summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobin H. Johnson <robbat2@gentoo.org>2015-08-08 13:49:04 -0700
committerRobin H. Johnson <robbat2@gentoo.org>2015-08-08 17:38:18 -0700
commit56bd759df1d0c750a065b8c845e93d5dfa6b549d (patch)
tree3f91093cdb475e565ae857f1c5a7fd339e2d781e /net-dns/dnssec-root
downloadgentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.gz
gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.bz2
gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.zip
proj/gentoo: Initial commit
This commit represents a new era for Gentoo: Storing the gentoo-x86 tree in Git, as converted from CVS. This commit is the start of the NEW history. Any historical data is intended to be grafted onto this point. Creation process: 1. Take final CVS checkout snapshot 2. Remove ALL ChangeLog* files 3. Transform all Manifests to thin 4. Remove empty Manifests 5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$ 5.1. Do not touch files with -kb/-ko keyword flags. Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed
Diffstat (limited to 'net-dns/dnssec-root')
-rw-r--r--net-dns/dnssec-root/Manifest17
-rw-r--r--net-dns/dnssec-root/dnssec-root-20100715.ebuild51
-rw-r--r--net-dns/dnssec-root/dnssec-root-20110630.ebuild62
-rw-r--r--net-dns/dnssec-root/dnssec-root-20150403.ebuild82
-rw-r--r--net-dns/dnssec-root/files/anchors2ds.xsl32
-rw-r--r--net-dns/dnssec-root/files/dnssec_at_iana.org_1024D_0F6C91D2-20120522.asc70
-rw-r--r--net-dns/dnssec-root/metadata.xml9
7 files changed, 323 insertions, 0 deletions
diff --git a/net-dns/dnssec-root/Manifest b/net-dns/dnssec-root/Manifest
new file mode 100644
index 00000000000..f611227c77c
--- /dev/null
+++ b/net-dns/dnssec-root/Manifest
@@ -0,0 +1,17 @@
+DIST Kjqmt7v-20100715.csr 765 SHA256 401120c1721ba100b2d9abf2d01332399535ba0f9c71dbd9f97232c5ebd608d2 SHA512 8e47be5054bbb801cb914d94a6f0d1e6b9b2eba387714f011f118bf8af6dacfe24a2dec80525ad005c545fa15fd8413cf90615e6d5c50d7925daa4aefff77112 WHIRLPOOL 26b495b38e6d04baea8f7ee5354fa3b68153cc25baa6657b9b74d04ae52fa43562f422eb8188c2538314a8f7de3bb79b34bf011db542b6cde877bc94501d5377
+DIST Kjqmt7v-20110630.crt 974 SHA256 17e0f21c31f811685388b14dcd7c97dcfc92e23b03896827bbc7ff2f0c54c252 SHA512 dd208ee38e7652cbd6796ca1574ada288cb950ec9f39d994e4f32161f1b9b281da1cd8820d7b4727caaeb54c8ae0adcdd130e55f75c48721e899ebfbbaefa3fa WHIRLPOOL 4206b6c21f6cac68f6db116d063ab0373cf4e3060ba19bd68e79f0f807acf41f7d27cdf7ef567daa5e3c383a4bee5fa7ca6ea40bfc13fde9eb481e0479c26678
+DIST Kjqmt7v-20150504.crt 974 SHA256 8b9c12c9e51d8a911d9527a58cc59da2f14286e064688b45ce4b6b74b55dccb9 SHA512 98adfc6a5d37c632eda9f642449ecd6c1bf1d49ebed2750cfe3bd99629b4935f51ecc4aafbd6ea69595b2f2cb15887bd9a1647aa255a564263f5c7b648c7adf1 WHIRLPOOL e22072d6415ae9e9ae0c031b2ed386a0971f92a92bbfe9213fe8b4dca24596c597df7f12d95131e6e4e76cddd350c39f868134d724dccedac4a4bfe21c6d5a3b
+DIST Kjqmt7v.crt 974 SHA256 ad068d18531618a9f1d0b68ffd84c87fbb5b8c2aea0288122a2eae8ad1190c2f SHA512 b0c85c17439b3a9323390217edf72f67a91a36b509a68470543b4dc1a3cce6a73065e989dee10ae070e5d2100e026af1d01ab8c000447ae4bbe64c21451d1081 WHIRLPOOL 5ce715f406d3682d50fa123f0846d94e3834b29012c406b5f96c2f908e480e35c3ad71a6c92d96a11350bfd3aea26084d55c6273ca24ba9816125bce3a661519
+DIST Kjqmt7v.csr 765 SHA256 401120c1721ba100b2d9abf2d01332399535ba0f9c71dbd9f97232c5ebd608d2 SHA512 8e47be5054bbb801cb914d94a6f0d1e6b9b2eba387714f011f118bf8af6dacfe24a2dec80525ad005c545fa15fd8413cf90615e6d5c50d7925daa4aefff77112 WHIRLPOOL 26b495b38e6d04baea8f7ee5354fa3b68153cc25baa6657b9b74d04ae52fa43562f422eb8188c2538314a8f7de3bb79b34bf011db542b6cde877bc94501d5377
+DIST icann-20110715.pgp 3401 SHA256 3e9beaaf9bbd1fe78a0d104230cbc04d544e833a2dc6b982992f74a4860a9ae8 SHA512 5fba8334850f2ae753f4f8a30d1e6c62abc341ece2dc83df4bc0f6db2b91ae68942c0d2a38eab3d33b5b91640cd1cf0970777225c15d5f961884c00077d539a2 WHIRLPOOL d2758930820d90077c8084e8c95e0bacc361d78b68d150d3b271ed32abeb2272f95f9a2d23ed5aaab25a31fe3fba66554622ef5c9a04002b595b5f2e66b732b0
+DIST icann.pgp 2097 SHA256 aaa2c7f6230c49b94af57931cfdd2452d24245b917a27110b28e952975b8c5be SHA512 db6c917bd5a6141beb8f6ce5d601541fe222446e330ab7c598d6e355315a354f14b117731213863fea28a0ca7d5b12a6b91ac32f5e55cc476a7d1dbb437abbab WHIRLPOOL 9983ea5949115a5011c5543f82798746ed5ec193bbac47f71229b7433964e699abef2998fbcb044b15814fbe82eb5edf017731f668a7cfdaf2a5c78505bddb86
+DIST icannbundle-20100715.pem 17699 SHA256 c4a91c4bea6763f4ef05ca92bf74fb41d5583594c04aa999c90a55d710a3e5da SHA512 36ce5025acc447f740222dd5f794fd848540731792441c6e50b0260411ea8d30b7d2b97a53a26d0469f3315d5881acb5e2b92a904413939db9a6b64ffd6e0f2b WHIRLPOOL e1bef240ce34051485d4046568445fc4ab32e4d0605b224d6dd3b8840218ebd00e903cc26cf0b15e99250d9667015479db20264a0e8cb7a1e17c3a24eea9cc86
+DIST icannbundle-20150504.pem 17435 SHA256 b405ff8320aa0eecd8eae98edfcdb106eec6077e0470cf5e1c21b1db6b346534 SHA512 f9b9e43ad71608921d1e79f25cd98ca8c712256d4e31b04035a9aac7b46f3ec951089ca23e84500c5901d53afb66991a30818b4cd6f6de6885a107f486f56994 WHIRLPOOL 1f2431a1b65829844e1d864936fc4c0bf1a8bbc22b4344db764772bec4f2d074a37f6f333ded78e9e277c298df7db13201324397cf924f142d039f0433bad105
+DIST icannbundle.pem 17699 SHA256 c4a91c4bea6763f4ef05ca92bf74fb41d5583594c04aa999c90a55d710a3e5da SHA512 36ce5025acc447f740222dd5f794fd848540731792441c6e50b0260411ea8d30b7d2b97a53a26d0469f3315d5881acb5e2b92a904413939db9a6b64ffd6e0f2b WHIRLPOOL e1bef240ce34051485d4046568445fc4ab32e4d0605b224d6dd3b8840218ebd00e903cc26cf0b15e99250d9667015479db20264a0e8cb7a1e17c3a24eea9cc86
+DIST root-anchors-20100715.asc 189 SHA256 5bffcac53f810c5fb1e1baf543e2de2f10ec99d7f7cddb5f1e47b1e58cf34cfa SHA512 e9c86b897d7e8edb979cba4bebe353b7c7f21b4061cd6f571c8671b02e73c2ea0b78a980169fa7d40987b9e962a0f1ba17dbb392b5ec6ad14fedce65a139c913 WHIRLPOOL a422b8c473aa4cfa61d6a22ea748b972acc3242da7bb90a5b44b5e291210e24ca16ce4876dcc17b71c3694e9f58da4355a5ec1cb1c2950496d87cbfadc7944c5
+DIST root-anchors-20100715.xml 418 SHA256 dfb281b771dc854c18d1cff9d2eecaf184cf7a9668606aaa33e8f01bf4b4d8e4 SHA512 bca506c852bc83aa9d04ed0b52bef6d0baec745e466292273d52f49fd73cec73db4c6d55a9921fe086c7edc618f3ab21dc03146b6d617644495b3926e262e572 WHIRLPOOL 952aa6ba26495859fc4bc4e9f689b728373cc9e62ae64f833d9b894f8902be858371c88619ed4e10fb2557181442bb5d97781a75c6866a83d7fc8b43899a1b70
+DIST root-anchors-20110630.p7s 5001 SHA256 d74ca12899a150ea75b537cb77b0e55046cdad495349422fe1d858cc89f21c5b SHA512 384080488923cd855b6c1f7aaa9021630ab2cce51f0aee3d0561940d2668ee15e612949fe8398e59b4274968f6116e033e8d88ffe8375852864d9dd5f6df4852 WHIRLPOOL 26fda6fc9f710fc9f9f200bdd2ffd94782cf844e5ae1dfb6511affaea62495ebd9ea7a5b009c07a1256050bbb343642da11d9d29130847e9b704441453a16597
+DIST root-anchors-20150504.p7s 5001 SHA256 bd42aa218a6ca09eb6c5f194aeb70dc95c56a0ad051f644b9772da32e65d5a61 SHA512 af188871f2ef7f9efb0d3f4822754e962fb921d62de925823f90a0c7dbe80b7a0188534adbdb324680ae981912968fcfa851eb72fb37694df8701fd749e7ff51 WHIRLPOOL 24cf2be6cf755ac6b5c3ebf267c0de02702a51db490849ec63c4e66ac27d57c0d337375b96e787d6b2a4f1eab5517b1f4ec10b76c42b293d2e529cb10af4cfb6
+DIST root-anchors.asc 189 SHA256 5bffcac53f810c5fb1e1baf543e2de2f10ec99d7f7cddb5f1e47b1e58cf34cfa SHA512 e9c86b897d7e8edb979cba4bebe353b7c7f21b4061cd6f571c8671b02e73c2ea0b78a980169fa7d40987b9e962a0f1ba17dbb392b5ec6ad14fedce65a139c913 WHIRLPOOL a422b8c473aa4cfa61d6a22ea748b972acc3242da7bb90a5b44b5e291210e24ca16ce4876dcc17b71c3694e9f58da4355a5ec1cb1c2950496d87cbfadc7944c5
+DIST root-anchors.p7s 5001 SHA256 62eba1622ebf8f87b3125f4f9e686cefd952f805696cab0fc24c96eccd7c6f49 SHA512 a9dda6e8785cb1675128f90b181f6100055894e5c8c7f8e7cbdcac82d4a0b3a2a00f57421b81a5093c4b283a75dc63e1e21e10f8c350e7404bba7c5e13fad28a WHIRLPOOL 55f3e2a9d53a0da773b2bdeb77649c44abf6e4d9dd52134e0cfd4165f50cdd9714d4ea88892cb47d1d9ce1ae8af9e9107f07c3b2d7770f9a0fa322b881a91e9f
+DIST root-anchors.xml 418 SHA256 dfb281b771dc854c18d1cff9d2eecaf184cf7a9668606aaa33e8f01bf4b4d8e4 SHA512 bca506c852bc83aa9d04ed0b52bef6d0baec745e466292273d52f49fd73cec73db4c6d55a9921fe086c7edc618f3ab21dc03146b6d617644495b3926e262e572 WHIRLPOOL 952aa6ba26495859fc4bc4e9f689b728373cc9e62ae64f833d9b894f8902be858371c88619ed4e10fb2557181442bb5d97781a75c6866a83d7fc8b43899a1b70
diff --git a/net-dns/dnssec-root/dnssec-root-20100715.ebuild b/net-dns/dnssec-root/dnssec-root-20100715.ebuild
new file mode 100644
index 00000000000..0b1ef1285b9
--- /dev/null
+++ b/net-dns/dnssec-root/dnssec-root-20100715.ebuild
@@ -0,0 +1,51 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+DESCRIPTION="The DNSSEC root key(s)"
+HOMEPAGE="https://www.iana.org/dnssec/"
+SRC_URI="http://data.iana.org/root-anchors/root-anchors.xml
+ http://data.iana.org/root-anchors/Kjqmt7v.csr
+ test? ( http://data.iana.org/root-anchors/Kjqmt7v.crt
+ http://data.iana.org/root-anchors/root-anchors.p7s
+ http://data.iana.org/root-anchors/root-anchors.asc
+ http://data.iana.org/root-anchors/icannbundle.pem
+ http://data.iana.org/root-anchors/icann.pgp
+ )"
+
+LICENSE="public-domain"
+SLOT="0"
+KEYWORDS="amd64 x86"
+
+IUSE="test"
+
+DEPEND="dev-libs/libxslt
+ test? ( app-crypt/gnupg )"
+RDEPEND=""
+
+S="${WORKDIR}"
+
+# xsl and checking as per:
+# http://permalink.gmane.org/gmane.network.dns.unbound.user/1039
+
+src_unpack() { :; }
+
+src_compile() {
+ xsltproc -o "${S}"/root-anchors.txt "${FILESDIR}"/anchors2ds.xsl "${DISTDIR}"/root-anchors.xml || die 'xsl translation failed'
+}
+
+src_test()
+{
+ gpg --import "${DISTDIR}"/icann.pgp || die 'icann key import failed'
+ gpg --verify "${DISTDIR}"/root-anchors.asc "${DISTDIR}"/root-anchors.xml || \
+ die 'gpg verification of the root key failed'
+ openssl smime -verify -content "${DISTDIR}"/root-anchors.xml \
+ -in "${DISTDIR}"/root-anchors.p7s -inform der \
+ -CAfile "${DISTDIR}"/icannbundle.pem \
+ || die 'smime verification of the root key failed'
+}
+
+src_install() {
+ insinto /etc/dnssec
+ doins root-anchors.txt "${DISTDIR}"/root-anchors.xml "${DISTDIR}"/Kjqmt7v.csr || die
+}
diff --git a/net-dns/dnssec-root/dnssec-root-20110630.ebuild b/net-dns/dnssec-root/dnssec-root-20110630.ebuild
new file mode 100644
index 00000000000..9e76945581e
--- /dev/null
+++ b/net-dns/dnssec-root/dnssec-root-20110630.ebuild
@@ -0,0 +1,62 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=4
+
+DESCRIPTION="The DNSSEC root key(s)"
+HOMEPAGE="https://www.iana.org/dnssec/"
+SRC_URI="http://data.iana.org/root-anchors/root-anchors.xml -> root-anchors-20100715.xml
+ http://data.iana.org/root-anchors/Kjqmt7v.csr -> Kjqmt7v-20100715.csr
+ test? ( http://data.iana.org/root-anchors/Kjqmt7v.crt -> Kjqmt7v-20110630.crt
+ http://data.iana.org/root-anchors/root-anchors.p7s -> root-anchors-20110630.p7s
+ http://data.iana.org/root-anchors/root-anchors.asc -> root-anchors-20100715.asc
+ http://data.iana.org/root-anchors/icannbundle.pem -> icannbundle-20100715.pem
+ http://data.iana.org/root-anchors/icann.pgp -> icann-20110715.pgp
+ )"
+
+LICENSE="public-domain"
+SLOT="0"
+KEYWORDS="~alpha amd64 ~arm ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~x64-macos"
+IUSE="test"
+
+RESTRICT="mirror"
+
+RDEPEND=""
+DEPEND="dev-libs/libxslt
+ test? ( app-crypt/gnupg
+ dev-libs/openssl )"
+
+S="${WORKDIR}"
+
+# xsl and checking as per:
+# http://permalink.gmane.org/gmane.network.dns.unbound.user/1039
+
+src_unpack() {
+ return
+}
+
+src_compile() {
+ xsltproc -o root-anchors-20100715.txt "${FILESDIR}"/anchors2ds.xsl "${DISTDIR}"/root-anchors-20100715.xml || die 'xsl translation failed'
+}
+
+src_test() {
+ # icann.pgp contains an expired key
+ # gpg --import "${DISTDIR}"/icann.pgp || die 'icann key import failed'
+ gpg --import \
+ "${FILESDIR}"/dnssec_at_iana.org_1024D_0F6C91D2-20120522.asc || die
+ gpg --verify \
+ "${DISTDIR}"/root-anchors-20100715.asc \
+ "${DISTDIR}"/root-anchors-20100715.xml || die
+ openssl smime -verify \
+ -content "${DISTDIR}"/root-anchors-20100715.xml \
+ -in "${DISTDIR}"/root-anchors-20110630.p7s -inform der \
+ -CAfile "${DISTDIR}"/icannbundle-20100715.pem || die
+}
+
+src_install() {
+ insinto /etc/dnssec
+ newins root-anchors-20100715.txt root-anchors.txt
+ newins "${DISTDIR}"/root-anchors-20100715.xml root-anchors.xml
+ newins "${DISTDIR}"/Kjqmt7v-20100715.csr Kjqmt7v.csr
+}
diff --git a/net-dns/dnssec-root/dnssec-root-20150403.ebuild b/net-dns/dnssec-root/dnssec-root-20150403.ebuild
