diff options
| -rw-r--r-- | .gitignore | 3 | ||||
| -rw-r--r-- | Knot.files | 12 | ||||
| -rw-r--r-- | doc/.gitignore | 2 | ||||
| -rw-r--r-- | doc/Makefile.am | 8 | ||||
| -rw-r--r-- | doc/conf.py | 2 | ||||
| -rw-r--r-- | doc/configuration.rst | 14 | ||||
| -rw-r--r-- | doc/man/kdig.1in | 4 | ||||
| -rw-r--r-- | doc/man/keymgr.8in (renamed from doc/man/kkeymgr.8in) | 20 | ||||
| -rw-r--r-- | doc/man/knsupdate.1in | 4 | ||||
| -rw-r--r-- | doc/man_kdig.rst | 4 | ||||
| -rw-r--r-- | doc/man_keymgr.rst (renamed from doc/man_kkeymgr.rst) | 20 | ||||
| -rw-r--r-- | doc/man_knsupdate.rst | 4 | ||||
| -rw-r--r-- | doc/migration.rst | 8 | ||||
| -rw-r--r-- | doc/utilities.rst | 2 | ||||
| -rw-r--r-- | src/Makefile.am | 38 | ||||
| -rw-r--r-- | src/utils/keymgr/bind_privkey.c (renamed from src/utils/kkeymgr/bind_privkey.c) | 2 | ||||
| -rw-r--r-- | src/utils/keymgr/bind_privkey.h (renamed from src/utils/kkeymgr/bind_privkey.h) | 0 | ||||
| -rw-r--r-- | src/utils/keymgr/functions.c (renamed from src/utils/kkeymgr/functions.c) | 20 | ||||
| -rw-r--r-- | src/utils/keymgr/functions.h (renamed from src/utils/kkeymgr/functions.h) | 16 | ||||
| -rw-r--r-- | src/utils/keymgr/main.c (renamed from src/utils/kkeymgr/main.c) | 24 | ||||
| -rw-r--r-- | tests-extra/tests/dnssec/dnskey_algorithms/data/generate_keys.sh | 68 | ||||
| -rwxr-xr-x | tests-extra/tests/dnssec/no_resign/data/update.sh | 2 | ||||
| -rw-r--r-- | tests-extra/tools/dnstest/keys.py | 2 | ||||
| -rw-r--r-- | tests-extra/tools/dnstest/params.py | 4 |
24 files changed, 141 insertions, 142 deletions
diff --git a/.gitignore b/.gitignore index ef7e26697..60ea71336 100644 --- a/.gitignore +++ b/.gitignore @@ -72,10 +72,9 @@ # Binaries /src/kdig -/src/keymgr /src/khost /src/kjournalprint -/src/kkeymgr +/src/keymgr /src/knot1to2 /src/knotc /src/knotd diff --git a/Knot.files b/Knot.files index 776c76455..b1afe4168 100644 --- a/Knot.files +++ b/Knot.files @@ -141,8 +141,6 @@ src/dnssec/shared/timestamp.h src/dnssec/shared/wire.h src/dnssec/tests/binary.c src/dnssec/tests/crypto.c -src/dnssec/tests/kasp_dir_escape.c -src/dnssec/tests/kasp_dir_file.c src/dnssec/tests/key.c src/dnssec/tests/key_algorithm.c src/dnssec/tests/key_ds.c @@ -460,15 +458,15 @@ src/utils/kdig/kdig_exec.h src/utils/kdig/kdig_main.c src/utils/kdig/kdig_params.c src/utils/kdig/kdig_params.h +src/utils/keymgr/bind_privkey.c +src/utils/keymgr/bind_privkey.h +src/utils/keymgr/functions.c +src/utils/keymgr/functions.h +src/utils/keymgr/main.c src/utils/khost/khost_main.c src/utils/khost/khost_params.c src/utils/khost/khost_params.h src/utils/kjournalprint/main.c -src/utils/kkeymgr/bind_privkey.c -src/utils/kkeymgr/bind_privkey.h -src/utils/kkeymgr/functions.c -src/utils/kkeymgr/functions.h -src/utils/kkeymgr/main.c src/utils/knot1to2/cf-lex.c src/utils/knot1to2/cf-lex.l src/utils/knot1to2/cf-parse.tab.c diff --git a/doc/.gitignore b/doc/.gitignore index 8d13d043a..9b76a041b 100644 --- a/doc/.gitignore +++ b/doc/.gitignore @@ -2,7 +2,7 @@ # sphinx-build manpages /man/kdig.1 -/man/kkeymgr.8 +/man/keymgr.8 /man/pykeymgr.8 /man/khost.1 /man/kjournalprint.1 diff --git a/doc/Makefile.am b/doc/Makefile.am index 62a2c41be..61ab60137 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -1,5 +1,5 @@ -MANPAGES_IN = man/knot.conf.5in man/knotc.8in man/knotd.8in man/kdig.1in man/khost.1in man/kjournalprint.1in man/knsupdate.1in man/knot1to2.1in man/knsec3hash.1in man/kkeymgr.8in man/pykeymgr.8in man/kzonecheck.1in -MANPAGES_RST = reference.rst man_knotc.rst man_knotd.rst man_kdig.rst man_khost.rst man_kjournalprint.rst man_knsupdate.rst man_knot1to2.rst man_knsec3hash.rst man_kkeymgr.rst man_pykeymgr.rst man_kzonecheck.rst +MANPAGES_IN = man/knot.conf.5in man/knotc.8in man/knotd.8in man/kdig.1in man/khost.1in man/kjournalprint.1in man/knsupdate.1in man/knot1to2.1in man/knsec3hash.1in man/keymgr.8in man/pykeymgr.8in man/kzonecheck.1in +MANPAGES_RST = reference.rst man_knotc.rst man_knotd.rst man_kdig.rst man_khost.rst man_kjournalprint.rst man_knsupdate.rst man_knot1to2.rst man_knsec3hash.rst man_keymgr.rst man_pykeymgr.rst man_kzonecheck.rst EXTRA_DIST = \ conf.py \ @@ -62,7 +62,7 @@ man_MANS += man/knot.conf.5 man/knotc.8 man/knotd.8 endif # HAVE_DAEMON if HAVE_UTILS -man_MANS += man/kdig.1 man/khost.1 man/kjournalprint.1 man/knsupdate.1 man/knot1to2.1 man/knsec3hash.1 man/kkeymgr.8 man/pykeymgr.8 man/kzonecheck.1 +man_MANS += man/kdig.1 man/khost.1 man/kjournalprint.1 man/knsupdate.1 man/knot1to2.1 man/knsec3hash.1 man/keymgr.8 man/pykeymgr.8 man/kzonecheck.1 endif # HAVE_UTILS man/knot.conf.5: man/knot.conf.5in @@ -74,7 +74,7 @@ man/kjournalprint.1: man/kjournalprint.1in man/knsupdate.1: man/knsupdate.1in man/knot1to2.1: man/knot1to2.1in man/knsec3hash.1: man/knsec3hash.1in -man/kkeymgr.8: man/kkeymgr.8in +man/keymgr.8: man/keymgr.8in man/pykeymgr.8: man/pykeymgr.8in man/kzonecheck.1: man/kzonecheck.1in diff --git a/doc/conf.py b/doc/conf.py index 5b943bfd2..24c3cc09d 100644 --- a/doc/conf.py +++ b/doc/conf.py @@ -220,7 +220,7 @@ latex_domain_indices = False man_pages = [ ('reference', 'knot.conf', 'Knot DNS configuration file', author, 5), ('man_kdig', 'kdig', 'Advanced DNS lookup utility', author, 1), - ('man_kkeymgr', 'kkeymgr', ' DNSSEC key management utility', author, 8), + ('man_keymgr', 'keymgr', ' DNSSEC key management utility', author, 8), ('man_pykeymgr', 'pykeymgr', ' DNSSEC key management utility', author, 8), ('man_khost', 'khost', 'Simple DNS lookup utility', author, 1), ('man_kjournalprint', 'kjournalprint', 'Knot DNS journal print utility', author, 1), diff --git a/doc/configuration.rst b/doc/configuration.rst index cce1d3e1c..b100bb215 100644 --- a/doc/configuration.rst +++ b/doc/configuration.rst @@ -88,7 +88,7 @@ Access control list (ACL) An ACL list specifies which remotes are allowed to send the server a specific request. A remote can be a single IP address or a network subnet. Also a TSIG -key can be assigned (see :doc:`kkeymgr <man_kkeymgr>` how to generate a TSIG key). +key can be assigned (see :doc:`keymgr <man_keymgr>` how to generate a TSIG key). With no ACL rule, all the actions are denied for the zone. Each ACL rule can allow one or more actions for given address/subnet/TSIG, or deny them. @@ -339,7 +339,7 @@ the server logs to see whether everything went well. .. WARNING:: This guide assumes that the zone *myzone.test* was not signed prior to enabling the automatic key management. If the zone was already signed, all - existing keys must be imported using ``kkeymgr import-bind`` command + existing keys must be imported using ``keymgr import-bind`` command before enabling the automatic signing. Also the algorithm in the policy must match the algorithm of all imported keys. Otherwise the zone will be resigned at all. @@ -361,13 +361,13 @@ with manual key management flag has to be set:: dnssec-signing: on dnssec-policy: manual -To generate signing keys, use the :doc:`kkeymgr <man_kkeymgr>` utility. +To generate signing keys, use the :doc:`keymgr <man_keymgr>` utility. Let's use the Single-Type Signing scheme with two algorithms. Run: .. code-block:: console - $ kkeymgr -d path/to/keydir myzone.test. generate algorithm=RSASHA256 size=1024 - $ kkeymgr -d path/to/keydir myzone.test. generate algorithm=ECDSAP256SHA256 size=256 + $ keymgr -d path/to/keydir myzone.test. generate algorithm=RSASHA256 size=1024 + $ keymgr -d path/to/keydir myzone.test. generate algorithm=ECDSAP256SHA256 size=256 And reload the server. The zone will be signed. @@ -377,14 +377,14 @@ it yet: .. code-block:: console - $ kkeymgr -d path/to/keydir myzone.test. generate algorithm=RSASHA256 size=1024 active=now+1d + $ keymgr -d path/to/keydir myzone.test. generate algorithm=RSASHA256 size=1024 active=now+1d Take the key ID (or key tag) of the old RSA key and disable it the same time the new key gets activated: .. code-block:: console - $ kkeymgr -d path/to/keydir myzone.test. set <old_key_id> retire=now+1d remove=now+1d + $ keymgr -d path/to/keydir myzone.test. set <old_key_id> retire=now+1d remove=now+1d Reload the server again. The new key will be published (i.e. the DNSKEY record will be added into the zone). Do not forget to update the DS record in the diff --git a/doc/man/kdig.1in b/doc/man/kdig.1in index f29c3f9f3..1bb80be11 100644 --- a/doc/man/kdig.1in +++ b/doc/man/kdig.1in @@ -254,7 +254,7 @@ on libidn availability during project building! .sp Options \fB\-k\fP and \fB\-y\fP can not be used simultaneously. .sp -Dnssec\-keygen keyfile format is not supported. Use \fBkkeymgr(8)\fP instead. +Dnssec\-keygen keyfile format is not supported. Use \fBkeymgr(8)\fP instead. .SH EXAMPLES .INDENT 0.0 .IP 1. 3 @@ -315,7 +315,7 @@ $ kdig \-d @185.49.141.38 +tls\-ca +tls\-host=getdnsapi.net \e \fB/etc/resolv.conf\fP .SH SEE ALSO .sp -\fBkhost(1)\fP, \fBknsupdate(1)\fP, \fBkkeymgr(8)\fP\&. +\fBkhost(1)\fP, \fBknsupdate(1)\fP, \fBkeymgr(8)\fP\&. .SH AUTHOR CZ.NIC Labs <http://www.knot-dns.cz> .SH COPYRIGHT diff --git a/doc/man/kkeymgr.8in b/doc/man/keymgr.8in index a140c9282..ea5595e2e 100644 --- a/doc/man/kkeymgr.8in +++ b/doc/man/keymgr.8in @@ -1,8 +1,8 @@ .