dns_ttl_t ttl = 0;
isc_stdtime_t now;
isc_stdtime_t pub = 0, act = 0, rev = 0, inact = 0, del = 0;
+ isc_stdtime_t prevact = 0, previnact = 0, prevdel = 0;
isc_boolean_t setpub = ISC_FALSE, setact = ISC_FALSE;
isc_boolean_t setrev = ISC_FALSE, setinact = ISC_FALSE;
isc_boolean_t setdel = ISC_FALSE, setttl = ISC_FALSE;
if (predecessor != NULL) {
char keystr[DST_KEY_FORMATSIZE];
- isc_stdtime_t when;
int major, minor;
if (prepub == -1)
fatal("Predecessor has incompatible format "
"version %d.%d\n\t", major, minor);
- result = dst_key_gettime(prevkey, DST_TIME_ACTIVATE, &when);
+ result = dst_key_gettime(prevkey, DST_TIME_ACTIVATE, &prevact);
if (result != ISC_R_SUCCESS)
fatal("Predecessor has no activation date. "
"You must set one before\n\t"
"generating a successor.");
- result = dst_key_gettime(prevkey, DST_TIME_INACTIVE, &act);
+ result = dst_key_gettime(prevkey, DST_TIME_INACTIVE,
+ &previnact);
if (result != ISC_R_SUCCESS)
fatal("Predecessor has no inactivation date. "
"You must set one before\n\t"
"generating a successor.");
-
- pub = act - prepub;
+
+ pub = prevact - prepub;
if (pub < now && prepub != 0)
fatal("Predecessor will become inactive before the\n\t"
"prepublication period ends. Either change "
"or use the -i option to set a shorter "
"prepublication interval.");
- result = dst_key_gettime(prevkey, DST_TIME_DELETE, &when);
+ result = dst_key_gettime(prevkey, DST_TIME_DELETE, &prevdel);
if (result != ISC_R_SUCCESS)
- fprintf(stderr, "%s: WARNING: Predecessor has no "
+ fprintf(stderr, "%s: warning: Predecessor has no "
"removal date;\n\t"
"it will remain in the zone "
"indefinitely after rollover.\n",
program);
+ else if (prevdel < previnact)
+ fprintf(stderr, "%s: warning: Predecessor is "
+ "scheduled to be deleted\n\t"
+ "before it is scheduled to be "
+ "inactive.\n", program);
changed = setpub = setact = ISC_TRUE;
dst_key_free(&prevkey);
fatal("Key flags mismatch");
}
+ prevdel = previnact = 0;
+ if ((setdel && setinact && del < inact) ||
+ (dst_key_gettime(key, DST_TIME_INACTIVE,
+ &previnact) == ISC_R_SUCCESS &&
+ setdel && !setinact && del < previnact) ||
+ (dst_key_gettime(key, DST_TIME_DELETE,
+ &prevdel) == ISC_R_SUCCESS &&
+ setinact && !setdel && prevdel < inact) ||
+ (!setdel && !setinact && prevdel < previnact))
+ fprintf(stderr, "%s: warning: Key is scheduled to "
+ "be deleted before it is\n\t"
+ "scheduled to be inactive.\n",
+ program);
+
if (force)
set_keyversion(key);
else
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
+echo "I:checking warning about delete date < inactive date with dnssec-settime ($n)"
+ret=0
+# settime should print a warning about delete < inactive
+$SETTIME -I now+15s -D now `cat oldstyle.key` > tmp.out 2>&1 || ret=1
+grep "warning" tmp.out > /dev/null 2>&1 || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking warning about delete date < inactive date with dnssec-keygen ($n)"
+ret=0
+# keygen should print a warning about delete < inactive
+$KEYGEN -q -r $RANDFILE -I now+15s -D now $czone > tmp.out 2>&1 || ret=1
+grep "warning" tmp.out > /dev/null 2>&1 || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
echo "I:exit status: $status"
exit $status
projects / thirdparty / bind9.git / commitdiff
