git.ipfire.org Git - thirdparty/bind9.git/commit

author	Matthijs Mekking <matthijs@isc.org>
	Mon, 8 Feb 2021 14:15:57 +0000 (15:15 +0100)
committer	Matthijs Mekking <matthijs@isc.org>
	Tue, 23 Feb 2021 08:16:48 +0000 (09:16 +0100)
commit	8c526cb67f5389986ca74bde893ab208ba690cb0
tree	b8ab74c5ab02570155444eb630939cc110182523	tree \| snapshot
parent	313de3a7e2f3cb85c7c9ba4e96905aa7ea4373dc	commit \| diff

Purge keys implementation

On each keymgr run, we now also check if key files can be removed.
The 'purge-keys' interval determines how long keys should be retained
after they have become completely hidden.

Key files should not be removed if it has a state that is set to
something else then HIDDEN, if purge-keys is 0 (disabled), if
the key goal is set to OMNIPRESENT, or if the key is unused (a key is
unused if no timing metadata set, and no states are set or if set,
they are set to HIDDEN).

If the last changed timing metadata plus the purge-keys interval is
in the past, the key files may be removed.

Add a dst_key_t variable 'purge' to signal that the key file should
not be written to file again.

lib/dns/dnssec.c		diff \| blob \| blame \| history
lib/dns/include/dns/dnssec.h		diff \| blob \| blame \| history
lib/dns/keymgr.c		diff \| blob \| blame \| history