From 84113b237a6e8dcf185c8b8622df77890737325a Mon Sep 17 00:00:00 2001 From: Tony Finch Date: Tue, 17 May 2022 14:13:57 +0200 Subject: [PATCH] Teach dnssec-settime to read unset times that it writes When there is no time in a key file, `dnssec-settime` will print "UNSET", but to unset a time the user must specify "none" or "never". This change allows "unset" or "UNSET" as well as "none" or "never". The "UNSET" output remains the same to avoid compatibility problems with wrapper scripts. I have also re-synchronized the "Timing Options" sections of the man pages. (cherry picked from commit 4c96efac5c3df764dc19c0855b0824d553324b96) --- CHANGES | 4 ++++ bin/dnssec/dnssec-importkey.rst | 26 ++++++++++++++++++-------- bin/dnssec/dnssec-keyfromlabel.rst | 26 ++++++++++++++++++-------- bin/dnssec/dnssec-keygen.rst | 14 +++++++------- bin/dnssec/dnssec-settime.rst | 16 +++++++++------- bin/dnssec/dnssectool.c | 3 ++- bin/tests/system/metadata/tests.sh | 12 ++++++++++-- doc/man/dnssec-importkey.1in | 26 ++++++++++++++++++-------- doc/man/dnssec-keyfromlabel.1in | 26 ++++++++++++++++++-------- doc/man/dnssec-keygen.1in | 14 +++++++------- doc/man/dnssec-settime.1in | 16 +++++++++------- 11 files changed, 120 insertions(+), 63 deletions(-) diff --git a/CHANGES b/CHANGES index b4033eb1ce..727e1e6301 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,7 @@ +5891. [func] Key timing options for `dnssec-settime` and related + utilities now accept "UNSET" times as printed by + `dnssec-settime -p`. [GL #3361] + 5890. [bug] When the fetches-per-server quota was adjusted because of an authoritative server timing out more or less frequently, it was incorrectly set to 1 diff --git a/bin/dnssec/dnssec-importkey.rst b/bin/dnssec/dnssec-importkey.rst index d79b611123..8f6a6b3a11 100644 --- a/bin/dnssec/dnssec-importkey.rst +++ b/bin/dnssec/dnssec-importkey.rst @@ -80,14 +80,24 @@ Options Timing Options ~~~~~~~~~~~~~~ -Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the -argument begins with a ``+`` or ``-``, it is interpreted as an offset from -the present time. For convenience, if such an offset is followed by one -of the suffixes ``y``, ``mo``, ``w``, ``d``, ``h``, or ``mi``, then the offset is -computed in years (defined as 365 24-hour days, ignoring leap years), -months (defined as 30 24-hour days), weeks, days, hours, or minutes, -respectively. Without a suffix, the offset is computed in seconds. To -explicitly prevent a date from being set, use ``none`` or ``never``. +Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. +(which is the format used inside key files), +or 'Day Mon DD HH:MM:SS YYYY' (as printed by ``dnssec-settime -p``), +or UNIX epoch time (as printed by ``dnssec-settime -up``), +or the literal ``now``. + +The argument can be followed by ``+`` or ``-`` and an offset from the +given time. The literal ``now`` can be omitted before an offset. The +offset can be followed by one of the suffixes ``y``, ``mo``, ``w``, +``d``, ``h``, or ``mi``, so that it is computed in years (defined as +365 24-hour days, ignoring leap years), months (defined as 30 24-hour +days), weeks, days, hours, or minutes, respectively. Without a suffix, +the offset is computed in seconds. + +To explicitly prevent a date from being set, use ``none``, ``never``, +or ``unset``. + +All these formats are case-insensitive. .. option:: -P date/offset diff --git a/bin/dnssec/dnssec-keyfromlabel.rst b/bin/dnssec/dnssec-keyfromlabel.rst index 1178213b1c..2b9cb488f7 100644 --- a/bin/dnssec/dnssec-keyfromlabel.rst +++ b/bin/dnssec/dnssec-keyfromlabel.rst @@ -178,14 +178,24 @@ Options Timing Options ~~~~~~~~~~~~~~ -Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the -argument begins with a ``+`` or ``-``, it is interpreted as an offset from -the present time. For convenience, if such an offset is followed by one -of the suffixes ``y``, ``mo``, ``w``, ``d``, ``h``, or ``mi``, then the offset is -computed in years (defined as 365 24-hour days, ignoring leap years), -months (defined as 30 24-hour days), weeks, days, hours, or minutes, -respectively. Without a suffix, the offset is computed in seconds. To -explicitly prevent a date from being set, use ``none`` or ``never``. +Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS +(which is the format used inside key files), +or 'Day Mon DD HH:MM:SS YYYY' (as printed by ``dnssec-settime -p``), +or UNIX epoch time (as printed by ``dnssec-settime -up``), +or the literal ``now``. + +The argument can be followed by ``+`` or ``-`` and an offset from the +given time. The literal ``now`` can be omitted before an offset. The +offset can be followed by one of the suffixes ``y``, ``mo``, ``w``, +``d``, ``h``, or ``mi``, so that it is computed in years (defined as +365 24-hour days, ignoring leap years), months (defined as 30 24-hour +days), weeks, days, hours, or minutes, respectively. Without a suffix, +the offset is computed in seconds. + +To explicitly prevent a date from being set, use ``none``, ``never``, +or ``unset``. + +All these formats are case-insensitive. .. option:: -P date/offset diff --git a/bin/dnssec/dnssec-keygen.rst b/bin/dnssec/dnssec-keygen.rst index 995170ab07..3e659659ab 100644 --- a/bin/dnssec/dnssec-keygen.rst +++ b/bin/dnssec/dnssec-keygen.rst @@ -227,15 +227,15 @@ or 'Day Mon DD HH:MM:SS YYYY' (as printed by ``dnssec-settime -p``), or UNIX epoch time (as printed by ``dnssec-settime -up``), or the literal ``now``. -The argument can be followed by '+' or '-' and an offset from the +The argument can be followed by ``+`` or ``-`` and an offset from the given time. The literal ``now`` can be omitted before an offset. The -offset can be followed by one of the suffixes 'y', 'mo', 'w', 'd', -'h', or 'mi', so that it is computed in years (defined as 365 24-hour -days, ignoring leap years), months (defined as 30 24-hour days), -weeks, days, hours, or minutes, respectively. Without a suffix, the -offset is computed in seconds. +offset can be followed by one of the suffixes ``y``, ``mo``, ``w``, +``d``, ``h``, or ``mi``, so that it is computed in years (defined as +365 24-hour days, ignoring leap years), months (defined as 30 24-hour +days), weeks, days, hours, or minutes, respectively. Without a suffix, +the offset is computed in seconds. -To unset a date, use ``none`` or ``never``. +To unset a date, use ``none``, ``never``, or ``unset``. .. option:: -P date/offset diff --git a/bin/dnssec/dnssec-settime.rst b/bin/dnssec/dnssec-settime.rst index 057ceea3aa..790775646e 100644 --- a/bin/dnssec/dnssec-settime.rst +++ b/bin/dnssec/dnssec-settime.rst @@ -114,15 +114,17 @@ or 'Day Mon DD HH:MM:SS YYYY' (as printed by ``dnssec-settime -p``), or UNIX epoch time (as printed by ``dnssec-settime -up``), or the literal ``now``. -The argument can be followed by '+' or '-' and an offset from the +The argument can be followed by ``+`` or ``-`` and an offset from the given time. The literal ``now`` can be omitted before an offset. The -offset can be followed by one of the suffixes 'y', 'mo', 'w', 'd', -'h', or 'mi', so that it is computed in years (defined as 365 24-hour -days, ignoring leap