new file mode 100644
index 00000000000..fa75ecf2b17
--- /dev/null
+++ b/net-dns/dnssec-root/dnssec-root-20150403.ebuild
@@ -0,0 +1,82 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+DESCRIPTION="The DNSSEC root key(s)"
+HOMEPAGE="https://www.iana.org/dnssec/"
+DATE_ISSUE1=20100715 # Original root-anchor creation date
+DATE_ISSUE2=20110715 # ICANN PGP key updated
+DATE_ISSUE3=20150504 # Subordinate CAs updated
+ICANN_PGP_FINGERPRINT='2FBB91BCAAEE0ABE1F8031C7D1AFBCE00F6C91D2'
+# The naming of the files really needs some improvement upstream:
+# root-anchors.p7s despite it's name, is mostly the the same data as
+# icannbundle.pem
+SRC_URI="http://data.iana.org/root-anchors/root-anchors.xml -> root-anchors-${DATE_ISSUE1}.xml
+ http://data.iana.org/root-anchors/Kjqmt7v.csr -> Kjqmt7v-${DATE_ISSUE1}.csr
+ test? ( http://data.iana.org/root-anchors/Kjqmt7v.crt -> Kjqmt7v-${DATE_ISSUE3}.crt
+ http://data.iana.org/root-anchors/root-anchors.p7s -> root-anchors-${DATE_ISSUE3}.p7s
+ http://data.iana.org/root-anchors/root-anchors.asc -> root-anchors-${DATE_ISSUE1}.asc
+ http://data.iana.org/root-anchors/icannbundle.pem -> icannbundle-${DATE_ISSUE3}.pem
+ http://data.iana.org/root-anchors/icann.pgp -> icann-${DATE_ISSUE2}.pgp
+ )"
+
+LICENSE="public-domain"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x64-macos"
+IUSE="test"
+
+RDEPEND=""
+DEPEND="dev-libs/libxslt
+ test? ( app-crypt/gnupg
+ dev-libs/openssl )"
+
+S="${WORKDIR}"
+
+# xsl and checking as per:
+# http://permalink.gmane.org/gmane.network.dns.unbound.user/1039
+
+src_unpack() {
+ return
+}
+
+src_prepare() {
+ return
+}
+
+src_compile() {
+ xsltproc \
+ -o root-anchors-${DATE_ISSUE1}.txt \
+ "${FILESDIR}"/anchors2ds.xsl \
+ "${DISTDIR}"/root-anchors-${DATE_ISSUE1}.xml \
+ || die 'xsl translation failed'
+}
+
+src_test() {
+ # This is a terrible catch-22 of security, since we get the ICANN key from the
+ # same site! We verify the fingerprint ourselves in case
+ gpg --import "${DISTDIR}"/icann-${DATE_ISSUE2}.pgp || die 'ICANN key import failed'
+ gpg --fingerprint --with-colon --list-keys \
+ | grep '^fpr:' | fgrep ":$ICANN_PGP_FINGERPRINT:" \
+ || die "ICANN key fingerprint mismatch!"
+ #gpg --import \
+ # "${FILESDIR}"/dnssec_at_iana.org_1024D_0F6C91D2-20120522.asc || die
+ gpg --verify \
+ "${DISTDIR}"/root-anchors-${DATE_ISSUE1}.asc \
+ "${DISTDIR}"/root-anchors-${DATE_ISSUE1}.xml || die "GPG verify failed"
+ openssl smime -verify \
+ -content "${DISTDIR}"/root-anchors-${DATE_ISSUE1}.xml \
+ -in "${DISTDIR}"/root-anchors-${DATE_ISSUE3}.p7s -inform der \
+ -CAfile "${DISTDIR}"/icannbundle-${DATE_ISSUE3}.pem || die "OpenSSL smime verify failed"
+}
+
+src_install() {
+ insinto /etc/dnssec
+ newins root-anchors-${DATE_ISSUE1}.txt root-anchors.txt
+ newins "${DISTDIR}"/root-anchors-${DATE_ISSUE1}.xml root-anchors.xml
+ # What actually uses the DER-format certificate request out of the box?
+ # Wouldn't icannbundle.pem or Kjqmt7v.crt (converted to PEM format) be more
+ # useful?
+ newins "${DISTDIR}"/Kjqmt7v-${DATE_ISSUE1}.csr Kjqmt7v.csr
+}
diff --git a/net-dns/dnssec-root/files/anchors2ds.xsl b/net-dns/dnssec-root/files/anchors2ds.xsl
new file mode 100644
index 00000000000..3df47e20759
--- /dev/null
+++ b/net-dns/dnssec-root/files/anchors2ds.xsl
@@ -0,0 +1,32 @@
+<?xml version="1.0"?>
+
+<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">
+ <xsl:output method="text"/>
+
+ <xsl:template match="/">
+ <xsl:apply-templates/>
+ </xsl:template>
+
+ <xsl:template match="/TrustAnchor">
+ <xsl:apply-templates select="Zone"/>
+ <xsl:apply-templates select="KeyDigest"/>
+ <xsl:text>
+</xsl:text>
+ </xsl:template>
+
+ <xsl:template match="KeyDigest">
+ <xsl:apply-templates select="KeyTag"/>
+ <xsl:apply-templates select="Algorithm"/>
+ <xsl:apply-templates select="DigestType"/>
+ <xsl:apply-templates select="Digest"/>
+ </xsl:template>
+
+ <xsl:template match="Zone">
+ <xsl:value-of select="text()"/><xsl:text> IN DS </xsl:text>
+ </xsl:template>
+
+ <xsl:template match="*">
+ <xsl:value-of select="text()"/><xsl:text> </xsl:text>
+ </xsl:template>
+
+</xsl:stylesheet> \ No newline at end of file
diff --git a/net-dns/dnssec-root/files/dnssec_at_iana.org_1024D_0F6C91D2-20120522.asc b/net-dns/dnssec-root/files/dnssec_at_iana.org_1024D_0F6C91D2-20120522.asc
new file mode 100644
index 00000000000..0653a2bb0cf
--- /dev/null
+++ b/net-dns/dnssec-root/files/dnssec_at_iana.org_1024D_0F6C91D2-20120522.asc
@@ -0,0 +1,70 @@
+Downloaded from http://pgp.mit.edu:11371/pks/lookup?search=dnssec%40iana.org&op=index
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: SKS 1.1.0
+
+mQGiBEdQucgRBACuD4uIRQ9Or2yKfGZtqxSd7/yp20VoZaNafP85OlJfOs9yjgdNv8kSd3+2
+lBXGwJxgOzkssbgZ14O1U3au494WicvR0gF7cLRZBeqpdZetpm7gl5n2/WGRyKifoGCMZqFk
+sFrR7BZerkOSUIqrMhtJMwKUxe5sks0WSgwifRchOwCgoezH1Uo9pdbpsW+8EIDe22HRX4sD
+/ivbf1kX6QPE7VbMYQppM/jF7mRtZO9oXzMhg9hjycK8Ir04FfqpvPCfA1TNG/l8j/dbQaJP
+bHHyI9PQIeikuVAQDuY+acT34GkZQxBcqAyMeRqW17LlZwl1l7u5sDiWwJIR3TzjXhpSjd0q
+1HPTwcGDyHulCHFyuCVw7323qB3iBACLezRPBN4Nrz29AcQu0NQAlMwcr/HLq2QfMevCpDpF
+pM3WuiSV+NtpDt9C/OmxWaYiFFYDEOy8HLuEuVNaMb9Xi5D8QmtWwgAMW54gBuExByt2NwJz
+7kxFf6ve4wdH6/Uzgn8FdJIDaMjZYuY3au4XkkL8nKKI7nFxiu1xAnwy3bQgRE5TU0VDIE1h
+bmFnZXIgPGRuc3NlY0BpYW5hLm9yZz6IRgQQEQIABgUCR2lOYwAKCRDDn1I07Bb/s8jPAJ9G
+L7P+9noZ3ZssEp6Ak6+F5kxaaACdELBwHA9gyzbdopWM6aQWuCpm1vGIRgQQEQIABgUCR2rL
+VQAKCRAEgcOX5y1fMJThAJ9AudOvaZ8socdOVS6WD3udbl7KGwCg6s0bH8eFJZk0JZjcj7w0
+yJ2u59eIRgQQEQIABgUCR9kwrAAKCRC039xrdgkih/h1AJ9PhfT+vlasg1Bg8RiG7QufWYuI
+VQCgwmRRlbblIyWUMopceIuoc5BQtFeIRgQQEQIABgUCSQwilAAKCRDcB4+iybQoSPw2AJ4/
+p9ZbZ0NckpUTUD+kKDwRrOlOIgCfYb9ZgHgntqn2dfNsg9j4WUgBd6GIRgQQEQIABgUCTHt1
+6QAKCRBvVseiT09y3VANAKCCEsh3Aqb76bLM1taqf5E0eikbVgCfQVMCgg5bbSWXK3QDy67x
+hUltejOIRgQQEQIABgUCTRB61QAKCRDTb+kxkMzVxf6XAKCl5Z1NhOUWl0mCKwauwSaip24f
+xQCbBPzeQXzkkgO/CLh0+kVncyeolsCIYAQTEQIAIAIbAwYLCQgHAwIEFQIIAwQWAgMBAh4B
+AheABQJOFzMgAAoJENGvvOAPbJHSEc8AnR2zvLg6Vq2X2GnU/pRMMxo1Z6gcAJ47rxPrKlC2
+5gchV6ON+1pxxVqvSohmBBMRAgAmAhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4AFAkdQvM0F
+CQJRRfkACgkQ0a+84A9skdJ3VACfehjhB59K5sFj8Td3jK70CrBqitgAn32RtmDQY1XDBB/7
+0JqJqN8jQ6lEiGYEExECACYCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAUCSa5MhwUJBh/5
+qQAKCRDRr7zgD2yR0u6cAJwLJY/HHnInhWEs8gthvEFb5HjhMQCfcDlaXb7zq44k08l7F69v
+12N69YOIZgQTEQIAJgIbAwYLCQgHAwIEFQIIAwQWAgMBAh4BAheABQJLDbx/BQkHf2muAAoJ
+ENGvvOAPbJHSXQ4AniPWf4jcO1BkPy3IODEMLjsRiTROAJ4wjB9pYcOYETm56q7UT82maCvk
+SIkBnAQTAQIABgUCThZ/jAAKCRDnlgTn1butoxbtC/wJltFxMtCH2Wm+SJrpZfhZKLB+0Zrg
+PRiNRHu7Z75lukX0ozpA7qd7N/M31P6cSdnQkWKjvznUc2XPb3Xb+DX4dapKm//9h7fwq3Rm
+h5FmAaorqbWVW3RqK4aO3E6pTdnw0wo/m4/oa2UGoM21g3Is2Kwl+/EeMP8pcqtznEJSEarR
+XUW1vdMFSQ/ZRkNshq5NnS5Auhf8uDGyntua+7kpE5fE0pRqOZzGGf2dhOesq6JcrsxD5U6i
+6rgkM6ZLVflvi9+z4iY78kapuE/dTag8vIlCPPxdcoBsX4aL0Pl++9948kFz5wB9ZFrK2JMj
+hTqRcayDwVKsbRXmh5sJOm07IRRS4QHVEUOM4USBVyi1aFL7CQ2Wx2BDIUzBD8vsMvt8eTwX
+R0HFZM//BM7eOF6HanPBlabQMVbqWg/psBx1LSUo+SbXROd2xlwWMQup+oBhaEtbXoSm9rNG
+Rz4/484U/wlT2PUFfG1M5vdkNdd+EzJ7tf/W/2YTNB6Ni5wN5M2JAhwEEAECAAYFAkw/NtIA
+CgkQUu5GRRsT94z9Og//dPvrI5ykvC6eSj07aAe+QMPapg0UEZpkol34rcS6cdSS1tPQXp36
+tHDmGG0kGZ80l0RTl/wF2iqJpOhunfeT32AUzjo6pnhPIJx4yXurboJ+yGOXb3mSmElhPk5p
+LDWBl4BGvBWJw7H5nFznIl1U6fCy4Aye4hedeyxuKnHY1gW/p6mMnpjg6aiNGpiRRQvGLmSU
+B2RxPvrP9qTTYc15Q0VFeePi3C+5fnPr6WO08sh9h3GVeU+UgIj2dbslUHY+qA/yk5Dcgl71
+wrUKqIBvSQAG5GrkTWdQe8NkN8WYrrzSQnePUtDD/bsQ/YOyFvbEAUNRRMrKcvnEMdA3kQva
++ekq1l3emjqYov3vLuGOdXKA9N0Bwzw083wNDmb8WXwhlyZ6swJ7qbSBHC8UyZLU3MHg9Q7m
+x1HxPQ/6Zz+zMoPv9N0Sh1fdwZNR4vwISKpI6c5REs/ZSbJucAZqHiVYW/VU5I3051KTUFCF
