return config["zone-propagation-delay"] + max(ttl1, ttl2)
-def Iret(config, zsk=True, ksk=False, rollover=True):
+def Iret(config, zsk=True, ksk=False, rollover=True, smooth=True):
sign_delay = timedelta(0)
safety_interval = timedelta(0)
if rollover:
- sign_delay = config["signatures-validity"] - config["signatures-refresh"]
+ if smooth:
+ sign_delay = config["signatures-validity"] - config["signatures-refresh"]
safety_interval = config["retire-safety"]
iretKSK = timedelta(0)
if "Lifetime" not in self.metadata or self.metadata["Lifetime"] == 0:
return
- iret = Iret(config, zsk=self.key.is_zsk(), ksk=self.key.is_ksk())
+ sigdel = self.key.get_timing("SigRemoved", must_exist=False)
+ smooth = sigdel is None
+ iret = Iret(config, zsk=self.key.is_zsk(), ksk=self.key.is_ksk(), smooth=smooth)
self.timing["Removed"] = self.timing["Retired"] + iret
def set_expected_keytimes(
ZSK_LIFETIME = TIMEDELTA["P30D"]
LIFETIME_POLICY = int(ZSK_LIFETIME.total_seconds())
IPUB = Ipub(CONFIG)
-IRET = Iret(CONFIG, rollover=True)
+IRET = Iret(CONFIG)
KEYTTLPROP = CONFIG["dnskey-ttl"] + CONFIG["zone-propagation-delay"]
OFFSETS = {}
OFFSETS["step1-p"] = -int(TIMEDELTA["P7D"].total_seconds())
watcher.wait_for_line(f"zone {zone}/IN (signed): sending notifies")
step["smooth"] = False
+ step["nextev"] = Iret(CONFIG, smooth=False)
isctest.kasp.check_rollover_step(ns3, CONFIG, POLICY, step)
projects / thirdparty / bind9.git / commitdiff