\" Man page generated from reStructuredText. . -.TH "KKEYMGR" "8" "@RELEASE_DATE@" "@VERSION@" "Knot DNS" +.TH "KEYMGR" "8" "@RELEASE_DATE@" "@VERSION@" "Knot DNS" .SH NAME -kkeymgr \- DNSSEC key management utility +keymgr \- DNSSEC key management utility . .nr rst2man-indent-level 0 . @@ -32,12 +32,12 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .. .SH SYNOPSIS .sp -\fBkkeymgr\fP \fIbasic_option\fP [\fIparameters\fP\&...] +\fBkeymgr\fP \fIbasic_option\fP [\fIparameters\fP\&...] .sp -\fBkkeymgr\fP \fIconfig_option\fP \fIconfig_storage\fP \fIzone_name\fP \fIaction\fP \fIparameters\fP\&... +\fBkeymgr\fP \fIconfig_option\fP \fIconfig_storage\fP \fIzone_name\fP \fIaction\fP \fIparameters\fP\&... .SH DESCRIPTION .sp -The \fBkkeymgr\fP utility serves for key management in Knot DNS server. +The \fBkeymgr\fP utility serves for key management in Knot DNS server. .sp Functions for DNSSEC keys and KASP (Key And Signature Policy) management are provided. @@ -154,7 +154,7 @@ Generate TSIG key: .sp .nf .ft C -$ kkeymgr \-t my_name hmac\-sha384 +$ keymgr \-t my_name hmac\-sha384 .ft P .fi .UNINDENT @@ -166,7 +166,7 @@ Import a key from BIND: .sp .nf .ft C -$ kkeymgr \-d ${knot_data_dir}/keys example.com. import\-bind ~/bind/Kharbinge4d5.+007+63089.key +$ keymgr \-d ${knot_data_dir}/keys example.com. import\-bind ~/bind/Kharbinge4d5.+007+63089.key .ft P .fi .UNINDENT @@ -178,7 +178,7 @@ Generate new key: .sp .nf .ft C -$ kkeymgr \-c ${knot_data_dir}/knot.conf example.com. generate algorithm=ECDSAP256SHA256 size=256 \e +$ keymgr \-c ${knot_data_dir}/knot.conf example.com. generate algorithm=ECDSAP256SHA256 size=256 \e ksk=true created=1488034625 publish=20170223205611 retire=now+10mo remove=now+1y .ft P .fi @@ -191,7 +191,7 @@ Configure key timing: .sp .nf .ft C -$ kkeymgr \-d ${knot_data_dir}/keys test.test. set 4208 active=t+2mi retire=t+4mi remove=t+5mi +$ keymgr \-d ${knot_data_dir}/keys test.test. set 4208 active=t+2mi retire=t+4mi remove=t+5mi .ft P .fi .UNINDENT @@ -203,7 +203,7 @@ Share a KSK from another zone: .sp .nf .ft C -$ kkeymgr \-c ${knot_data_dir}/knot.conf test.test. share e687cf927029e9db7184d2ece6d663f5d1e5b0e9 +$ keymgr \-c ${knot_data_dir}/knot.conf test.test. share e687cf927029e9db7184d2ece6d663f5d1e5b0e9 .ft P .fi .UNINDENT diff --git a/doc/man/knsupdate.1in b/doc/man/knsupdate.1in index a408ad59f..0b4f8011d 100644 --- a/doc/man/knsupdate.1in +++ b/doc/man/knsupdate.1in @@ -156,7 +156,7 @@ Quit the program. .sp Options \fB\-k\fP and \fB\-y\fP can not be used simultaneously. .sp -Dnssec\-keygen keyfile format is not supported. Use \fBkkeymgr(8)\fP instead. +Dnssec\-keygen keyfile format is not supported. Use \fBkeymgr(8)\fP instead. .sp Zone name/server guessing is not supported if the zone name/server is not specified. .sp @@ -189,7 +189,7 @@ $ knsupdate .UNINDENT .SH SEE ALSO .sp -\fBkdig(1)\fP, \fBkhost(1)\fP, \fBkkeymgr(8)\fP\&. +\fBkdig(1)\fP, \fBkhost(1)\fP, \fBkeymgr(8)\fP\&. .SH AUTHOR CZ.NIC Labs <http://www.knot-dns.cz> .SH COPYRIGHT diff --git a/doc/man_kdig.rst b/doc/man_kdig.rst index 776b2987a..e0a6c2f87 100644 --- a/doc/man_kdig.rst +++ b/doc/man_kdig.rst @@ -232,7 +232,7 @@ Notes Options **-k** and **-y** can not be used simultaneously. -Dnssec-keygen keyfile format is not supported. Use :manpage:`kkeymgr(8)` instead. +Dnssec-keygen keyfile format is not supported. Use :manpage:`keymgr(8)` instead. Examples -------- @@ -265,4 +265,4 @@ Files See Also -------- -:manpage:`khost(1)`, :manpage:`knsupdate(1)`, :manpage:`kkeymgr(8)`. +:manpage:`khost(1)`, :manpage:`knsupdate(1)`, :manpage:`keymgr(8)`. diff --git a/doc/man_kkeymgr.rst b/doc/man_keymgr.rst index 882df66f7..5ce3d685a 100644 --- a/doc/man_kkeymgr.rst +++ b/doc/man_keymgr.rst @@ -1,19 +1,19 @@ .. highlight:: console -kkeymgr – Key management utility -================================= +keymgr – Key management utility +=============================== Synopsis -------- -:program:`kkeymgr` *basic_option* [*parameters*...] +:program:`keymgr` *basic_option* [*parameters*...] -:program:`kkeymgr` *config_option* *config_storage* *zone_name* *action* *parameters*... +:program:`keymgr` *config_option* *config_storage* *zone_name* *action* *parameters*... Description ----------- -The :program:`kkeymgr` utility serves for key management in Knot DNS server. +The :program:`keymgr` utility serves for key management in Knot DNS server. Functions for DNSSEC keys and KASP (Key And Signature Policy) management are provided. @@ -127,24 +127,24 @@ Examples 1. Generate TSIG key:: - $ kkeymgr -t my_name hmac-sha384 + $ keymgr -t my_name hmac-sha384 2. Import a key from BIND:: - $ kkeymgr -d ${knot_data_dir}/keys example.com. import-bind ~/bind/Kharbinge4d5.+007+63089.key + $ keymgr -d ${knot_data_dir}/keys example.com. import-bind ~/bind/Kharbinge4d5.+007+63089.key 3. Generate new key:: - $ kkeymgr -c ${knot_data_dir}/knot.conf example.com. generate algorithm=ECDSAP256SHA256 size=256 \ + $ keymgr -c ${knot_data_dir}/knot.conf example.com. generate algorithm=ECDSAP256SHA256 size=256 \ ksk=true created=1488034625 publish=20170223205611 retire=now+10mo remove=now+1y 4. Configure key timing:: - $ kkeymgr -d ${knot_data_dir}/keys test.test. set 4208 active=t+2mi retire=t+4mi remove=t+5mi + $ keymgr -d ${knot_data_dir}/keys test.test. set 4208 active=t+2mi retire=t+4mi remove=t+5mi 5. Share a KSK from another zone:: - $ kkeymgr -c ${knot_data_dir}/knot.conf test.test. share e687cf927029e9db7184d2ece6d663f5d1e5b0e9 + $ keymgr -c ${knot_data_dir}/knot.conf test.test. share e687cf927029e9db7184d2ece6d663f5d1e5b0e9 See Also -------- diff --git a/doc/man_knsupdate.rst b/doc/man_knsupdate.rst index 019b39cf9..157b5b430 100644 --- a/doc/man_knsupdate.rst +++ b/doc/man_knsupdate.rst @@ -134,7 +134,7 @@ Notes Options **-k** and **-y** can not be used simultaneously. -Dnssec-keygen keyfile format is not supported. Use :manpage:`kkeymgr(8)` instead. +Dnssec-keygen keyfile format is not supported. Use :manpage:`keymgr(8)` instead. Zone name/server guessing is not supported if the zone name/server is not specified. @@ -161,4 +161,4 @@ Examples See Also -------- -:manpage:`kdig(1)`, :manpage:`khost(1)`, :manpage:`kkeymgr(8)`. +:manpage:`kdig(1)`, :manpage:`khost(1)`, :manpage:`keymgr(8)`. diff --git a/doc/migration.rst b/doc/migration.rst index 080f0c5a7..5b0ffac55 100644 --- a/doc/migration.rst +++ b/doc/migration.rst @@ -36,10 +36,10 @@ server configuration: 3. Import all existing zone keys into the KASP database. Make sure that all the keys were imported correctly:: - $ kkeymgr -d path/to/keydir example.com. import-bind path/to/Kexample.com.+013+11111 - $ kkeymgr -d path/to/keydir example.com. import-bind path/to/Kexample.com.+013+22222 + $ keymgr -d path/to/keydir example.com. import-bind path/to/Kexample.com.+013+11111 + $ keymgr -d path/to/keydir example.com. import-bind path/to/Kexample.com.+013+22222 $ ... - $ kkeymgr -d path/to/keydir example.com. list + $ keymgr -d path/to/keydir example.com. list .. NOTE:: The server can be run under a dedicated user account, usually ``knot``. @@ -47,6 +47,6 @@ server configuration: permissions must be set correctly. This can be achieved for instance by executing all KASP database management commands under sudo:: - $ sudo -u knot kkeymgr ... + $ sudo -u knot keymgr ... 4. Follow :ref:`Automatic DNSSEC signing` steps to configure DNSSEC signing. diff --git a/doc/utilities.rst b/doc/utilities.rst index f62c5c8e6..96f7c2db1 100644 --- a/doc/utilities.rst +++ b/doc/utilities.rst @@ -11,7 +11,7 @@ the server. This section collects manual pages for all provided binaries: :titlesonly: man_kdig - man_kkeymgr + man_keymgr man_pykeymgr man_khost man_kjournalprint diff --git a/src/Makefile.am b/src/Makefile.am index 6ec3f3a7a..cf23440e9 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -418,7 +418,7 @@ libknotd_la_LIBADD = libknot.la libknot-yparser.la zscanner/libzscanner.la $(lib if HAVE_DAEMON -sbin_PROGRAMS = knotc knotd +sbin_PROGRAMS = knotc knotd keymgr libexec_PROGRAMS = knot1to2 noinst_LTLIBRARIES += libknotd.la libknotus.la @@ -440,6 +440,13 @@ knotc_SOURCES = \ knotd_SOURCES = \ utils/knotd/main.c +keymgr_SOURCES = \ + utils/keymgr/bind_privkey.c \ + utils/keymgr/bind_privkey.h \ + utils/keymgr/functions.c \ + utils/keymgr/functions.h \ + utils/keymgr/main.c + knot1to2_SOURCES = \ utils/knot1to2/cf-lex.c \ utils/knot1to2/cf-parse.tab.c \ @@ -451,11 +458,16 @@ knot1to2_SOURCES = \ utils/knot1to2/main.c \ utils/knot1to2/scheme.h -knotd_CPPFLAGS = $(AM_CPPFLAGS) $(liburcu_CFLAGS) -knotd_LDADD = libknotd.la libcontrib.la $(liburcu_LIBS) -knotc_CPPFLAGS = $(AM_CPPFLAGS) $(libedit_CFLAGS) -knotc_LDADD = libknotd.la libknotus.la $(libedit_LIBS) -knot1to2_LDADD = libcontrib.la +knotd_CPPFLAGS = $(AM_CPPFLAGS) $(liburcu_CFLAGS) +knotd_LDADD = libknotd.la libcontrib.la $(liburcu_LIBS) +knotc_CPPFLAGS = $(AM_CPPFLAGS) $(libedit_CFLAGS) +knotc_LDADD = libknotd.la libknotus.la $(libedit_LIBS) +keymgr_CPPFLAGS = $(AM_CPPFLAGS) $(liburcu_CFLAGS) -I$(srcdir)/dnssec/lib/dnssec \ + -I$(srcdir)/dnssec $(gnutls_CFLAGS) +keymgr_LDADD = $(libidn_LIBS) $(liburcu_LIBS) libknotd.la libcontrib.la \ + libknotd.la libknotus.la dnssec/libdnssec.la dnssec/libshared.la \ + zscanner/libzscanner.la $(gnutls_LIBS) +knot1to2_LDADD = libcontrib.la #################################### # Optional Knot DNS Daemon modules # @@ -491,7 +503,7 @@ if HAVE_UTILS bin_PROGRAMS = kdig khost knsec3hash knsupdate if HAVE_DAEMON -bin_PROGRAMS += kzonecheck kjournalprint kkeymgr +bin_PROGRAMS += kzonecheck kjournalprint endif # HAVE_DAEMON kdig_SOURCES = \ @@ -529,13 +541,6 @@ kzonecheck_SOURCES = \ kjournalprint_SOURCES = \ utils/kjournalprint/main.c -kkeymgr_SOURCES = \ - utils/kkeymgr/bind_privkey.c \ - utils/kkeymgr/bind_privkey.h \ - utils/kkeymgr/functions.c \ - utils/kkeymgr/functions.h \ - utils/kkeymgr/main.c - # bin programs kdig_CPPFLAGS = $(AM_CPPFLAGS) $(gnutls_CFLAGS) kdig_LDADD = $(libidn_LIBS) libknotus.la @@ -546,11 +551,8 @@ knsupdate_LDADD = zscanner/libzscanner.la libknotus.la knsec3hash_CPPFLAGS = $(AM_CPPFLAGS) -I$(srcdir)/dnssec/lib/dnssec -I$(srcdir)/dnssec knsec3hash_LDADD = dnssec/libdnssec.la dnssec/libshared.la kzonecheck_LDADD = libknotd.la libcontrib.la -kjournalprint_CPPFLAGS = $(AM_CPPFLAGS) $(gnutls_CFLAGS) $(liburcu_CFLAGS) +kjournalprint_CPPFLAGS = $(AM_CPPFLAGS) $(gnutls_CFLAGS) $(liburcu_CFLAGS) kjournalprint_LDADD = $(libidn_LIBS) $(liburcu_LIBS) libknotd.la libcontrib.la -kkeymgr_CPPFLAGS = $(AM_CPPFLAGS) $(liburcu_CFLAGS) -I$(srcdir)/dnssec/lib/dnssec -I$(srcdir)/dnssec $(gnutls_CFLAGS) -kkeymgr_LDADD = $(libidn_LIBS) $(liburcu_LIBS) libknotd.la libcontrib.la libknotd.la libknotus.la dnssec/libdnssec.la dnssec/libshared.la zscanner/libzscanner.la $(gnutls_LIBS) -# TODO wrap ####################################### # Optional Knot DNS Utilities modules # diff --git a/src/utils/kkeymgr/bind_privkey.c b/src/utils/keymgr/bind_privkey.c index 608b07c63..666aec8a9 100644 --- a/src/utils/kkeymgr/bind_privkey.c +++ b/src/utils/keymgr/bind_privkey.c @@ -22,7 +22,7 @@ #include "dnssec/error.h" #include "shared/pem.h" #include "shared/shared.h" -#include "utils/kkeymgr/bind_privkey.h" +#include "utils/keymgr/bind_privkey.h" /* -- private key params conversion ---------------------------------------- */ diff --git a/src/utils/kkeymgr/bind_privkey.h b/src/utils/keymgr/bind_privkey.h index 59ec82627..59ec82627 100644 --- a/src/utils/kkeymgr/bind_privkey.h +++ b/src/utils/keymgr/bind_privkey.h diff --git a/src/utils/kkeymgr/functions.c b/src/utils/keymgr/functions.c index 87dcd3af7..1e084de11 100644 --- a/src/utils/kkeymgr/functions.c +++ b/src/utils/keymgr/functions.c @@ -14,7 +14,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. */ -#include "utils/kkeymgr/functions.h" +#include "utils/keymgr/functions.h" #include <ctype.h> #include <limits.h> @@ -27,7 +27,7 @@ #include "dnssec/shared/shared.h" #include "knot/dnssec/kasp/policy.h" #include "knot/dnssec/zone-keys.h" -#include "utils/kkeymgr/bind_privkey.h" +#include "utils/keymgr/bind_privkey.h" #include "zscanner/scanner.h" static time_t arg_timestamp(const char *arg) @@ -163,7 +163,7 @@ static bool genkeyargs(int argc, char *argv[], bool just_timing, } // modifies ctx->policy options, so don't do anything afterwards ! -int kkeymgr_generate_key(kdnssec_ctx_t *ctx, int argc, char *argv[]) { +int keymgr_generate_key(kdnssec_ctx_t *ctx, int argc, char *argv[]) { time_t now = time(NULL), infty = 0x0fffffffffffff00LLU; knot_kasp_key_timing_t gen_timing = { now, now, now, infty, infty }; bool isksk = false; @@ -272,7 +272,7 @@ static char *genname(const char *orig, const char *wantsuff, const char *altsuff return res; } -int kkeymgr_import_bind(kdnssec_ctx_t *ctx, const char *import_file) +int keymgr_import_bind(kdnssec_ctx_t *ctx, const char *import_file) { char *pubname = genname(import_file, ".key", ".private"); char *privname = genname(import_file, ".private", ".key"); @@ -368,7 +368,7 @@ static void print_tsig(dnssec_tsig_algorithm_t mac, const char *name, printf(" secret: %.*s\n", (int)secret->size, secret->data); } -int kkeymgr_generate_tsig(const char *tsig_name, const char *alg_name, int bits) +int keymgr_generate_tsig(const char *tsig_name, const char *alg_name, int bits) { dnssec_tsig_algorithm_t alg = dnssec_tsig_algorithm_from_name(alg_name); if (alg == DNSSEC_TSIG_UNKNOWN) { @@ -438,7 +438,7 @@ static bool is_hex(const char *string) return (*string != '\0'); } -int kkeymgr_get_key(kdnssec_ctx_t *ctx, const char *key_spec, knot_kasp_key_t **key) +int keymgr_get_key(kdnssec_ctx_t *ctx, const char *key_spec, knot_kasp_key_t **key) { long spec_tag = is_uint32(key_spec), spec_len = strlen(key_spec); if (spec_tag < 0 && !is_hex(key_spec)) { @@ -467,7 +467,7 @@ int kkeymgr_get_key(kdnssec_ctx_t *ctx, const char *key_spec, knot_kasp_key_t ** return KNOT_EOK; } -int kkeymgr_set_timing(knot_kasp_key_t *key, int argc, char *argv[]) +int keymgr_set_timing(knot_kasp_key_t *key, int argc, char *argv[]) { knot_kasp_key_timing_t temp = key->timing; @@ -478,7 +478,7 @@ int kkeymgr_set_timing(knot_kasp_key_t *key, int argc, char *argv[]) return KNOT_EINVAL; } -int kkeymgr_list_keys(kdnssec_ctx_t *ctx) +int keymgr_list_keys(kdnssec_ctx_t *ctx) { for (size_t i = 0; i < ctx->zone->num_keys; i++) { knot_kasp_key_t *key = &ctx->zone->keys[i]; @@ -532,7 +532,7 @@ static int create_and_print_ds(const knot_dname_t *zone_name, return print_ds(zone_name, &rdata); } -int kkeymgr_generate_ds(const knot_dname_t *dname, const knot_kasp_key_t *key) +int keymgr_generate_ds(const knot_dname_t *dname, const knot_kasp_key_t *key) { static const dnssec_key_digest_t digests[] = { DNSSEC_KEY_DIGEST_SHA1, @@ -549,7 +549,7 @@ int kkeymgr_generate_ds(const knot_dname_t *dname, const knot_kasp_key_t *key) return ret; } -int kkeymgr_share_key(kdnssec_ctx_t *ctx, const knot_kasp_key_t *key, +int keymgr_share_key(kdnssec_ctx_t *ctx, const knot_kasp_key_t *key, const char *zone_name_ch) { knot_dname_t *zone_name = knot_dname_from_str_alloc(zone_name_ch); diff --git a/src/utils/kkeymgr/functions.h b/src/utils/keymgr/functions.h index 585e75b44..8959bb3fb 100644 --- a/src/utils/kkeymgr/functions.h +++ b/src/utils/keymgr/functions.h @@ -16,19 +16,19 @@ #include "knot/dnssec/context.h" -int kkeymgr_generate_key(kdnssec_ctx_t *ctx, int argc, char *argv[]); +int keymgr_generate_key(kdnssec_ctx_t *ctx, int argc, char *argv[]); -int kkeymgr_import_bind(kdnssec_ctx_t *ctx, const char *import_file); +int keymgr_import_bind(kdnssec_ctx_t *ctx, const char *import_file); -int kkeymgr_generate_tsig(const char *tsig_name, const char *alg_name, int bits); +int keymgr_generate_tsig(const char *tsig_name, const char *alg_name, int bits); -int kkeymgr_get_key(kdnssec_ctx_t *ctx, const char *key_spec, knot_kasp_key_t **key); +int keymgr_get_key(kdnssec_ctx_t *ctx, const char *key_spec, knot_kasp_key_t **key); -int kkeymgr_set_timing(knot_kasp_key_t *key, int argc, char *argv[]); +int keymgr_set_timing(knot_kasp_key_t *key, int argc, char *argv[]); -int kkeymgr_list_keys(kdnssec_ctx_t *ctx); +int keymgr_list_keys(kdnssec_ctx_t *ctx); -int kkeymgr_generate_ds(const knot_dname_t *dname, const knot_kasp_key_t *key); +int keymgr_generate_ds(const knot_dname_t *dname, const knot_kasp_key_t *key); -int kkeymgr_share_key(kdnssec_ctx_t *ctx, const knot_kasp_key_t *key, +int keymgr_share_key(kdnssec_ctx_t *ctx, const knot_kasp_key_t *key, const char *zone_name_ch); diff --git a/src/utils/kkeymgr/main.c b/src/utils/keymgr/main.c index 4e0099b30..801f8d8d4 100644 --- a/src/utils/kkeymgr/main.c +++ b/src/utils/keymgr/main.c @@ -20,9 +20,9 @@ #include "knot/dnssec/zone-keys.h" #include "libknot/libknot.h" #include "utils/common/params.h" -#include "utils/kkeymgr/functions.h" +#include "utils/keymgr/functions.h" -#define PROGRAM_NAME "kkeymgr" +#define PROGRAM_NAME "keymgr" static void print_help(void) { @@ -138,8 +138,8 @@ int main(int argc, char *argv[]) break; case 't': check_argc_three - int tret = kkeymgr_generate_tsig(argv[2], (argc >= 4 ? argv[3] : "hmac-sha256"), - (argc >= 5 ? atol(argv[4]) : 0)); + int tret = keymgr_generate_tsig(argv[2], (argc >= 4 ? argv[3] : "hmac-sha256"), + (argc >= 5 ? atol(argv[4]) : 0)); if (tret != KNOT_EOK) { printf("Failed to generate TSIG (%s)\n", knot_strerror(tret)); } @@ -186,14 +186,14 @@ int main(int argc, char *argv[]) } if (strcmp(argv[4], "generate") == 0) { - ret = kkeymgr_generate_key(&kctx, argc - 5, argv + 5); + ret = keymgr_generate_key(&kctx, argc - 5, argv + 5); } else if (strcmp(argv[4], "import-bind") == 0) { if (argc < 6) { printf("BIND-style key to import not specified.\n"); ret = KNOT_EINVAL; goto main_end; } - ret = kkeymgr_import_bind(&kctx, argv[5]); + ret = keymgr_import_bind(&kctx, argv[5]); } else if (strcmp(argv[4], "set") == 0) { if (argc < 6) { printf("Key is not specified.\n"); @@ -201,15 +201,15 @@ int main(int argc, char *argv[]) goto main_end; } knot_kasp_key_t *key2set; - ret = kkeymgr_get_key(&kctx, argv[5], &key2set); + ret = keymgr_get_key(&kctx, argv[5], &key2set); if (ret == KNOT_EOK) { - ret = kkeymgr_set_timing(key2set, argc - 6, argv + 6); + ret = keymgr_set_timing(key2set, argc - 6, argv + 6); if (ret == KNOT_EOK) { ret = kdnssec_ctx_commit(&kctx); } } } else if (strcmp(argv[4], "list") == 0) { - ret = kkeymgr_list_keys(&kctx); + ret = keymgr_list_keys(&kctx); } else if (strcmp(argv[4], "ds") == 0) { if (argc < 6) { printf("Key is not specified.\n"); @@ -217,9 +217,9 @@ int main(int argc, char *argv[]) goto main_end; } knot_kasp_key_t *key2ds; - ret = kkeymgr_get_key(&kctx, argv[5], &key2ds); + ret = keymgr_get_key(&kctx, argv[5], &key2ds); if (ret == KNOT_EOK) { - ret = kkeymgr_generate_ds(zone_name, key2ds); + ret = keymgr_generate_ds(zone_name, key2ds); } } else if (strcmp(argv[4], "share") == 0) { if (argc < 6) { @@ -235,7 +235,7 @@ int main(int argc, char *argv[]) goto main_end; } knot_kasp_key_t *key2del; - ret = kkeymgr_get_key(&kctx, argv[5], &key2del); + ret = keymgr_get_key(&kctx, argv[5], &key2del); if (ret == KNOT_EOK) { ret = kdnssec_delete_key(&kctx, key2del); } diff --git a/tests-extra/tests/dnssec/dnskey_algorithms/data/generate_keys.sh b/tests-extra/tests/dnssec/dnskey_algorithms/data/generate_keys.sh index 203f2fb7e..338149435 100644 --- a/tests-extra/tests/dnssec/dnskey_algorithms/data/generate_keys.sh +++ b/tests-extra/tests/dnssec/dnskey_algorithms/data/generate_keys.sh @@ -5,7 +5,7 @@ set -xe -KKEYMGR=${1:-kkeymgr} +KEYMGR=${1:-keymgr} keydir=$(pwd)/keys rm -rf "${keydir}" @@ -21,68 +21,68 @@ pushd "$keydir" # # KSK+ZSK, simple -"$KKEYMGR" -d . rsa. generate algorithm=8 size=2048 publish="$TIME_PAST" active="$TIME_PAST" ksk=True -"$KKEYMGR" -d . rsa. generate