diff --git a/.gitignore b/.gitignore index 3edbde71e7..242bd0efdb 100644 --- a/.gitignore +++ b/.gitignore @@ -75,6 +75,7 @@ doc/man/dnssec-importkey.8in doc/man/dnssec-keyfromlabel.8in doc/man/dnssec-keygen.8in doc/man/dnssec-keymgr.8in +doc/man/dnssec-ksr.8in doc/man/dnssec-revoke.8in doc/man/dnssec-settime.8in doc/man/dnssec-signzone.8in diff --git a/bin/dnssec/.gitignore b/bin/dnssec/.gitignore index 9d50f6cc8c..c7917cdbbe 100644 --- a/bin/dnssec/.gitignore +++ b/bin/dnssec/.gitignore @@ -2,6 +2,7 @@ dnssec-cds dnssec-dsfromkey dnssec-keyfromlabel dnssec-keygen +dnssec-ksr dnssec-makekeyset dnssec-revoke dnssec-settime diff --git a/bin/dnssec/Makefile.am b/bin/dnssec/Makefile.am index 0017705a0d..f3ecdffb0e 100644 --- a/bin/dnssec/Makefile.am +++ b/bin/dnssec/Makefile.am @@ -21,6 +21,7 @@ bin_PROGRAMS = \ dnssec-importkey \ dnssec-keyfromlabel \ dnssec-keygen \ + dnssec-ksr \ dnssec-revoke \ dnssec-settime \ dnssec-signzone \ diff --git a/bin/dnssec/dnssec-ksr.c b/bin/dnssec/dnssec-ksr.c new file mode 100644 index 0000000000..5efdebb8ee --- /dev/null +++ b/bin/dnssec/dnssec-ksr.c @@ -0,0 +1,84 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +/*! \file */ + +#include + +#include +#include + +#include "dnssectool.h" + +const char *program = "dnssec-ksr"; + +/* + * Infrastructure + */ +static isc_log_t *lctx = NULL; +static isc_mem_t *mctx = NULL; + +static void +usage(int ret) { + fprintf(stderr, "Usage:\n"); + fprintf(stderr, " %s options [options]\n", program); + fprintf(stderr, "Version: %s\n", PACKAGE_VERSION); + fprintf(stderr, "Options:\n" + " -h: print usage and exit\n" + " -v : set verbosity level\n" + " -V: print version information\n"); + exit(ret); +} + +int +main(int argc, char *argv[]) { + int ch; + char *endp; + + isc_mem_create(&mctx); + + isc_commandline_errprint = false; + +#define OPTIONS "hv:V" + while ((ch = isc_commandline_parse(argc, argv, OPTIONS)) != -1) { + switch (ch) { + case 'h': + usage(0); + break; + case 'V': + version(program); + break; + case 'v': + verbose = strtoul(isc_commandline_argument, &endp, 0); + if (*endp != '\0') { + fatal("-v must be followed by a number"); + } + break; + default: + usage(1); + break; + } + } + argv += isc_commandline_index; + argc -= isc_commandline_index; + + if (argc != 0) { + usage(1); + } + + setup_logging(mctx, &lctx); + + vbprintf(verbose, "KSR: Hello, world.\n"); + + exit(0); +} diff --git a/bin/dnssec/dnssec-ksr.rst b/bin/dnssec/dnssec-ksr.rst new file mode 100644 index 0000000000..16daae4b13 --- /dev/null +++ b/bin/dnssec/dnssec-ksr.rst @@ -0,0 +1,67 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +.. highlight: console + +.. iscman:: dnssec-ksr +.. program:: dnssec-ksr +.. _man_dnssec-ksr: + +dnssec-ksr - Create signed key response (SKR) files for offline KSK setups +-------------------------------------------------------------------------- + +Synopsis +~~~~~~~~ + +:program:`dnssec-ksr [**-h**]` [**-V**] [**-v** level] + +Description +~~~~~~~~~~~ + +The :program:`dnssec-ksr` command creates signed key responses (SKRs) that can +be loaded by a DNS authoritative server. An SKR is a RRset of type DNSKEY, +CDNSKEY, or CDS, with signatures from a key that is typically offline during +normal operation. + +Options +~~~~~~~ + +.. option:: -h + + This option prints a short summary of the options and arguments to + :program:`dnssec-ksr`. + +.. option:: -V + + This option prints version information. + +.. option:: -v level + + This option sets the debugging level. Level 1 is intended to be usefully + verbose for general users; higher levels are intended for developers. + +Exit Status +~~~~~~~~~~~ + +The :program:`dnssec-ksr` command exits 0 on success, or non-zero if an error +occurred. + +Examples +~~~~~~~~ + +To do. + +See Also +~~~~~~~~ + +:iscman:`dnssec-keygen(8) `, +:iscman:`dnssec-signzone(8) `, +BIND 9 Administrator Reference Manual. diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in index f09221ae5d..7b5db05baf 100644 --- a/bin/tests/system/conf.sh.in +++ b/bin/tests/system/conf.sh.in @@ -42,6 +42,7 @@ export IMPORTKEY=$TOP_BUILDDIR/bin/dnssec/dnssec-importkey export JOURNALPRINT=$TOP_BUILDDIR/bin/tools/named-journalprint export KEYFRLAB=$TOP_BUILDDIR/bin/dnssec/dnssec-keyfromlabel export KEYGEN=$TOP_BUILDDIR/bin/dnssec/dnssec-keygen +export KSR=$TOP_BUILDDIR/bin/dnssec/dnssec-ksr export MDIG=$TOP_BUILDDIR/bin/tools/mdig export NAMED=$TOP_BUILDDIR/bin/named/named export NSEC3HASH=$TOP_BUILDDIR/bin/tools/nsec3hash diff --git a/doc/arm/manpages.rst b/doc/arm/manpages.rst index a833bf6452..1a3847176a 100644 --- a/doc/arm/manpages.rst +++ b/doc/arm/manpages.rst @@ -23,6 +23,7 @@ Manual Pages .. include:: ../../bin/dnssec/dnssec-importkey.rst .. include:: ../../bin/dnssec/dnssec-keyfromlabel.rst .. include:: ../../bin/dnssec/dnssec-keygen.rst +.. include:: ../../bin/dnssec/dnssec-ksr.rst .. include:: ../../bin/dnssec/dnssec-revoke.rst .. include:: ../../bin/dnssec/dnssec-settime.rst .. include:: ../../bin/dnssec/dnssec-signzone.rst diff --git a/doc/man/Makefile.am b/doc/man/Makefile.am index 2590e20da6..37d29ed17f 100644 --- a/doc/man/Makefile.am +++ b/doc/man/Makefile.am @@ -11,6 +11,7 @@ MANPAGES_RST = \ dnssec-importkey.rst \ dnssec-keyfromlabel.rst \ dnssec-keygen.rst \ + dnssec-ksr.rst \ dnssec-revoke.rst \ dnssec-settime.rst \ dnssec-signzone.rst \ @@ -51,6 +52,7 @@ MANPAGES_RST = \ ../../bin/dnssec/dnssec-importkey.rst \ ../../bin/dnssec/dnssec-keyfromlabel.rst \ ../../bin/dnssec/dnssec-keygen.rst \ + ../../bin/dnssec/dnssec-ksr.rst \ ../../bin/dnssec/dnssec-revoke.rst \ ../../bin/dnssec/dnssec-settime.rst \ ../../bin/dnssec/dnssec-signzone.rst \ @@ -87,6 +89,7 @@ man_MANS = \ dnssec-importkey.1 \ dnssec-keyfromlabel.1 \ dnssec-keygen.1 \ + dnssec-ksr.1 \ dnssec-revoke.1 \ dnssec-settime.1 \ dnssec-signzone.1 \ diff --git a/doc/man/conf.py b/doc/man/conf.py index bad518c1a5..3fc8d05ad8 100644 --- a/doc/man/conf.py +++ b/doc/man/conf.py @@ -100,6 +100,13 @@ man_pages = [ 1, ), ("dnssec-keygen", "dnssec-keygen", "DNSSEC key generation tool", author, 1), + ( + "dnssec-ksr", + "dnssec-ksr", + "create signed key response (SKR) files for offline KSK setups", + author, + 1, + ), ( "dnssec-revoke", "dnssec-revoke", diff --git a/doc/man/dnssec-ksr.rst b/doc/man/dnssec-ksr.rst new file mode 100644 index 0000000000..0ac2248209 --- /dev/null +++ b/doc/man/dnssec-ksr.rst @@ -0,0 +1,14 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +:orphan: + +.. include:: ../../bin/dnssec/dnssec-ksr.rst