From: Petr Špaček <petr.spacek@nic.cz>
Date: Thu, 14 Mar 2019 16:57:49 +0000 (+0100)
Subject: trust_anchors: do not bootstrap if root TA exists
X-Git-Tag: v4.0.0~15^2~24
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f57cf735bf0b112042b09faf6e065e9954026870;p=thirdparty%2Fknot-resolver.git

trust_anchors: do not bootstrap if root TA exists

Previously a typo in keyfile path triggered re-bootstrap even if root TA
was already installed.
---

diff --git a/daemon/lua/trust_anchors.lua.in b/daemon/lua/trust_anchors.lua.in
index dce6d0689..0643763db 100644
--- a/daemon/lua/trust_anchors.lua.in
+++ b/daemon/lua/trust_anchors.lua.in
@@ -317,6 +317,11 @@ local function add_file(path, unmanaged)
 
 	-- Bootstrap if requested and keyfile doesn't exist
 	if managed and not io.open(path, 'r') then
+		if trust_anchors.keysets['\0'] then
+			error(string.format(
+				"[ ta ] keyfile '%s' doesn't exist and root key is already installed, "
+				.. "cannot bootstrap; provide a path to valid file with keys", path))
+		end
 		log("[ ta ] keyfile '%s': doesn't exist, bootstrapping", path);
 		local tas, msg = bootstrap(trust_anchors.bootstrap_url, trust_anchors.bootstrap_ca)
 		if not tas then