From bafc3a22d91cacee3e12c7a92a624d6e7991d663 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Jan=20H=C3=A1k?= <jan.hak@nic.cz>
Date: Fri, 3 Oct 2025 10:29:09 +0200
Subject: [PATCH] dbus: add serial to external_verify event

---
 doc/reference.rst              | 30 ++++++++++++++++--------------
 samples/dbus_client.pl         |  4 ++--
 samples/dbus_client.py         |  4 ++--
 samples/dbus_client.sh         |  2 +-
 src/knot/common/dbus.c         |  6 +++---
 src/knot/common/dbus.h         |  3 ++-
 src/knot/updates/zone-update.c |  2 +-
 7 files changed, 27 insertions(+), 24 deletions(-)

diff --git a/doc/reference.rst b/doc/reference.rst
index 3f5bd4f86d..4a1c05c17b 100644
--- a/doc/reference.rst
+++ b/doc/reference.rst
@@ -653,23 +653,25 @@ the interface name is ``cz.nic.knotd.events``.
 Possible values:
 
 - ``none`` â No signal is emitted.
-- ``running`` â There are two possible signals emitted:
+- ``running`` â Two signals may be emitted:
 
-  - ``started`` when the server is started and all configured zones (including
+  - ``started`` â Emitted when the server is started and all configured zones (including
     catalog zones and their members) are loaded or successfully bootstrapped.
-  - ``stopped`` when the server shutdown sequence is initiated.
-- ``zone-updated`` â The signal ``zone_updated`` is emitted when a zone has been updated;
-  the signal parameters are `zone name` and `zone SOA serial`.
-- ``external-verify`` - The signal ``external_verify`` is emitted when a zone is awaiting
-  external validation before applying the changes; the signal parameter is `zone name`.
-- ``keys-updated`` - The signal ``keys_updated`` is emitted when a DNSSEC key set
-  is updated; the signal parameter is `zone name`.
-- ``ksk-submission`` â The signal ``zone_ksk_submission`` is emitted if there is
-  a ready KSK present when the zone is signed; the signal parameters are
-  `zone name`, `KSK keytag`, and `KSK KASP id`.
+  - ``stopped`` â Emitted when the server shutdown sequence is initiated.
+- ``zone-updated`` â The signal ``zone_updated`` is emitted when a zone has been updated.
+  Parameters: **zone** name and zone SOA **serial**.
+- ``external-verify`` â The signal ``external_verify`` is emitted when a zone is awaiting
+  external validation before applying changes.
+  Parameters: **zone** name and new zone SOA **serial**.
+- ``keys-updated`` â The signal ``keys_updated`` is emitted when a DNSSEC key set
+  is updated.
+  Parameters: **zone** name.
+- ``ksk-submission`` â The signal ``zone_ksk_submission`` is emitted if a ready
+  KSK is present when the zone is signed.
+  Parameters: **zone** name, KSK **keytag**, and KSK KASP **id**.
 - ``dnssec-invalid`` â The signal ``zone_dnssec_invalid`` is emitted when DNSSEC
-  validation fails, or when ZONEMD verification fails; the signal parameters
-  are `zone name`, and `remaining seconds` until an RRSIG expires.
+  validation fails or when ZONEMD verification fails.
+  Parameters: **zone** name and remaining **seconds** until an RRSIG expires.
 
 .. NOTE::
    This function requires systemd version at least 221 or libdbus.
diff --git a/samples/dbus_client.pl b/samples/dbus_client.pl
index f6bf00be08..5548330a69 100755
--- a/samples/dbus_client.pl
+++ b/samples/dbus_client.pl
@@ -44,8 +44,8 @@ $knotd_interface->connect_to_signal('zone_updated', sub
 
 $knotd_interface->connect_to_signal('external_verify', sub
 {
-    my ($zone) = @_;
-    print "Awaiting external validation for zone=$zone\n";
+    my ($zone, $serial) = @_;
+    print "Awaiting external validation for zone=$zone serial=$serial\n";
 });
 
