]> git.ipfire.org Git - thirdparty/bind9.git/commitdiff
projects / thirdparty / bind9.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 224a6a6)
dnssec-keygen: -K keydir takes priority
authorMatthijs Mekking <matthijs@isc.org>
Thu, 13 Apr 2023 09:17:43 +0000 (11:17 +0200)
committerMatthijs Mekking <matthijs@isc.org>
Thu, 25 Jan 2024 13:48:07 +0000 (14:48 +0100)
When using dnssec-policy with dnssec-keygen in combination with setting
the key-directory on the command line, the commandline argument takes
priority over the key-directory from the default named.conf.

bin/dnssec/dnssec-keygen.c patch | blob | blame | history
bin/tests/system/kasp/tests.sh patch | blob | blame | history

diff --git a/bin/dnssec/dnssec-keygen.c b/bin/dnssec/dnssec-keygen.c
index 9f9c3b5b08786e32cf17f594df1f76a0c8806221..c3b98ce0a56e28e9c6b15f37b1db259b625557e9 100644 (file)
--- a/bin/dnssec/dnssec-keygen.c
+++ b/bin/dnssec/dnssec-keygen.c
@@ -256,7 +256,7 @@ progress(int p) {
 
 static void
 kasp_from_conf(cfg_obj_t *config, isc_mem_t *mctx, const char *name,
-              const char *engine, dns_kasp_t **kaspp) {
+              const char *keydir, const char *engine, dns_kasp_t **kaspp) {
        isc_result_t result = ISC_R_NOTFOUND;
        const cfg_listelt_t *element;
        const cfg_obj_t *kasps = NULL;
@@ -289,6 +289,10 @@ kasp_from_conf(cfg_obj_t *config, isc_mem_t *mctx, const char *name,
        ks = NULL;
        (void)cfg_keystore_fromconfig(NULL, mctx, lctx, engine, &kslist, &ks);
        INSIST(ks != NULL);
+       if (keydir != NULL) {
+               /* '-K keydir' takes priority */
+               dns_keystore_setdirectory(ks, keydir);
+       }
        dns_keystore_detach(&ks);
 
        (void)cfg_map_get(config, "dnssec-policy", &kasps);
@@ -1328,7 +1332,8 @@ main(int argc, char **argv) {
                                      ctx.policy, ctx.configfile);
                        }
 
-                       kasp_from_conf(config, mctx, ctx.policy, engine, &kasp);
+                       kasp_from_conf(config, mctx, ctx.policy, ctx.directory,
+                                      engine, &kasp);
                        if (kasp == NULL) {
                                fatal("failed to load dnssec-policy '%s'",
                                      ctx.policy);
diff --git a/bin/tests/system/kasp/tests.sh b/bin/tests/system/kasp/tests.sh
index e0eb1433850b2941d028976d483449b7165fa768..b6c80b83111893c580715c32d11b0c00550af747 100644 (file)
--- a/bin/tests/system/kasp/tests.sh
+++ b/bin/tests/system/kasp/tests.sh
@@ -97,6 +97,7 @@ set_zonesigning "KEY4" "yes"
 
 lines=$(get_keyids "$DIR" "$ZONE" | wc -l)
 test "$lines" -eq $NUM_KEYS || log_error "bad number of key ids"
+status=$((status + ret))
 
 ids=$(get_keyids "$DIR" "$ZONE")
 for id in $ids; do
Mirror of https://gitlab.isc.org/isc-projects/bind9.git