+u9E99WqkBS1ECt/XN+tYVGVtj8I3SHbhpjgkrKWNIs3QQZ1vrerKfkn3V0PiyqSi4zWX6xo/
+RAlYnSjWMfjMgO4Xznd6AhDL5B4oxH7VIfju/EExbXm3rswZaf/6Dyebt1qdJImAWXCSD/Na
+X6gYZA7/dOWcef0yOegitn85EjqDbJphLd/tQE2Ame73IoPBCTC1rAKJAhwEEAECAAYFAkx7
+c7EACgkQqSHyOYuTc5ICDw//Tm8X1gD3vjjukpJXX2JH+k41abPYPK/DWrfSzmIj8v1hF4Fb
+TJoGedk8thAavv3dm/9N1gPlN/HaQtHHe3886b6LgfG9el5eU3HJdt/9SEfi6QiWDxNioiB/
+HYCN6QavUcAkjK9YklptTZ5bNGjGjQFG0/hJQAYcIqATQXlBsxVqaj87Kjspzs5e/0uQOs/v
+dB6iFt2TCo7lmU1/WOOul9FeEfUD7GIugq4DlRmsCqnbq8BgdITRuq25gsNQtocwM+K5YJsm
+uXOr3hvILjs3yIuQUg+womZt2e1HSRgIVT2NCbmHhtt97NaYGzPzGmlkuVEuhK09iLLe9umD
+LSz9QG+F/QuP4w46kHc32NEt3UALDoafK5WJsTx6p5Z8tDoiFs44YNR1ZpE1NV5nU9Bnl5Gc
+7NJD6PJxu+jBWEor0jxCvUAwX1TI3Pd50H2vWuAiYXl5SNxogz/Kv1Kx/Nb/jGupaT4B5O2N
+ysokvd+44zC6gMIbCF69t3cTq5aju6dCw962ZNd+yCEwMwJT1rnwL1len0VIy6aI0E2LSfRf
+lLq3GH4QncuU6u58zsw/gOyMbsBXKT4j0SEfCDhOm10Lj8jl4fqbT/Yej3nG3T/56135/Son
+wV5eQEc4U7MTKsSyP3Li2ANf0O+/GhxpCQQXm9ej/4TwAA6LVrW844WiT3C5Ag0ER1C5yBAI
+AO+lHy/JBdvBMwvF6Xn/75CxeV0ehjJ2XAoGm9w3+h8mEmmpb7CCpHHSjmomz29YLdP5P17F
+rl4ThSEXJ6yWCYbPMA0j3BIhkhb8C56Vwb9SsZUpDSCw60uBw71CkK2DwSht6tCBt8/bNs8q
+QFPwnalKNt6KgU8cNAR5F5RxKKPATUw9icrqmeQKysHUhrneRqM3LO/HpnW1DDKvBk6eEwix
+I4XzGsqcThz3QfBOkCqPSUBBeb42wNjbPpelnAS08KBrVeYgn7xg+WQpdj/Dt+iFqOo/Vi8w
+1FpR5RHy//XF0DPnjEGa/f3Xaz9oaJ5k9XZiYMULf8CoHjtscp86Q0sAAwUIAKO4bNu7OJqP
+5NGwc9pm7IvmkYCeY6cltXzmcciw/LIU9etb+RBQQG6PpoeZNBNAu172L64wPkMsVRJGVUyk
+T35yXVASuBD1V0oOD4n0uVdqS+bij/DKQNVYqVAcwrPtkkrLeJQ8ZcmZhH/mbcmATWuziCnI
+4MROcYL9NLZ1iIT0PX8TvWEgyi9Jn6DVjXQ1UzIIv4oq6kBdsG3Rjd0yadugGKc/pSdYUu0S
+jeCCGDoY8hX67c5Y1jwaJ0+ntThC+kv2ImCSHx9OT5jMwN+JyXCe4MZJd+y5/VDhgd3hTowT
+QtqHQRYK4oTb0LsDLBs5xoE/zuF8AgzabO+JcTQZPOqISQQYEQIACQUCR1C5yAIbDAAKCRDR
+r7zgD2yR0q76AJsHHW4ywmyeZxKsei6V3bvt1OUQugCfStqiEgjFAA6psDMMinAV4VCh3D4=
+=0v7K
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/net-dns/dnssec-root/metadata.xml b/net-dns/dnssec-root/metadata.xml
new file mode 100644
index 00000000000..c66840b2cde
--- /dev/null
+++ b/net-dns/dnssec-root/metadata.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<maintainer>
+ <email>xmw@gentoo.org</email>
+ <name>Michael Weber</name>
+</maintainer>
+<longdescription>This package distributes the ICANN DNSSEC root key</longdescription>
+</pkgmetadata>