dns-root-data: improve determinism, clear key status

Nitpicks:
- The timestamps there were useless.
- The generator now switched the two keys; I don't know why.

I intentionally remove the comments like "state=1 [ ADDPEND ]".
The problem is that keys e.g. in ADDPEND state are *not* immediately
usable for validation - see RFC5011 for details.  I verified that Unbound
does disregard this on the format we and Debian use ATM, presumably due
to removing parts of the comments, but it would be confusing nevertheless.

3 files changed, 7 insertions, 7 deletions

diff --git a/pkgs/data/misc/dns-root-data/root.ds b/pkgs/data/misc/dns-root-data/root.ds
index 61c5b8fcd344..7578e0405d9d 100644
--- a/pkgs/data/misc/dns-root-data/root.ds
+++ b/pkgs/data/misc/dns-root-data/root.ds
@@ -1,3 +1,2 @@
-; created by unbound-anchor on Tue Jul 11 23:48:16 2017
 . IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
 . IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D
diff --git a/pkgs/data/misc/dns-root-data/root.key b/pkgs/data/misc/dns-root-data/root.key
index 9046cefcb713..c0da7b3f60fa 100644
--- a/pkgs/data/misc/dns-root-data/root.key
+++ b/pkgs/data/misc/dns-root-data/root.key
@@ -1,2 +1,2 @@
-.	172800	IN	DNSKEY	257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ;{id = 20326 (ksk), size = 2048b} ;;state=1 [ ADDPEND ]
-.	172800	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= ;{id = 19036 (ksk), size = 2048b} ;;state=2 [  VALID  ]
+.	172800	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= ;{id = 19036 (ksk), size = 2048b}
+.	172800	IN	DNSKEY	257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ;{id = 20326 (ksk), size = 2048b}
diff --git a/pkgs/data/misc/dns-root-data/update-root-key.sh b/pkgs/data/misc/dns-root-data/update-root-key.sh
index 5db179621a70..9a3141aef197 100755
--- a/pkgs/data/misc/dns-root-data/update-root-key.sh
+++ b/pkgs/data/misc/dns-root-data/update-root-key.sh
@@ -2,8 +2,9 @@
 #!nix-shell -i bash -p busybox unbound
 
 TMP=`mktemp`
-unbound-anchor -a $TMP
-grep -Ev "^($$|;)" $TMP | sed -e 's/ ;;count=.*//' > root.key
-rm $TMP
+unbound-anchor -a "$TMP"
+grep -Ev "^($$|;)" "$TMP" | sed -e 's/ ;;.*//' > root.key
 
-unbound-anchor -F -a root.ds
+unbound-anchor -F -a "$TMP"
+sed '/^;/d' < "$TMP" > root.ds
+rm $TMP