Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
BIND
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
610
Issues
610
List
Boards
Labels
Service Desk
Milestones
Merge Requests
114
Merge Requests
114
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Incidents
Environments
Packages & Registries
Packages & Registries
Container Registry
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
ISC Open Source Projects
BIND
Commits
083b730e
Commit
083b730e
authored
Jan 22, 2019
by
Mark Andrews
Committed by
Evan Hunt
Jan 22, 2019
2
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
introducing keymgr need to preserve functionality
parent
914e8ddd
Pipeline
#8943
passed with stages
in 17 minutes and 38 seconds
Changes
10
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
Showing
10 changed files
with
123 additions
and
18 deletions
+123
-18
CHANGES
CHANGES
+4
-0
bin/python/isc/keyseries.py.in
bin/python/isc/keyseries.py.in
+26
-2
bin/tests/system/keymgr/19-old-keys/README
bin/tests/system/keymgr/19-old-keys/README
+7
-0
bin/tests/system/keymgr/19-old-keys/expect
bin/tests/system/keymgr/19-old-keys/expect
+12
-0
bin/tests/system/keymgr/19-old-keys/extra.sh
bin/tests/system/keymgr/19-old-keys/extra.sh
+19
-0
bin/tests/system/keymgr/19-old-keys/policy.conf
bin/tests/system/keymgr/19-old-keys/policy.conf
+18
-0
bin/tests/system/keymgr/clean.sh
bin/tests/system/keymgr/clean.sh
+4
-2
bin/tests/system/keymgr/setup.sh
bin/tests/system/keymgr/setup.sh
+10
-0
bin/tests/system/keymgr/tests.sh
bin/tests/system/keymgr/tests.sh
+20
-14
util/copyrights
util/copyrights
+3
-0
No files found.
CHANGES
View file @
083b730e
5140. [bug] Don't immediately mark existing keys as inactive and
deleted when running dnssec-keymgr for the first
time. [GL #117]
5139. [bug] If possible, don't use forwarders when priming.
This ensures we can get root server IP addresses
from priming query response glue, which may not
...
...
bin/python/isc/keyseries.py.in
View file @
083b730e
...
...
@@ -77,15 +77,39 @@ class keyseries:
a = key.activate()
if not p or p > now:
key.setpublish(now)
p = now
if not a or a > now:
key.setactivate(now)
a = now
i = key.inactive()
if not rp:
key.setinactive(None, **kwargs)
key.setdelete(None, **kwargs)
elif not i or a + rp != i:
if not i and a + rp > now + prepub:
key.setinactive(a + rp, **kwargs)
key.setdelete(a + rp + postpub, **kwargs)
elif not i:
key.setinactive(now + prepub, **kwargs)
key.setdelete(now + prepub + postpub, **kwargs)
elif a + rp > i:
key.setinactive(a + rp, **kwargs)
key.setdelete(a + rp + postpub, **kwargs)
elif a + rp > now + prepub:
key.setinactive(a + rp, **kwargs)
key.setdelete(a + rp + postpub, **kwargs)
else:
key.setinactive(now + prepub, **kwargs)
key.setdelete(now + prepub + postpub, **kwargs)
else:
key.setinactive(a + rp, **kwargs)
key.setdelete(a + rp + postpub, **kwargs)
d = key.delete()
if not d or i + postpub > now:
key.setdelete(i + postpub, **kwargs)
elif not d:
key.setdelete(now + postpub, **kwargs)
elif d < i + postpub:
key.setdelete(i + postpub, **kwargs)
if policy.keyttl != key.ttl:
key.setttl(policy.keyttl)
...
...
bin/tests/system/keymgr/19-old-keys/README
0 → 100644
View file @
083b730e
Copyright (C) Internet Systems Consortium, Inc. ("ISC")
See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
This directory has a key set which is valid, but which was published
and activated more than one rollover period ago. dnssec-keymgr should
not mark the keys as already being inactive and deleted.
bin/tests/system/keymgr/19-old-keys/expect
0 → 100644
View file @
083b730e
kargs="-c policy.conf example.com"
kmatch=""
kret=0
cargs="-d 1w -m 2w example.com"
cmatch="4,Publish
4,Activate
2,Inactive
2,Delete"
cret=0
warn=0
error=0
ok=2
bin/tests/system/keymgr/19-old-keys/extra.sh
0 → 100644
View file @
083b730e
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
now
=
`
$PERL
-e
'print time()."\n";'
`
for
keyfile
in
K
*
.key
;
do
inactive
=
`
$SETTIME
-upI
$keyfile
|
awk
'{print $2}'
`
if
[
"
$inactive
"
=
UNSET
]
;
then
continue
elif
[
"
$inactive
"
-lt
"
$now
"
]
;
then
echo_d
"inactive date is in the past"
ret
=
1
fi
done
bin/tests/system/keymgr/19-old-keys/policy.conf
0 → 100644
View file @
083b730e
/*
*
Copyright
(
C
)
Internet
Systems
Consortium
,
Inc
. (
"ISC"
)
*
*
This
Source
Code
Form
is
subject
to
the
terms
of
the
Mozilla
Public
*
License
,
v
.
2
.
0
.
If
a
copy
of
the
MPL
was
not
distributed
with
this
*
file
,
You
can
obtain
one
at
http
://
mozilla
.
org
/
MPL
/
2
.
