mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 14:35:26 +00:00
Code Issues Releases Wiki Activity

3086. [bug] Running dnssec-settime -f on an old-style key will

Browse Source 
now force an update to the new key format even if no
			other change has been specified, using "-P now -A now"
			as default values.  [RT #22474]
This commit is contained in:
Evan Hunt
2011-03-21 15:56:35 +00:00
parent d965c91f95
commit 10a759cee6
6 changed files with 41 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGES
View File

@@ -1,3 +1,8 @@
3086. [bug] Running dnssec-settime -f on an old-style key will
now force an update to the new key format even if no
other change has been specified, using "-P now -A now"
as default values. [RT #22474]
3085. [func] New '-R' option in dnssec-signzone forces removal 3085. [func] New '-R' option in dnssec-signzone forces removal
of signatures which have not yet expired but of signatures which have not yet expired but
were generated by a key that no longer exists. were generated by a key that no longer exists.

16
bin/dnssec/dnssec-settime.c
View File

@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE. * PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: dnssec-settime.c,v 1.30 2011/03/17 23:47:29 tbox Exp $ */ /* $Id: dnssec-settime.c,v 1.31 2011/03/21 15:56:35 each Exp $ */
/*! \file */ /*! \file */
@@ -237,7 +237,6 @@ main(int argc, char **argv) {
ttl = 0; ttl = 0;
else else
ttl = strtottl(isc_commandline_argument); ttl = strtottl(isc_commandline_argument);
changed = ISC_TRUE;
setttl = ISC_TRUE; setttl = ISC_TRUE;
break; break;
case 'v': case 'v':
@@ -526,6 +525,19 @@ main(int argc, char **argv) {
if (setttl) if (setttl)
dst_key_setttl(key, ttl); dst_key_setttl(key, ttl);
/*
* No metadata changes were made but we're forcing an upgrade
* to the new format anyway: use "-P now -A now" as the default
*/
if (force && !changed) {
dst_key_settime(key, DST_TIME_PUBLISH, now);
dst_key_settime(key, DST_TIME_ACTIVATE, now);
changed = ISC_TRUE;
}
if (!changed && setttl)
changed = ISC_TRUE;
/* /*
* Print out time values, if -p was used. * Print out time values, if -p was used.
*/ */

6
bin/dnssec/dnssec-settime.docbook
View File

@@ -17,7 +17,7 @@
- PERFORMANCE OF THIS SOFTWARE. - PERFORMANCE OF THIS SOFTWARE.
--> -->
<!-- $Id: dnssec-settime.docbook,v 1.13 2011/03/17 23:47:29 tbox Exp $ --> <!-- $Id: dnssec-settime.docbook,v 1.14 2011/03/21 15:56:35 each Exp $ -->
<refentry id="man.dnssec-settime"> <refentry id="man.dnssec-settime">
<refentryinfo> <refentryinfo>
<date>July 15, 2009</date> <date>July 15, 2009</date>
@@ -100,7 +100,9 @@
fail when attempting to update a legacy key. With this option, fail when attempting to update a legacy key. With this option,
the key will be recreated in the new format, but with the the key will be recreated in the new format, but with the
original key data retained. The key's creation date will be original key data retained. The key's creation date will be
set to the present time. set to the present time. If no other values are specified,
then the key's publication and activation dates will also
be set to the present time.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>

4
bin/tests/system/metadata/clean.sh
View File

@@ -14,10 +14,10 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE. # PERFORMANCE OF THIS SOFTWARE.
# $Id: clean.sh,v 1.3 2009/11/30 23:48:02 tbox Exp $ # $Id: clean.sh,v 1.4 2011/03/21 15:56:35 each Exp $
rm -f K* dsset-* *.signed *.new random.data rm -f K* dsset-* *.signed *.new random.data
rm -f zsk.key ksk.key parent.ksk.key parent.zsk.key rm -f zsk.key ksk.key parent.ksk.key parent.zsk.key
rm -f pending.key rolling.key standby.key inact.key rm -f pending.key rolling.key standby.key inact.key
rm -f prerev.key postrev.key rm -f prerev.key postrev.key oldstyle.key
rm -f keys sigs rm -f keys sigs

5
bin/tests/system/metadata/setup.sh
View File

@@ -14,7 +14,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE. # PERFORMANCE OF THIS SOFTWARE.
# $Id: setup.sh,v 1.3 2009/11/30 23:48:02 tbox Exp $ # $Id: setup.sh,v 1.4 2011/03/21 15:56:35 each Exp $
SYSTEMTESTTOP=.. SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh . $SYSTEMTESTTOP/conf.sh
@@ -66,3 +66,6 @@ echo $pzsk > parent.zsk.key
pksk=`$KEYGEN -q -r $RANDFILE -fk $pzone` pksk=`$KEYGEN -q -r $RANDFILE -fk $pzone`
echo $pksk > parent.ksk.key echo $pksk > parent.ksk.key
oldstyle=`$KEYGEN -Cq -r $RANDFILE $pzone`
echo $oldstyle > oldstyle.key

13
bin/tests/system/metadata/tests.sh
View File

@@ -14,7 +14,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE. # PERFORMANCE OF THIS SOFTWARE.
# $Id: tests.sh,v 1.7 2011/03/05 23:52:30 tbox Exp $ # $Id: tests.sh,v 1.8 2011/03/21 15:56:35 each Exp $
SYSTEMTESTTOP=.. SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh . $SYSTEMTESTTOP/conf.sh
@@ -134,5 +134,16 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret` status=`expr $status + $ret`
echo "I:checking update of an old-style key"
ret=0
# printing metadata should not work with an old-style key
$SETTIME -pall `cat oldstyle.key` > /dev/null 2>&1 && ret=1
$SETTIME -f `cat oldstyle.key` > /dev/null 2>&1 || ret=1
# but now it should
$SETTIME -pall `cat oldstyle.key` > /dev/null 2>&1 || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:exit status: $status" echo "I:exit status: $status"
exit $status exit $status