trust anchors: remove key missing for too long

It was strange to keep it indefinitely, and the code was already
half-prepared for this change.  Theoretically, if a resolver has been
stopped for too long to miss a key's period of Revoked status, it would
continue to trust the key forever.

diff --git a/daemon/lua/trust_anchors.lua.in b/daemon/lua/trust_anchors.lua.in
index 0619d97617e8662f47af5e1308cb116715a22725..3eb6da5c2e23f5058ca81a27346c3a40f70c6866 100644 (file)
--- a/daemon/lua/trust_anchors.lua.in
+++ b/daemon/lua/trust_anchors.lua.in
@@ -148,6 +148,13 @@ local function ta_missing(ta, hold_down_time)
        if ta.state == key_state.Valid then
                ta.state = key_state.Missing
                ta.timer = os.time() + hold_down_time
+
+       -- Remove key that is missing for too long
+       elseif ta.state == key_state.Missing and os.difftime(ta.timer, os.time()) <= 0 then
+               ta.state = key_state.Removed
+               print('[ ta ] key: '..key_tag..' removed because missing for too long')
+               keep_ta = false
+
        -- Purge pending key
        elseif ta.state == key_state.AddPend then
                print('[ ta ] key: '..key_tag..' purging')