+3086. [bug] Running dnssec-settime -f on an old-style key will
+ now force an update to the new key format even if no
+ other change has been specified, using "-P now -A now"
+ as default values. [RT #22474]
+
3085. [func] New '-R' option in dnssec-signzone forces removal
of signatures which have not yet expired but
were generated by a key that no longer exists.
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dnssec-settime.c,v 1.30 2011/03/17 23:47:29 tbox Exp $ */
+/* $Id: dnssec-settime.c,v 1.31 2011/03/21 15:56:35 each Exp $ */
/*! \file */
ttl = 0;
else
ttl = strtottl(isc_commandline_argument);
- changed = ISC_TRUE;
setttl = ISC_TRUE;
break;
case 'v':
if (setttl)
dst_key_setttl(key, ttl);
+ /*
+ * No metadata changes were made but we're forcing an upgrade
+ * to the new format anyway: use "-P now -A now" as the default
+ */
+ if (force && !changed) {
+ dst_key_settime(key, DST_TIME_PUBLISH, now);
+ dst_key_settime(key, DST_TIME_ACTIVATE, now);
+ changed = ISC_TRUE;
+ }
+
+ if (!changed && setttl)
+ changed = ISC_TRUE;
+
/*
* Print out time values, if -p was used.
*/
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dnssec-settime.docbook,v 1.13 2011/03/17 23:47:29 tbox Exp $ -->
+<!-- $Id: dnssec-settime.docbook,v 1.14 2011/03/21 15:56:35 each Exp $ -->
<refentry id="man.dnssec-settime">
<refentryinfo>
<date>July 15, 2009</date>
fail when attempting to update a legacy key. With this option,
the key will be recreated in the new format, but with the
original key data retained. The key's creation date will be
- set to the present time.
+ set to the present time. If no other values are specified,
+ then the key's publication and activation dates will also
+ be set to the present time.
</para>
</listitem>
</varlistentry>
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: clean.sh,v 1.3 2009/11/30 23:48:02 tbox Exp $
+# $Id: clean.sh,v 1.4 2011/03/21 15:56:35 each Exp $
rm -f K* dsset-* *.signed *.new random.data
rm -f zsk.key ksk.key parent.ksk.key parent.zsk.key
rm -f pending.key rolling.key standby.key inact.key
-rm -f prerev.key postrev.key
+rm -f prerev.key postrev.key oldstyle.key
rm -f keys sigs
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: setup.sh,v 1.3 2009/11/30 23:48:02 tbox Exp $
+# $Id: setup.sh,v 1.4 2011/03/21 15:56:35 each Exp $
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
pksk=`$KEYGEN -q -r $RANDFILE -fk $pzone`
echo $pksk > parent.ksk.key
+oldstyle=`$KEYGEN -Cq -r $RANDFILE $pzone`
+echo $oldstyle > oldstyle.key
+
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: tests.sh,v 1.7 2011/03/05 23:52:30 tbox Exp $
+# $Id: tests.sh,v 1.8 2011/03/21 15:56:35 each Exp $
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
+echo "I:checking update of an old-style key"
+ret=0
+# printing metadata should not work with an old-style key
+$SETTIME -pall `cat oldstyle.key` > /dev/null 2>&1 && ret=1
+$SETTIME -f `cat oldstyle.key` > /dev/null 2>&1 || ret=1
+# but now it should
+$SETTIME -pall `cat oldstyle.key` > /dev/null 2>&1 || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
echo "I:exit status: $status"
exit $status
projects / thirdparty / bind9.git / commitdiff
