From: Colin Vidal <colin@isc.org>
Date: Mon, 13 Oct 2025 16:35:52 +0000 (+0200)
Subject: fix delv when using the builtin trust-anchors
X-Git-Tag: v9.21.15~22^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a7080db2111c26f8e26675a8a2da7fbd2edeb215;p=thirdparty%2Fbind9.git

fix delv when using the builtin trust-anchors

Since the builtin trust-anchors are now called `builtin-trust-anchors`,
delv needs specific handling in order to be able to parse those when
they are used.

Before, delv was simply parsing a single clause (either in the case of
an overriden trust-anchors value from bindkeys file or by simply reading
the builtin value). But since the name changed, the same code can't be
shared and the builtin version is expected to be in a map.
---

diff --git a/bin/delv/delv.c b/bin/delv/delv.c
index b05e05f2d22..f462a13c165 100644
--- a/bin/delv/delv.c
+++ b/bin/delv/delv.c
@@ -75,6 +75,7 @@
 
 #include <dst/dst.h>
 
+#include <isccfg/grammar.h>
 #include <isccfg/namedconf.h>
 
 #include <ns/client.h>
@@ -158,9 +159,17 @@ static dns_name_t *anchor_name = NULL;
 static dns_master_style_t *style = NULL;
 static dns_fixedname_t qfn;
 
-/* Default trust anchors */
+/* Default trust anchors and clause/type definitions */
 static char anchortext[] = TRUST_ANCHORS;
 
+static cfg_clausedef_t delv_clauses[] = { { "builtin-trust-anchors",
+					    &cfg_type_builtin_dnsseckeys,
+					    CFG_CLAUSEFLAG_MULTI },
+					  { NULL, NULL, 0 } };
+static cfg_clausedef_t *delv_clausesets[] = { delv_clauses, NULL };
+static cfg_type_t delv_type = { "delv", cfg_parse_mapbody, NULL,
+				NULL,	&cfg_rep_map,	   delv_clausesets };
+
 /*
  * Static function prototypes
  */
@@ -833,20 +842,23 @@ setup_dnsseckeys(dns_client_t *client, dns_view_t *toview) {
 		if (result != ISC_R_SUCCESS) {
 			fatal("Unable to load keys from '%s'", anchorfile);
 		}
+
+		INSIST(bindkeys != NULL);
+		cfg_map_get(bindkeys, "trust-anchors", &trust_anchors);
 	} else {
 		isc_buffer_t b;
 
 		isc_buffer_init(&b, anchortext, sizeof(anchortext) - 1);
 		isc_buffer_add(&b, sizeof(anchortext) - 1);
-		result = cfg_parse_buffer(isc_g_mctx, &b, NULL, 0,
-					  &cfg_type_bindkeys, 0, &bindkeys);
+		result = cfg_parse_buffer(isc_g_mctx, &b, NULL, 0, &delv_type,
+					  0, &bindkeys);
 		if (result != ISC_R_SUCCESS) {
 			fatal("Unable to parse built-in keys");
 		}
+		INSIST(bindkeys != NULL);
+		cfg_map_get(bindkeys, "builtin-trust-anchors", &trust_anchors);
 	}
 
-	INSIST(bindkeys != NULL);
-	cfg_map_get(bindkeys, "trust-anchors", &trust_anchors);
 	if (trust_anchors != NULL) {
 		CHECK(load_keys(trust_anchors, client, toview));
 	}
diff --git a/lib/isccfg/include/isccfg/namedconf.h b/lib/isccfg/include/isccfg/namedconf.h
index d2fa34b58ed..8843b926232 100644
--- a/lib/isccfg/include/isccfg/namedconf.h
+++ b/lib/isccfg/include/isccfg/namedconf.h
@@ -29,6 +29,9 @@ extern cfg_type_t cfg_type_namedconf;
 extern cfg_type_t cfg_type_bindkeys;
 /*%< A bind.keys file. */
 
+extern cfg_type_t cfg_type_builtin_dnsseckeys;
+/*%< The builtin dnsseckey builtin-trust-anchors */
+
 extern cfg_type_t cfg_type_addzoneconf;
 /*%< A single zone passed via the addzone rndc command. */