Handle .ds files created by coredns-keygen

keyconfig.ps1

@@ -8,10 +8,14 @@ mkdir -force ksk
 cd ksk
 # Cleanup old files
 del Kbit.+*.key
+del Kbit.+*.ds
 del Kbit.+*.private
 if (Test-Path "..\..\bit.key") {
   del ..\..\bit.key
 }
+if (Test-Path "..\..\bit.ds") {
+  del ..\..\bit.ds
+}
 if (Test-Path "bit.private") {
   del bit.private
 }
@@ -22,6 +26,7 @@ If (!$?) {
 }
 # Move KSK files
 move Kbit.+*.key ..\..\bit.key
+move Kbit.+*.ds ..\..\bit.ds
 move Kbit.+*.private bit.private
 #
 cd ..
@@ -31,10 +36,14 @@ mkdir -force zsk
 cd zsk
 # Cleanup old files
 del Kbit.+*.key
+del Kbit.+*.ds
 del Kbit.+*.private
 if (Test-Path "bit.key") {
   del bit.key
 }
+if (Test-Path "bit.ds") {
+  del bit.ds
+}
 if (Test-Path "bit.private") {
   del bit.private
 }
@@ -45,6 +54,7 @@ If (!$?) {
 }
 # Move ZSK files
 move Kbit.+*.key bit.key
+move Kbit.+*.ds bit.ds
 move Kbit.+*.private bit.private
 #
 cd ..
@@ -53,7 +63,7 @@ cd ..
 # But dnssec-keygen generates them. So we have to fix that.
 # This is not really necessary anymore since we switched to coredns-keygen, but
 # doesn't hurt in case something unexpected has happened.
-@("$ncdns_path\bit.key", "$ncdns_path\etc\ksk\bit.private", "$ncdns_path\etc\zsk\bit.key", "$ncdns_path\etc\zsk\bit.private") | ForEach-Object {
+@("$ncdns_path\bit.key", "$ncdns_path\bit.ds", "$ncdns_path\etc\ksk\bit.private", "$ncdns_path\etc\zsk\bit.key", "$ncdns_path\etc\zsk\bit.ds", "$ncdns_path\etc\zsk\bit.private") | ForEach-Object {
   $c = [IO.File]::ReadAllText($_) -replace "`r`n", "`n"
   $u = New-Object System.Text.UTF8Encoding $false
   [IO.File]::WriteAllText($_, $c, $u)

ncdns.nsi

@@ -161,9 +161,11 @@ Var /GLOBAL EtcConfXlogReturnCode
 Var /GLOBAL EtcZskReturnCode
 Var /GLOBAL EtcZskPrivReturnCode
 Var /GLOBAL EtcZskPubReturnCode
+Var /GLOBAL EtcZskDsReturnCode
 Var /GLOBAL EtcKskReturnCode
 Var /GLOBAL EtcKskPrivReturnCode
 Var /GLOBAL EtcKskPubReturnCode
+Var /GLOBAL EtcKskDsReturnCode
 Var /GLOBAL EtcEncayaReturnCode
 Var /GLOBAL EtcEncayaConfDReturnCode
 Var /GLOBAL EtcEncayaConfReturnCode
@@ -1341,6 +1343,13 @@ Function FilesSecure
     MessageBox "MB_OK|MB_ICONSTOP" "Failed to set ACL on ZSK public key." /SD IDOK
     Abort
   ${EndIf}
+  ${ExecToLog} 'icacls "$INSTDIR\etc\zsk\bit.ds" /reset'
+  Pop $EtcZskDsReturnCode
+  ${If} $EtcZskDsReturnCode != 0
+    DetailPrint "Failed to set ACL on ZSK DS: return code $EtcZskDsReturnCode"
+    MessageBox "MB_OK|MB_ICONSTOP" "Failed to set ACL on ZSK DS." /SD IDOK
+    Abort
+  ${EndIf}
   ${ExecToLog} 'icacls "$INSTDIR\etc\ksk" /reset'
   Pop $EtcKskReturnCode
   ${If} $EtcKskReturnCode != 0
@@ -1362,6 +1371,13 @@ Function FilesSecure
     MessageBox "MB_OK|MB_ICONSTOP" "Failed to set ACL on KSK public key." /SD IDOK
     Abort
   ${EndIf}
+  ${ExecToLog} 'icacls "$INSTDIR\bit.ds" /reset'
+  Pop $EtcKskDsReturnCode
+  ${If} $EtcKskDsReturnCode != 0
+    DetailPrint "Failed to set ACL on KSK DS: return code $EtcKskDsReturnCode"
+    MessageBox "MB_OK|MB_ICONSTOP" "Failed to set ACL on KSK DS." /SD IDOK
+    Abort
+  ${EndIf}
 FunctionEnd
 
 Function FilesSecureEncayaPre
@@ -1513,8 +1529,10 @@ Function un.Files
   Delete $INSTDIR\etc\ncdns.conf
   Delete $INSTDIR\etc\ksk\bit.private
   Delete $INSTDIR\bit.key
+  Delete $INSTDIR\bit.ds
   Delete $INSTDIR\etc\zsk\bit.private
   Delete $INSTDIR\etc\zsk\bit.key
+  Delete $INSTDIR\etc\zsk\bit.ds
   RMDir $INSTDIR\bin
   RMDir $INSTDIR\etc\ncdns.conf.d
   RMDir $INSTDIR\etc\ksk