else:
keys = zsks
- for (private_key, dnskey) in keys:
+ for private_key, dnskey in keys:
rrsig = dns.dnssec.sign(
rrset=rrset,
private_key=private_key,
*zone*, a ``dns.zone.Zone``, the zone to sign.
- *txn*, a ``dns.transaction.Transaction``, an optional transaction to use
- for signing.
+ *txn*, a ``dns.transaction.Transaction``, an optional transaction to use for
+ signing.
- *keys*, a list of (``PrivateKey``, ``DNSKEY``) tuples, to use for signing.
- KSK/ZSK roles are assigned automatically if the SEP flag is used, otherwise
- all RRsets are signed by all keys.
+ *keys*, a list of (``PrivateKey``, ``DNSKEY``) tuples, to use for signing. KSK/ZSK
+ roles are assigned automatically if the SEP flag is used, otherwise all RRsets are
+ signed by all keys.
- *add_dnskey*, a ``bool``. If ``True``, the default, all specified
- DNSKEYs are automatically added to the zone on signing.
+ *add_dnskey*, a ``bool``. If ``True``, the default, all specified DNSKEYs are
+ automatically added to the zone on signing.
- *dnskey_ttl*, a``int``, specifies the TTL for DNSKEY RRs. If not specified
- the TTL of the existing DNSKEY RRset used or the TTL of the SOA RRset.
+ *dnskey_ttl*, a``int``, specifies the TTL for DNSKEY RRs. If not specified the TTL
+ of the existing DNSKEY RRset used or the TTL of the SOA RRset.
- *inception*, a ``datetime``, ``str``, ``int``, ``float`` or ``None``, the
- signature inception time. If ``None``, the current time is used. If a ``str``, the
- format is "YYYYMMDDHHMMSS" or alternatively the number of seconds since the UNIX
- epoch in text form; this is the same the RRSIG rdata's text form.
- Values of type `int` or `float` are interpreted as seconds since the UNIX epoch.
+ *inception*, a ``datetime``, ``str``, ``int``, ``float`` or ``None``, the signature
+ inception time. If ``None``, the current time is used. If a ``str``, the format is
+ "YYYYMMDDHHMMSS" or alternatively the number of seconds since the UNIX epoch in text
+ form; this is the same the RRSIG rdata's text form. Values of type `int` or `float`
+ are interpreted as seconds since the UNIX epoch.
*expiration*, a ``datetime``, ``str``, ``int``, ``float`` or ``None``, the signature
expiration time. If ``None``, the expiration time will be the inception time plus
- the value of the *lifetime* parameter. See the description of *inception* above
- for how the various parameter types are interpreted.
+ the value of the *lifetime* parameter. See the description of *inception* above for
+ how the various parameter types are interpreted.
*lifetime*, an ``int`` or ``None``, the signature lifetime in seconds. This
parameter is only meaningful if *expiration* is ``None``.
- *nsec3*, a ``NSEC3PARAM`` Rdata, configures signing using NSEC3. Not yet implemented.
+ *nsec3*, a ``NSEC3PARAM`` Rdata, configures signing using NSEC3. Not yet
+ implemented.
- *rrset_signer*, a ``Callable``, an optional function for signing RRsets.
- The function requires two arguments: transaction and RRset. If the not
- specified, ``dns.dnssec.default_rrset_signer`` will be used.
+ *rrset_signer*, a ``Callable``, an optional function for signing RRsets. The
+ function requires two arguments: transaction and RRset. If the not specified,
+ ``dns.dnssec.default_rrset_signer`` will be used.
Returns ``None``.
"""
else:
soa = _txn.get(zone.origin, dns.rdatatype.SOA)
dnskey_ttl = soa.ttl
- for (_, dnskey) in keys:
+ for _, dnskey in keys:
_txn.add(zone.origin, dnskey_ttl, dnskey)
if nsec3:
projects / thirdparty / dnspython.git / commitdiff
