git.ipfire.org Git - thirdparty/bind9.git/commit

author	Matthijs Mekking <matthijs@isc.org>
	Tue, 26 Jan 2021 10:32:24 +0000 (11:32 +0100)
committer	Matthijs Mekking <matthijs@isc.org>
	Wed, 3 Feb 2021 07:36:01 +0000 (08:36 +0100)
commit	76cf72e65a7ff23d3ad10dc917d58d7520e1d44e
tree	e2766d84d6d32d256112722d2894e8cf7fe8882f	tree \| snapshot
parent	d4b2b7072d3b858a53f47ad5de7c50663d543ad5	commit \| diff

Correctly initialize old key with state file

The 'key_init()' function is used to initialize a state file for keys
that don't have one yet. This can happen if you are migrating from a
'auto-dnssec' or 'inline-signing' to a 'dnssec-policy' configuration.

It did not look at the "Inactive" and "Delete" timing metadata and so
old keys left behind in the key directory would also be considered as
a possible active key. This commit fixes this and now explicitly sets
the key goal to OMNIPRESENT for keys that have their "Active/Publish"
timing metadata in the past, but their "Inactive/Delete" timing
metadata in the future. If the "Inactive/Delete" timing metadata is
also in the past, the key goal is set to HIDDEN.

If the "Inactive/Delete" timing metadata is in the past, also the
key states are adjusted to either UNRETENTIVE or HIDDEN, depending on
how far in the past the metadata is set.

CHANGES		diff \| blob \| blame \| history
doc/notes/notes-current.rst		diff \| blob \| blame \| history
lib/dns/keymgr.c		diff \| blob \| blame \| history