 $knotd_interface->connect_to_signal('keys_updated', sub
diff --git a/samples/dbus_client.py b/samples/dbus_client.py
index 8e9dd23087..c30e9de34f 100755
--- a/samples/dbus_client.py
+++ b/samples/dbus_client.py
@@ -24,8 +24,8 @@ def sig_updated(sender, path, interface, signal, args):
     print("Updated zone=%s to serial=%d" % (zone, serial))
 
 def sig_external(sender, path, interface, signal, args):
-    (zone) = args
-    print("Awaiting external validation for zone=%s" % (zone))
+    (zone, serial) = args
+    print("Awaiting external validation for zone=%s serial=%u" % (zone, serial))
 
 def sig_keys_upd(sender, path, interface, signal, args):
     (zone) = args
diff --git a/samples/dbus_client.sh b/samples/dbus_client.sh
index 8b8c037df8..1b78afeacd 100755
--- a/samples/dbus_client.sh
+++ b/samples/dbus_client.sh
@@ -17,7 +17,7 @@ cb() {
 		echo "Updated zone=${2} to serial=${3}"
 		;;
 	external_verify)
-		echo "Awaiting external validation for zone=${2}"
+		echo "Awaiting external validation for zone=${2} serial=${3}"
 		;;
 	zone_dnssec_invalid)
 		echo "Invalid DNSSEC for zone=${2} remaining=${3} seconds"
diff --git a/src/knot/common/dbus.c b/src/knot/common/dbus.c
index 13623a1546..58f856812a 100644
--- a/src/knot/common/dbus.c
+++ b/src/knot/common/dbus.c
@@ -192,14 +192,14 @@ void dbus_emit_zone_updated(const knot_dname_t *zone_name, uint32_t serial)
 #endif // ENABLE_DBUS
 }
 
-void dbus_emit_external_verify(const knot_dname_t *zone_name)
+void dbus_emit_external_verify(const knot_dname_t *zone_name, uint32_t serial)
 {
 #if ENABLE_DBUS
 	knot_dname_txt_storage_t buff;
 	char *zone_str = knot_dname_to_str(buff, zone_name, sizeof(buff));
 	if (zone_str != NULL) {
-		emit_event(KNOT_BUS_EVENT_EXTERNAL, "s",
-		           VALUE_OF(zone_str));
+		emit_event(KNOT_BUS_EVENT_EXTERNAL, "su", VALUE_OF(zone_str),
+		           VALUE_OF(serial));
 	}
 #endif // ENABLE_DBUS
 }
diff --git a/src/knot/common/dbus.h b/src/knot/common/dbus.h
index 1033d46561..abc2f2fa01 100644
--- a/src/knot/common/dbus.h
+++ b/src/knot/common/dbus.h
@@ -54,8 +54,9 @@ void dbus_emit_zone_updated(const knot_dname_t *zone_name, uint32_t serial);
  * \brief Emit event signal that external verify shall take place.
  *
  * \param zone_name   Zone name.
+ * \param serial      Candidate zone SOA serial.
  */
-void dbus_emit_external_verify(const knot_dname_t *zone_name);
+void dbus_emit_external_verify(const knot_dname_t *zone_name, uint32_t serial);
 
 /*!
  * \brief Emit event signal for updated DNSSEC key set.
diff --git a/src/knot/updates/zone-update.c b/src/knot/updates/zone-update.c
index c8db835a93..2f9d7778b7 100644
--- a/src/knot/updates/zone-update.c
+++ b/src/knot/updates/zone-update.c
@@ -1084,7 +1084,7 @@ int zone_update_external(conf_t *conf, zone_update_t *update, conf_val_t *ev_id)
 	log_zone_notice(update->zone->name, "waiting for external validation");
 
 	if (conf->cache.srv_dbus_event & DBUS_EVENT_EXTERNAL) {
-		dbus_emit_external_verify(update->zone->name);
+		dbus_emit_external_verify(update->zone->name, zone_contents_serial(update->new_cont));
 	}
 
 	val = conf_id_get(conf, C_EXTERNAL, C_TIMEOUT, ev_id);
-- 
2.47.3