Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
B
bind-dnssec
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Service Desk
Milestones
Merge Requests
1
Merge Requests
1
Operations
Operations
Incidents
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Valentin Samir
bind-dnssec
Commits
fa52cd9e
Commit
fa52cd9e
authored
Jul 26, 2016
by
Valentin Samir
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Only activate new KSK on ds-seen
parent
5d45cade
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
17 additions
and
9 deletions
+17
-9
routine.py
routine.py
+17
-9
No files found.
routine.py
View file @
fa52cd9e
...
...
@@ -123,7 +123,8 @@ class Zone(object):
now
=
datetime
.
datetime
.
utcnow
()
new_ksk
=
Key
.
create
(
"KSK"
,
self
.
name
)
new_ksk
.
publish
=
now
new_ksk
.
activate
=
(
now
+
INTERVAL
)
# do not activate the new key until ds-seen
new_ksk
.
activate
=
None
bind_reload
()
active_ksk
=
[
key
for
key
in
self
.
KSK
if
key
.
is_publish
and
key
.
delete
is
None
]
if
len
(
active_ksk
)
>=
2
:
...
...
@@ -146,9 +147,11 @@ class Zone(object):
return
print
"Key %s found"
%
keyid
now
=
datetime
.
datetime
.
utcnow
()
if
seen_ksk
.
activate
is
None
:
seen_ksk
.
activate
=
(
now
+
INTERVAL
)
for
ksk
in
old_ksks
:
print
" * program key %s removal"
%
ksk
.
keyid
inactive
=
max
(
seen_ksk
.
activate
,
now
+
INTERVAL
)
inactive
=
seen_ksk
.
activate
# delete INTERVAL after being inactive
ksk
.
delete
=
inactive
+
INTERVAL
# set inactive in at least INTERVAL
...
...
@@ -234,20 +237,25 @@ class Key(object):
return
datetime
.
datetime
.
strptime
(
date
,
"%Y%m%d%H%M%S"
)
def
_date_to_key
(
self
,
date
):
if
date
is
None
:
return
'none'
else
:
return
datetime
.
datetime
.
strftime
(
date
,
"%Y%m%d%H%M%S"
)
@
classmethod
def
create
(
cls
,
typ
,
name
):
def
create
(
cls
,
typ
,
name
,
options
=
None
):
if
options
is
None
:
options
=
[]
path
=
os
.
path
.
join
(
BASE
,
name
)
cmd
=
[
"/usr/sbin/dnssec-keygen"
,
"-a"
,
"RSASHA256"
]
if
typ
==
"KSK"
:
cmd
=
[
"/usr/sbin/dnssec-keygen"
,
"-a"
,
"RSASHA256"
,
"-b"
,
"2048"
,
"-f"
,
"KSK"
,
"-K"
,
path
,
name
]
cmd
.
extend
([
"-b"
,
"2048"
,
"-f"
,
"KSK"
])
elif
typ
==
"ZSK"
:
cmd
=
[
"/usr/sbin/dnssec-keygen"
,
"-a"
,
"RSASHA256"
,
"-b"
,
"1024"
,
"-K"
,
path
,
name
]
cmd
.
extend
([
"-b"
,
"1024"
])
else
:
raise
ValueError
(
"typ must be KSK or ZSK"
)
cmd
.
extend
(
options
)
cmd
.
extend
([
"-K"
,
path
,
name
])
p
=
subprocess
.
Popen
(
cmd
,
stdout
=
subprocess
.
PIPE
)
p
.
wait
()
if
p
.
returncode
!=
0
:
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment