#!/bin/bash
#
# Sign a specified zone with DNSSEC private key and commit to master nameserver
# Copyright 2010 Bernie Innocenti <bernie@codewiz.org>
#

if [ $# -lt 1 ] ; then
	echo "Usage: $0 {zone}"
	exit 1
fi

set -e
. update-zone.conf

for zone in "$@"; do
	file=$dir/$pre$zone$post
	if [ ! -L $file ]; then
		serial=`sed -nr "s/^([ \t]*)([0-9]+)(.*serial.*)$/\2/ip" $file`
		if [ -z "$serial" ]; then
			echo "Can't extract serial from zone!"
		else
			serial=$((serial + 1))
			sed -ri "s/^([ \t]*)[0-9]+(.*serial.*)$/\1$serial\2/i" $file
		fi
	fi

	named-checkzone $zone $file || exit 1

	files="$files $file"

	# also commit dest of symlinked zones
	[ -h "$file" ] && files="$files $dir/`readlink $file`"

	if [ -n "$keys" ]; then
		if [ `find $keys -name "K$zone.*.key" | wc -l` -ne 0 ]; then
			if [ `find $keys -name "K$zone.*.private" | wc -l` -eq 0 ]; then
				echo >&2 "ERROR: private key $keys/K$zone.*.private missing"
				exit 1
			fi
			dnssec-signzone -S -e +31536000 -o $zone -K $keys -d $keys $file
			files_signed="$files_signed $file.signed"
		fi
	fi
done

git commit -m "$*: " -e $files
if [ -n "$files_signed" ]; then
	git commit -m "GITSILENT: $*" $files_signed
fi
git push