0
/.
*
*
See
the
COPYRIGHT
file
distributed
with
this
work
for
additional
*
information
regarding
copyright
ownership
.
*/
policy
default
{
policy
global
;
algorithm
nsec3rsasha1
;
pre
-
publish
zsk
2
w
;
roll
-
period
zsk
6
mo
;
coverage
364
d
;
};
bin/tests/system/keymgr/clean.sh
View file @
083b730e
...
...
@@ -11,6 +11,8 @@
rm
-f
*
/K
*
.key
rm
-f
*
/K
*
.private
rm
-f
coverage.
*
keymgr.
*
rm
-f
policy.out
rm
-f
Kexample.com.
*
.key
rm
-f
Kexample.com.
*
.private
rm
-f
coverage.
*
keymgr.
*
settime.
*
rm
-f
ns
*
/managed-keys.bind
*
rm
-f
policy.out
bin/tests/system/keymgr/setup.sh
View file @
083b730e
...
...
@@ -214,3 +214,13 @@ rm -f $dir/K*.private
ksk1
=
`
$KEYGEN
-K
$dir
-a
rsasha1
-3fk
example.com
`
zsk1
=
`
$KEYGEN
-K
$dir
-a
rsasha1
-3
example.com
`
$SETTIME
-K
$dir
-I
now+2mo
-D
now+3mo
$zsk1
>
/dev/null
# Test 19: Key has been published/active a long time
dir
=
19-old-keys
echo_i
"set up
$dir
"
rm
-f
$dir
/K
*
.key
rm
-f
$dir
/K
*
.private
ksk1
=
`
$KEYGEN
-K
$dir
-a
rsasha1
-3fk
example.com
`
zsk1
=
`
$KEYGEN
-K
$dir
-a
rsasha1
-3
example.com
`
$SETTIME
-K
$dir
-P
now-2y
-A
now-2y
$ksk1
>
/dev/null
$SETTIME
-K
$dir
-P
now-2y
-A
now-2y
$zsk1
>
/dev/null
bin/tests/system/keymgr/tests.sh
View file @
083b730e
...
...
@@ -16,13 +16,19 @@ status=0
n
=
1
matchall
()
{
match_result
=
ok
file
=
$1
echo
"
$2
"
|
while
read
matchline
;
do
grep
"
$matchline
"
$file
>
/dev/null 2>&1
||
{
echo
"FAIL"
return
while
IFS
=
","
read
expect matchline
;
do
[
-z
"
$matchline
"
]
&&
continue
matches
=
`
grep
"
$matchline
"
$file
|
wc
-l
`
[
"
$matches
"
-ne
"
$expect
"
]
&&
{
echo
"'
$matchline
': expected
$expect
found
$matches
"
return
1
}
done
done
<<
EOF
$2
EOF
return
0
}
echo_i
"checking for DNSSEC key coverage issues"
...
...
@@ -51,11 +57,8 @@ for dir in [0-9][0-9]-*; do
ret
=
1
fi
found
=
`
matchall keymgr.
$n
"
$kmatch
"
`
if
[
"
$found
"
=
"FAIL"
]
;
then
echo
"no match on '
$kmatch
'"
ret
=
1
fi
# check for matches in keymgr output
matchall keymgr.
$n
"
$kmatch
"
||
ret
=
1
# now check coverage
$COVERAGE
-K
$dir
$cargs
>
coverage.
$n
2>&1
...
...
@@ -87,10 +90,13 @@ for dir in [0-9][0-9]-*; do
ret
=
1
fi
found
=
`
matchall coverage.
$n
"
$cmatch
"
`
if
[
"
$found
"
=
"FAIL"
]
;
then
echo
"no match on '
$cmatch
'"
ret
=
1
# check for matches in coverage output
matchall coverage.
$n
"
$cmatch
"
||
ret
=
1
if
[
-f
$dir
/extra.sh
]
;
then
cd
$dir
.
./extra.sh
cd
..
fi
n
=
`
expr
$n
+ 1
`
...
...
util/copyrights
View file @
083b730e
...
...
@@ -742,6 +742,9 @@
./bin/tests/system/keymgr/17-noforce/expect X 2016,2018,2019
./bin/tests/system/keymgr/18-nonstd-prepub/README TXT.BRIEF 2016,2018,2019
./bin/tests/system/keymgr/18-nonstd-prepub/expect X 2016,2018,2019
./bin/tests/system/keymgr/19-old-keys/README TXT.BRIEF 2019
./bin/tests/system/keymgr/19-old-keys/expect X 2019
./bin/tests/system/keymgr/19-old-keys/extra.sh SH 2019
./bin/tests/system/keymgr/clean.sh SH 2016,2018,2019
./bin/tests/system/keymgr/policy.good X 2016,2018,2019
./bin/tests/system/keymgr/policy.sample X 2016,2017,2018,2019
...
...
Mark Andrews
@marka
mentioned in commit
15b42407
·
Jan 22, 2019
mentioned in commit
15b42407
mentioned in commit 15b42407647e1b898c10c7edd57b86dfac91bdc8
Toggle commit list
Mark Andrews
@marka
mentioned in commit
67b001b1
·
Jan 22, 2019
mentioned in commit
67b001b1
mentioned in commit 67b001b1903b6bb0537efeee68ee570b65d6292d
Toggle commit list
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment