[ ta ] key: 19036 state: Valid
-.. envvar:: trust_anchors.keyfile_default = KEYFILE_DEFAULT
+.. envvar:: trust_anchors.keyfile_default = keyfile_default
- Set by ``KEYFILE_DEFAULT`` during compilation (by default ``nil``). This can be explicitly
+ Set by ``keyfile_default`` option during compilation (by default ``nil``). This can be explicitly
set to ``nil`` to override the value set during compilation in order to disable DNSSEC.
.. envvar:: trust_anchors.hold_down_time = 30 * day
ev = event.after(0, function () return 1 end)
--- Import fake root zone; avoid interference with configured KEYFILE_DEFAULT.
+-- Import fake root zone; avoid interference with configured keyfile_default.
trust_anchors.keyfile_default = nil
trust_anchors.add('. IN DS 48409 8 2 3D63A0C25BCE86621DE63636F11B35B908EFE8E9381E0E3E9DEFD89EA952C27D')
lua_modules_daemon = [
'kres',
'kres-gen',
- #'trust_anchors', # TODO
+ 'trust_anchors',
'zonefile',
]
+# trust_anchors.lua
+configure_file(
+ input: 'trust_anchors.lua.in',
+ output: 'trust_anchors.lua',
+ configuration: config
+)
+
+
# install lua modules
foreach mod : lua_modules_daemon
install_data(
bootstrap_url = 'https://data.iana.org/root-anchors/root-anchors.xml',
bootstrap_ca = '@ETCDIR@/icann-ca.pem',
-- change empty string to nil
- keyfile_default = ('@KEYFILE_DEFAULT@' ~= '' and '@KEYFILE_DEFAULT@') or nil,
+ keyfile_default = ('@keyfile_default@' ~= '' and '@keyfile_default@') or nil,
-- Load keys from a file, 5011-managed by default.
-- If managed and the file doesn't exist, try bootstrapping the root into it.
end
local host = 'https://localhost:8080/'
--- avoid interference with configured KEYFILE_DEFAULT
+-- avoid interference with configured keyfile_default
trust_anchors.keyfile_default = nil
local function test_err_cert()
"daemon", "``SBINDIR``", "``$(PREFIX)/sbin``", ""
"configuration", "``ETCDIR``", "``$(PREFIX)/etc/knot-resolver``", "Configuration file, templates."
"modules", "``MODULEDIR``", "``$(LIBDIR)/kdns_modules``", "Runtime directory for loading dynamic modules [#]_."
- "trust anchor file", "``KEYFILE_DEFAULT``", "*(none)*", "Path to read-only trust anchor file, which is used as fallback when no other file is specified. [#]_"
+ "trust anchor file", "``keyfile_default``", "*(none)*", "Path to read-only trust anchor file, which is used as fallback when no other file is specified. [#]_"
"work directory", "", "the current directory", "Run directory for daemon. (Only relevant during run time, not e.g. during installation.)"
.. [#] The ``libkres.pc`` is installed in ``$(LIBDIR)/pkgconfig``.
.. [#] The default moduledir can be changed with `-m` option to `kresd` daemon or by calling `moduledir()` function from lua.
-.. [#] If no other trust anchor is specified by user, the compiled-in path ``KEYFILE_DEFAULT`` must contain a valid trust anchor. This is typically used by distributions which provide DNSSEC root trust anchors as part of distribution package. Users can disable the built-in trust anchor by adding ``trust_anchors.keyfile_default = nil`` to their configuration.
+.. [#] If no other trust anchor is specified by user, the compiled-in path ``keyfile_default`` must contain a valid trust anchor. This is typically used by distributions which provide DNSSEC root trust anchors as part of distribution package. Users can disable the built-in trust anchor by adding ``trust_anchors.keyfile_default = nil`` to their configuration.
.. note:: Each module is self-contained and may install additional bundled files within ``$(MODULEDIR)/$(modulename)``. These files should be read-only, non-executable.
.B \-K\fI keyfile\fR, \fB\-\-keyfile\-ro=\fI<keyfile>
(Discouraged) Static root trust anchors file. The file is not updated by kresd. Use of this option is discouraged because it will break your installation when the trust anchor key changes!
-Default: "@KEYFILE_DEFAULT@" (can be empty if your distribution did not provide one)
+Default: "@keyfile_default@" (can be empty if your distribution did not provide one)
.TP
.B \-m\fI path\fR, \fB\-\-moduledir=\fI<path>
Override the directory that is searched for modules. Default: @MODULEDIR@
etc_dir = join_paths(get_option('prefix'), get_option('sysconfdir'), 'knot-resolver')
+config = configuration_data()
+config.set('keyfile_default', get_option('keyfile_default'))
# Project-wide dependencies
option('client', type : 'boolean', value : true, description: 'kresc client binary')
option('daemon', type: 'boolean', value: true, description: 'kresd daemon binary')
option('modules_dir', type: 'string', description: 'path to kres modules directory')
+option('keyfile_default', type: 'string', description: 'path to trust anchors file')
--- simulate building without KEYFILE_DEFAULT
+-- simulate building without keyfile_default
trust_anchors.keyfile_default = nil
--- simulate building with KEYFILE_DEFAULT
+-- simulate building with keyfile_default
trust_anchors.keyfile_default = "root1.keys"
projects / thirdparty / knot-resolver.git / commitdiff
