3086. [bug] Running dnssec-settime -f on an old-style key will

now force an update to the new key format even if no other change has been specified, using "-P now -A now" as default values. [RT #22474]
2025-08-30 14:07:59 +00:00 · 2011-03-21 15:56:35 +00:00
parent d965c91f95
commit 10a759cee6
6 changed files with 41 additions and 8 deletions
--- a/5
+++ b/5
@@ -1,3 +1,8 @@
+3086.	[bug]		Running dnssec-settime -f on an old-style key will
+			now force an update to the new key format even if no
+			other change has been specified, using "-P now -A now"
+			as default values.  [RT #22474]
+
 3085.	[func]		New '-R' option in dnssec-signzone forces removal
 			of signatures which have not yet expired but
 			were generated by a key that no longer exists.
--- a/bin/dnssec/dnssec-settime.c
+++ b/bin/dnssec/dnssec-settime.c
@@ -14,7 +14,7 @@
 * PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: dnssec-settime.c,v 1.30 2011/03/17 23:47:29 tbox Exp $ */
+/* $Id: dnssec-settime.c,v 1.31 2011/03/21 15:56:35 each Exp $ */

 /*! \file */

@@ -237,7 +237,6 @@ main(int argc, char **argv) {
 				ttl = 0;
 			else
 				ttl = strtottl(isc_commandline_argument);
-			changed = ISC_TRUE;
 			setttl = ISC_TRUE;
 			break;
 		case 'v':
@@ -526,6 +525,19 @@ main(int argc, char **argv) {
 	if (setttl)
 		dst_key_setttl(key, ttl);

+	/*
+	 * No metadata changes were made but we're forcing an upgrade
+	 * to the new format anyway: use "-P now -A now" as the default
+	 */
+	if (force && !changed) {
+		dst_key_settime(key, DST_TIME_PUBLISH, now);
+		dst_key_settime(key, DST_TIME_ACTIVATE, now);
+		changed = ISC_TRUE;
+	}
+
+	if (!changed && setttl)
+		changed = ISC_TRUE;
+
 	/*
 	 * Print out time values, if -p was used.
 	 */
--- a/bin/dnssec/dnssec-settime.docbook
+++ b/bin/dnssec/dnssec-settime.docbook
@@ -17,7 +17,7 @@
 - PERFORMANCE OF THIS SOFTWARE.
 -->

-<!-- $Id: dnssec-settime.docbook,v 1.13 2011/03/17 23:47:29 tbox Exp $ -->
+<!-- $Id: dnssec-settime.docbook,v 1.14 2011/03/21 15:56:35 each Exp $ -->
 <refentry id="man.dnssec-settime">
  <refentryinfo>
    <date>July 15, 2009</date>
@@ -100,7 +100,9 @@
            fail when attempting to update a legacy key.  With this option,
            the key will be recreated in the new format, but with the
            original key data retained.  The key's creation date will be
-            set to the present time. 
+            set to the present time.  If no other values are specified, 
+            then the key's publication and activation dates will also 
+            be set to the present time.
 	  </para>
        </listitem>
      </varlistentry>
--- a/bin/tests/system/metadata/clean.sh
+++ b/bin/tests/system/metadata/clean.sh
@@ -14,10 +14,10 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.

-# $Id: clean.sh,v 1.3 2009/11/30 23:48:02 tbox Exp $
+# $Id: clean.sh,v 1.4 2011/03/21 15:56:35 each Exp $

 rm -f K* dsset-* *.signed *.new random.data
 rm -f zsk.key ksk.key parent.ksk.key parent.zsk.key 
 rm -f pending.key rolling.key standby.key inact.key
-rm -f prerev.key postrev.key
+rm -f prerev.key postrev.key oldstyle.key
 rm -f keys sigs
--- a/bin/tests/system/metadata/setup.sh
+++ b/bin/tests/system/metadata/setup.sh
@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.

-# $Id: setup.sh,v 1.3 2009/11/30 23:48:02 tbox Exp $
+# $Id: setup.sh,v 1.4 2011/03/21 15:56:35 each Exp $

 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
@@ -66,3 +66,6 @@ echo $pzsk > parent.zsk.key
 pksk=`$KEYGEN -q -r $RANDFILE -fk $pzone`
 echo $pksk > parent.ksk.key

+oldstyle=`$KEYGEN -Cq -r $RANDFILE $pzone`
+echo $oldstyle > oldstyle.key
+
--- a/bin/tests/system/metadata/tests.sh
+++ b/bin/tests/system/metadata/tests.sh
@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.

-# $Id: tests.sh,v 1.7 2011/03/05 23:52:30 tbox Exp $
+# $Id: tests.sh,v 1.8 2011/03/21 15:56:35 each Exp $

 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
@@ -134,5 +134,16 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`

+echo "I:checking update of an old-style key"
+ret=0
+# printing metadata should not work with an old-style key
+$SETTIME -pall `cat oldstyle.key` > /dev/null 2>&1 && ret=1
+$SETTIME -f `cat oldstyle.key` > /dev/null 2>&1 || ret=1
+# but now it should
+$SETTIME -pall `cat oldstyle.key` > /dev/null 2>&1 || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
 echo "I:exit status: $status"
 exit $status