algorithm=8 size=1024 publish="$TIME_PAST" active="$TIME_PAST" ksk=False +"$KEYMGR" -d . rsa. generate algorithm=8 size=2048 publish="$TIME_PAST" active="$TIME_PAST" ksk=True +"$KEYMGR" -d . rsa. generate algorithm=8 size=1024 publish="$TIME_PAST" active="$TIME_PAST" ksk=False # KSK+ZSK, two algorithms -"$KKEYMGR" -d . rsa_ecdsa. generate algorithm=8 size=2048 publish="$TIME_PAST" active="$TIME_PAST" ksk=True -"$KKEYMGR" -d . rsa_ecdsa. generate algorithm=8 size=1024 publish="$TIME_PAST" active="$TIME_PAST" ksk=False -"$KKEYMGR" -d . rsa_ecdsa. generate algorithm=13 size=256 publish="$TIME_PAST" active="$TIME_PAST" ksk=True -"$KKEYMGR" -d . rsa_ecdsa. generate algorithm=13 size=256 publish="$TIME_PAST" active="$TIME_PAST" ksk=False +"$KEYMGR" -d . rsa_ecdsa. generate algorithm=8 size=2048 publish="$TIME_PAST" active="$TIME_PAST" ksk=True +"$KEYMGR" -d . rsa_ecdsa. generate algorithm=8 size=1024 publish="$TIME_PAST" active="$TIME_PAST" ksk=False +"$KEYMGR" -d . rsa_ecdsa. generate algorithm=13 size=256 publish="$TIME_PAST" active="$TIME_PAST" ksk=True +"$KEYMGR" -d . rsa_ecdsa. generate algorithm=13 size=256 publish="$TIME_PAST" active="$TIME_PAST" ksk=False # KSK+ZSK: RSA enabled, ECDSA in future -"$KKEYMGR" -d . rsa_now_ecdsa_future. generate algorithm=8 size=2048 publish="$TIME_PAST" active="$TIME_PAST" ksk=True -"$KKEYMGR" -d . rsa_now_ecdsa_future. generate algorithm=8 size=1024 publish="$TIME_PAST" active="$TIME_PAST" ksk=False -"$KKEYMGR" -d . rsa_now_ecdsa_future. generate algorithm=13 size=256 publish="$TIME_FUTURE" active="$TIME_FUTURE" ksk=True -"$KKEYMGR" -d . rsa_now_ecdsa_future. generate algorithm=13 size=256 publish="$TIME_FUTURE" active="$TIME_FUTURE" ksk=False +"$KEYMGR" -d . rsa_now_ecdsa_future. generate algorithm=8 size=2048 publish="$TIME_PAST" active="$TIME_PAST" ksk=True +"$KEYMGR" -d . rsa_now_ecdsa_future. generate algorithm=8 size=1024 publish="$TIME_PAST" active="$TIME_PAST" ksk=False +"$KEYMGR" -d . rsa_now_ecdsa_future. generate algorithm=13 size=256 publish="$TIME_FUTURE" active="$TIME_FUTURE" ksk=True +"$KEYMGR" -d . rsa_now_ecdsa_future. generate algorithm=13 size=256 publish="$TIME_FUTURE" active="$TIME_FUTURE" ksk=False # KSK+ZSK, algorithm rollover (signatures pre-published) -"$KKEYMGR" -d . rsa_ecdsa_roll. generate algorithm=8 size=2048 publish="$TIME_PAST" active="$TIME_PAST" ksk=True -"$KKEYMGR" -d . rsa_ecdsa_roll. generate algorithm=8 size=1024 publish="$TIME_PAST" active="$TIME_PAST" ksk=False -"$KKEYMGR" -d . rsa_ecdsa_roll. generate algorithm=13 size=256 publish="$TIME_FUTURE" active="$TIME_PAST" ksk=True -"$KKEYMGR" -d . rsa_ecdsa_roll. generate algorithm=13 size=256 publish="$TIME_FUTURE" active="$TIME_PAST" ksk=False +"$KEYMGR" -d . rsa_ecdsa_roll. generate algorithm=8 size=2048 publish="$TIME_PAST" active="$TIME_PAST" ksk=True +"$KEYMGR" -d . rsa_ecdsa_roll. generate algorithm=8 size=1024 publish="$TIME_PAST" active="$TIME_PAST" ksk=False +"$KEYMGR" -d . rsa_ecdsa_roll. generate algorithm=13 size=256 publish="$TIME_FUTURE" active="$TIME_PAST" ksk=True +"$KEYMGR" -d . rsa_ecdsa_roll. generate algorithm=13 size=256 publish="$TIME_FUTURE" active="$TIME_PAST" ksk=False # STSS: KSK only -"$KKEYMGR" -d . stss_ksk. generate algorithm=8 size=2048 publish="$TIME_PAST" active="$TIME_PAST" ksk=True +"$KEYMGR" -d . stss_ksk. generate algorithm=8 size=2048 publish="$TIME_PAST" active="$TIME_PAST" ksk=True # STSS: ZSK only -"$KKEYMGR" -d . stss_zsk. generate algorithm=8 size=2048 publish="$TIME_PAST" active="$TIME_PAST" ksk=False +"$KEYMGR" -d . stss_zsk. generate algorithm=8 size=2048 publish="$TIME_PAST" active="$TIME_PAST" ksk=False # STSS: two KSKs -"$KKEYMGR" -d . stss_two_ksk. generate algorithm=8 size=1024 publish="$TIME_PAST" active="$TIME_PAST" ksk=True -"$KKEYMGR" -d . stss_two_ksk. generate algorithm=8 size=1024 publish="$TIME_PAST" active="$TIME_PAST" ksk=True +"$KEYMGR" -d . stss_two_ksk. generate algorithm=8 size=1024 publish="$TIME_PAST" active="$TIME_PAST" ksk=True +"$KEYMGR" -d . stss_two_ksk. generate algorithm=8 size=1024 publish="$TIME_PAST" active="$TIME_PAST" ksk=True # STSS: different algorithms -"$KKEYMGR" -d . stss_rsa256_rsa512. generate algorithm=8 size=2048 publish="$TIME_PAST" active="$TIME_PAST" ksk=True -"$KKEYMGR" -d . stss_rsa256_rsa512. generate algorithm=10 size=2048 publish="$TIME_PAST" active="$TIME_PAST" ksk=False +"$KEYMGR" -d . stss_rsa256_rsa512. generate algorithm=8 size=2048 publish="$TIME_PAST" active="$TIME_PAST" ksk=True +"$KEYMGR" -d . stss_rsa256_rsa512. generate algorithm=10 size=2048 publish="$TIME_PAST" active="$TIME_PAST" ksk=False # KSK+ZSK for RSA, STSS for ECDSA -"$KKEYMGR" -d . rsa_split_ecdsa_stss. generate algorithm=8 size=2048 publish="$TIME_PAST" active="$TIME_PAST" ksk=True -"$KKEYMGR" -d . rsa_split_ecdsa_stss. generate