"'
 ReSPF='"v=spf1 redirect=_spf.stargrave.org"'
 
@@ -10,9 +12,6 @@ Y6=21a:af91:8d0e:b05:9645:e4e9:12be:3c39
 NS1=uz544mqwggqbf3z4utlhfqn45vpbpq78nc63hpg5u2ut29stkt0pkr.ns7.stargrave.org.
 NS2=uz5nulnd504gp3s7sdmdl5l2gxc762hpw926t90k39ltxp67flbccn.ns5.stargrave.org.
 
-SSHGW=8397b7a5602758bb302cf6fd1a26b9a027388687f80be269c8cb1e7bbab707f0
-SSHVPS=35cf6677a0e85882ebf1deac20d4e9a87ae94d9599ea9db3786711268a4052b6
-
 zone_start() {
     local serial=$1
     cat <<EOF
@@ -31,63 +30,76 @@ _dmarc TXT "v=DMARC1; p=none"
 EOF
 }
 
+fqdn() {
+    case $1 in
+    @) print ${DOMAIN}. ;;
+    *.) print $1 ;;
+    *) print $1.${DOMAIN}. ;;
+    esac
+}
+
+shortened() {
+    local dn=`fqdn $1`
+    case $dn in
+    ${DOMAIN}.) print @ ;;
+    *) print ${dn%%.${DOMAIN}.} ;;
+    esac
+}
+
 add_dane() {
-    local subdomain=$1
-    local domain=$2
-    local prefix=_${DANE_PORT:-443}._tcp
-    [[ $subdomain = "@" ]] || prefix=$prefix.$subdomain
-    print "$subdomain CAA 0 issue \"ca.cypherpunks.ru\""
-    print "$subdomain CAA 0 issue \"cagost.cypherpunks.ru\""
-    pushd ~/secure/ca
-    local hsh=$(~/work/zeasypki/zeasypki dane ee/ecdsa/ca.cypherpunks.ru/$domain)
-    print "$prefix TLSA 3 1 1 $hsh"
-    [[ -e ee/gost/cagost.cypherpunks.ru/$domain ]] && {
-        hsh=$(~/work/zeasypki/zeasypki dane ee/gost/cagost.cypherpunks.ru/$domain)
-        print "$prefix TLSA 3 1 1 $hsh"
+    local domain=`fqdn $1`
+    local dirname=${domain%%.}
+    pushd tls
+    for ca (ca/*/*(on)) {
+        ca=(${(s#/#)ca})
+        ca=${(j:/:)ca[2,-1]}
+        [[ -d ee/$ca/$dirname ]] || continue
+        print "`shortened $domain` CAA 0 issue \"${ca:t}\""
+        print "`shortened _${DANE_PORT:-443}._tcp.$domain` TLSA 3 1 1 `zeasypki dane ee/$ca/$dirname`"
     }
     popd
 }
 
+add_ssh() {
+    local domain=`fqdn $1`
+    local fn=ssh/${domain%%.}
+    [[ -r $fn ]] || return 0
+    print "`shortened $1` SSHFP 4 2 `ssh-keygen -f $fn -r $domain |
+        sed -n 's/^.*SSHFP 4 2 \(.*\)$/\1/p'`"
+}
+
 add_subdomain() {
-    local subdomain=$1
-    shift
-    for addr (${=1}) {
-        [[ $addr =~ : ]] && a=AAAA || a=A
-        print "$subdomain $a $addr"
-    }
-    shift
-    local flags=(${=@})
-    [[ ${flags[(I)tls]} -ne 0 ]] && {
-        add_dane $subdomain ${subdomain}.$DOMAIN
-    }
-    [[ ${flags[(I)nospf]} -eq 0 ]] && {
-        print "$subdomain TXT $NoSPF"
+    local shorten=`shortened $1`
+    local atyp
+    for addr (${=2}) {
+        [[ $addr =~ : ]] && atyp=AAAA || atyp=A
+        print "$shorten $atyp $addr"
     }
-    [[ ${flags[(I)y]} -ne 0 ]] && {
-        print "y.$subdomain AAAA $Y6"
-        print "y.$subdomain TXT $NoSPF"
+    add_dane $1
+    [[ -n $NOSPF ]] || print "$shorten TXT $NoSPF"
+    [[ -z $Y ]] || {
+        shorten=$(shortened y.$(fqdn $1))
+        print "$shorten AAAA $Y6"
+        print "$shorten TXT $NoSPF"
+        add_ssh $shorten
     }
-    return 0
+    add_ssh $1
 }
 
 add_mx() {
-    local subdomain=$1
+    local shorten=`shortened $1`
     cat <<EOF
-$subdomain MX 10 mailfake0.stargrave.org.
-$subdomain MX 20 mail2.stargrave.org.
-$subdomain MX 30 mailfake1.stargrave.org.
-$subdomain TXT $ReSPF
+$shorten MX 10 mailfake0.stargrave.org.
+$shorten MX 20 mail2.stargrave.org.
+$shorten MX 30 mailfake1.stargrave.org.
+$shorten TXT $ReSPF
 EOF
 }
 
 add_pgp() {
-    local uid=$1
-    gpg --export-options export-dane --export $uid |
-        sed -n '1,/^$/p'|
-        sed -n '2,$p' |
-        sed 's/ TYPE61/._openpgpkey TYPE61/'
-}
-
-add_ssh() {
-    print "$1 SSHFP 4 2 $2"
+    local what=$2
+    [[ -n "$what" ]] || what=$1
+    what=${what:s/@/./}
+    gpg --export-options export-dane --export $1 |
+    perl -ne "next unless /${what}/../^$/ ; s/ TYPE61/._openpgpkey TYPE61/ ; print"
 }