algorithm=8 size=1024 publish="$TIME_PAST" active="$TIME_PAST" ksk=False -"$KKEYMGR" -d . rsa_split_ecdsa_stss. generate algorithm=13 size=256 publish="$TIME_PAST" active="$TIME_PAST" ksk=True +"$KEYMGR" -d . rsa_split_ecdsa_stss. generate algorithm=8 size=2048 publish="$TIME_PAST" active="$TIME_PAST" ksk=True +"$KEYMGR" -d . rsa_split_ecdsa_stss. generate algorithm=8 size=1024 publish="$TIME_PAST" active="$TIME_PAST" ksk=False +"$KEYMGR" -d . rsa_split_ecdsa_stss. generate algorithm=13 size=256 publish="$TIME_PAST" active="$TIME_PAST" ksk=True # # invalid scenarios # # no key for now -"$KKEYMGR" -d . rsa_future_all. generate algorithm=8 size=2048 publish="$TIME_FUTURE" active="$TIME_FUTURE" ksk=True -"$KKEYMGR" -d . rsa_future_all. generate algorithm=8 size=1024 publish="$TIME_FUTURE" active="$TIME_FUTURE" ksk=False +"$KEYMGR" -d . rsa_future_all. generate algorithm=8 size=2048 publish="$TIME_FUTURE" active="$TIME_FUTURE" ksk=True +"$KEYMGR" -d . rsa_future_all. generate algorithm=8 size=1024 publish="$TIME_FUTURE" active="$TIME_FUTURE" ksk=False # key active, not published -"$KKEYMGR" -d . rsa_future_publish. generate algorithm=8 size=2048 publish="$TIME_FUTURE" active="$TIME_PAST" ksk=True -"$KKEYMGR" -d . rsa_future_publish. generate algorithm=8 size=1024 publish="$TIME_FUTURE" active="$TIME_PAST" ksk=False +"$KEYMGR" -d . rsa_future_publish. generate algorithm=8 size=2048 publish="$TIME_FUTURE" active="$TIME_PAST" ksk=True +"$KEYMGR" -d . rsa_future_publish. generate algorithm=8 size=1024 publish="$TIME_FUTURE" active="$TIME_PAST" ksk=False # key published, not active -"$KKEYMGR" -d . rsa_future_active. generate algorithm=8 size=2048 publish="$TIME_PAST" active="$TIME_FUTURE" ksk=True -"$KKEYMGR" -d . rsa_future_active. generate algorithm=8 size=1024 publish="$TIME_PAST" active="$TIME_FUTURE" ksk=False +"$KEYMGR" -d . rsa_future_active. generate algorithm=8 size=2048 publish="$TIME_PAST" active="$TIME_FUTURE" ksk=True +"$KEYMGR" -d . rsa_future_active. generate algorithm=8 size=1024 publish="$TIME_PAST" active="$TIME_FUTURE" ksk=False # no signatures for KSK -"$KKEYMGR" -d . rsa_inactive_zsk. generate algorithm=8 size=2048 publish="$TIME_PAST" active="$TIME_PAST" ksk=True -"$KKEYMGR" -d . rsa_inactive_zsk. generate algorithm=8 size=1024 publish="$TIME_PAST" active="$TIME_FUTURE" ksk=False +"$KEYMGR" -d . rsa_inactive_zsk. generate algorithm=8 size=2048 publish="$TIME_PAST" active="$TIME_PAST" ksk=True +"$KEYMGR" -d . rsa_inactive_zsk. generate algorithm=8 size=1024 publish="$TIME_PAST" active="$TIME_FUTURE" ksk=False # no signatures for ZSK -"$KKEYMGR" -d . rsa_no_zsk. generate algorithm=8 size=2048 publish="$TIME_FUTURE" active="$TIME_FUTURE" ksk=True -"$KKEYMGR" -d . rsa_no_zsk. generate algorithm=8 size=1024 publish="$TIME_PAST" active="$TIME_PAST" ksk=False +"$KEYMGR" -d . rsa_no_zsk. generate algorithm=8 size=2048 publish="$TIME_FUTURE" active="$TIME_FUTURE" ksk=True +"$KEYMGR" -d . rsa_no_zsk. generate algorithm=8 size=1024 publish="$TIME_PAST" active="$TIME_PAST" ksk=False popd diff --git a/tests-extra/tests/dnssec/no_resign/data/update.sh b/tests-extra/tests/dnssec/no_resign/data/update.sh index 9479b4b34..e49ec5de6 100755 --- a/tests-extra/tests/dnssec/no_resign/data/update.sh +++ b/tests-extra/tests/dnssec/no_resign/data/update.sh @@ -2,7 +2,7 @@ set -e -KKEYMGR=${KKEYMGR:-kkeymgr} +KEYMGR=${KEYMGR:-keymgr} export BASEDIR=`mktemp -d "/tmp/zone_sign-XXX"` ../../../../tools/zone_sign.sh example. ../../../../data/example.zone nsec diff --git a/tests-extra/tools/dnstest/keys.py b/tests-extra/tools/dnstest/keys.py index 33f24e8d2..0636dd454 100644 --- a/tests-extra/tools/dnstest/keys.py +++ b/tests-extra/tools/dnstest/keys.py @@ -87,7 +87,7 @@ class Tsig(object): class Keymgr(object): @classmethod def run(cls, kasp_dir, *args): - cmdline = [dnstest.params.kkeymgr_bin] + cmdline = [dnstest.params.keymgr_bin] if kasp_dir: cmdline += ["-d", kasp_dir] cmdline += list(args) diff --git a/tests-extra/tools/dnstest/params.py b/tests-extra/tools/dnstest/params.py index 0c8b5aa91..e76e2fb89 100644 --- a/tests-extra/tools/dnstest/params.py +++ b/tests-extra/tools/dnstest/params.py @@ -57,8 +57,8 @@ libknot_lib = get_binary("KNOT_TEST_LIBKNOT", repo_binary("src/.libs/libknot.so" knot_bin = get_binary("KNOT_TEST_KNOT", repo_binary("src/knotd")) # KNOT_TEST_KNOTC - Knot control binary. knot_ctl = get_binary("KNOT_TEST_KNOTC", repo_binary("src/knotc")) -# KNOT_TEST_KKEYMGR - Knot key management binary. -kkeymgr_bin = get_binary("KNOT_TEST_KKEYMGR", repo_binary("src/kkeymgr")) +# KNOT_TEST_KEYMGR - Knot key management binary. +keymgr_bin = get_binary("KNOT_TEST_KEYMGR", repo_binary("src/keymgr")) # KNOT_TEST_BIND - Bind binary. bind_bin = get_binary("KNOT_TEST_BIND", "named") # KNOT_TEST_BINDC - Bind control binary. |