years), months (defined as 30 24-hour days), -weeks, days, hours, or minutes, respectively. Without a suffix, the -offset is computed in seconds. +offset can be followed by one of the suffixes ``y``, ``mo``, ``w``, +``d``, ``h``, or ``mi``, so that it is computed in years (defined as +365 24-hour days, ignoring leap years), months (defined as 30 24-hour +days), weeks, days, hours, or minutes, respectively. Without a suffix, +the offset is computed in seconds. -To unset a date, use ``none`` or ``never``. +To unset a date, use ``none``, ``never``, or ``unset``. + +All these formats are case-insensitive. .. option:: -P date/offset diff --git a/bin/dnssec/dnssectool.c b/bin/dnssec/dnssectool.c index f4fc3a8659..ffe0978d79 100644 --- a/bin/dnssec/dnssectool.c +++ b/bin/dnssec/dnssectool.c @@ -241,7 +241,8 @@ time_units(isc_stdtime_t offset, char *suffix, const char *str) { static bool isnone(const char *str) { return ((strcasecmp(str, "none") == 0) || - (strcasecmp(str, "never") == 0)); + (strcasecmp(str, "never") == 0) || + (strcasecmp(str, "unset") == 0)); } dns_ttl_t diff --git a/bin/tests/system/metadata/tests.sh b/bin/tests/system/metadata/tests.sh index b3c2cd3fec..6e5b8fe26d 100644 --- a/bin/tests/system/metadata/tests.sh +++ b/bin/tests/system/metadata/tests.sh @@ -212,14 +212,22 @@ key=`$KEYGEN -q -a RSASHA1 $czone` echo_i "checking -p output time is accepted ($n)" t=`$SETTIME -pA $key | sed 's/.*: //'` -$SETTIME -Psync "$t" $key > /dev/null 2>&1 || ret=1 +$SETTIME -Psync "$t" $key > settime2.test$n 2>&1 || ret=1 n=`expr $n + 1` if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` echo_i "checking -up output time is accepted ($n)" t=`$SETTIME -upA $key | sed 's/.*: //'` -$SETTIME -Dsync "$t" $key > /dev/null 2>&1 || ret=1 +$SETTIME -Dsync "$t" $key > settime2.test$n 2>&1 || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo_i "failed"; fi +status=`expr $status + $ret` + +echo_i "checking -p unset time is accepted ($n)" +# The Delete timing metadata is unset. +t=`$SETTIME -pD $key | sed 's/.*: //'` +$SETTIME -Psync "$t" $key > settime2.test$n 2>&1 || ret=1 n=`expr $n + 1` if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` diff --git a/doc/man/dnssec-importkey.1in b/doc/man/dnssec-importkey.1in index c2dde9b269..e36b3bba86 100644 --- a/doc/man/dnssec-importkey.1in +++ b/doc/man/dnssec-importkey.1in @@ -91,14 +91,24 @@ This option prints version information. .UNINDENT .SH TIMING OPTIONS .sp -Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the -argument begins with a \fB+\fP or \fB\-\fP, it is interpreted as an offset from -the present time. For convenience, if such an offset is followed by one -of the suffixes \fBy\fP, \fBmo\fP, \fBw\fP, \fBd\fP, \fBh\fP, or \fBmi\fP, then the offset is -computed in years (defined as 365 24\-hour days, ignoring leap years), -months (defined as 30 24\-hour days), weeks, days, hours, or minutes, -respectively. Without a suffix, the offset is computed in seconds. To -explicitly prevent a date from being set, use \fBnone\fP or \fBnever\fP\&. +Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. +(which is the format used inside key files), +or \(aqDay Mon DD HH:MM:SS YYYY\(aq (as printed by \fBdnssec\-settime \-p\fP), +or UNIX epoch time (as printed by \fBdnssec\-settime \-up\fP), +or the literal \fBnow\fP\&. +.sp +The argument can be followed by \fB+\fP or \fB\-\fP and an offset from the +given time. The literal \fBnow\fP can be omitted before an offset. The +offset can be followed by one of the suffixes \fBy\fP, \fBmo\fP, \fBw\fP, +\fBd\fP, \fBh\fP, or \fBmi\fP, so that it is computed in years (defined as +365 24\-hour days, ignoring leap years), months (defined as 30 24\-hour +days), weeks, days, hours, or minutes, respectively. Without a suffix, +the offset is computed in seconds. +.sp +To explicitly prevent a date from being set, use \fBnone\fP, \fBnever\fP, +or \fBunset\fP\&. +.sp +All these formats are case\-insensitive. .INDENT 0.0 .TP .B \-P date/offset diff --git a/doc/man/dnssec-keyfromlabel.1in b/doc/man/dnssec-keyfromlabel.1in index 82cd29f206..810a1ebe96 100644 --- a/doc/man/dnssec-keyfromlabel.1in +++ b/doc/man/dnssec-keyfromlabel.1in @@ -202,14 +202,24 @@ involved.) .UNINDENT .SH TIMING OPTIONS .sp -Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the -argument begins with a \fB+\fP or \fB\-\fP, it is interpreted as an offset from -the present time. For convenience, if such an offset is followed by one -of the suffixes \fBy\fP, \fBmo\fP, \fBw\fP, \fBd\fP, \fBh\fP, or \fBmi\fP, then the offset is -computed in years (defined as 365 24\-hour days, ignoring leap years), -months (defined as 30 24\-hour days), weeks, days, hours, or minutes, -respectively. Without a suffix, the offset is computed in seconds. To -explicitly prevent a date from being set, use \fBnone\fP or \fBnever\fP\&. +Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS +(which is the format used inside key files), +or \(aqDay Mon DD HH:MM:SS YYYY\(aq (as printed by \fBdnssec\-settime \-p\fP), +or UNIX epoch time (as printed by \fBdnssec\-settime \-up\fP), +or the literal \fBnow\fP\&. +.sp +The argument can be followed by \fB+\fP or \fB\-\fP and an offset from the +given time. The literal \fBnow\fP can be omitted before an offset. The +offset can be followed by one of the suffixes \fBy\fP, \fBmo\fP, \fBw\fP, +\fBd\fP, \fBh\fP, or \fBmi\fP, so that it is computed in years (defined as +365 24\-hour days, ignoring leap years), months (defined as 30 24\-hour +days), weeks, days, hours, or minutes, respectively. Without a suffix, +the offset is computed in seconds. +.sp +To explicitly prevent a date from being set, use \fBnone\fP, \fBnever\fP, +or \fBunset\fP\&. +.sp +All these formats are case\-insensitive. .INDENT 0.0 .TP .B \-P date/offset diff --git a/doc/man/dnssec-keygen.1in b/doc/man/dnssec-keygen.1in index 672ecbc4bf..de94a4573b 100644 --- a/doc/man/dnssec-keygen.1in +++ b/doc/man/dnssec-keygen.1in @@ -256,15 +256,15 @@ or \(aqDay Mon DD HH:MM:SS YYYY\(aq (as printed by \fBdnssec\-settime \-p\fP), or UNIX epoch time (as printed by \fBdnssec\-settime \-up\fP), or the literal \fBnow\fP\&. .sp -The argument can be followed by \(aq+\(aq or \(aq\-\(aq and an offset from the +The argument can be followed by \fB+\fP or \fB\-\fP and an offset from the given time. The literal \fBnow\fP can be omitted before an offset. The -offset can be followed by one of the suffixes \(aqy\(aq, \(aqmo\(aq, \(aqw\(aq, \(aqd\(aq, -\(aqh\(aq, or \(aqmi\(aq, so that it is computed in years (defined as 365 24\-hour -days, ignoring leap years), months (defined as 30 24\-hour days), -weeks, days, hours, or minutes, respectively. Without a suffix, the -offset is computed in seconds. +offset can be followed by one of the suffixes \fBy\fP, \fBmo\fP, \fBw\fP, +\fBd\fP, \fBh\fP, or \fBmi\fP, so that it is computed in years (defined as +365 24\-hour days, ignoring leap years), months (defined as 30 24\-hour +days), weeks, days, hours, or minutes, respectively. Without a suffix, +the offset is computed in seconds. .sp -To unset a date, use \fBnone\fP or \fBnever\fP\&. +To unset a date, use \fBnone\fP, \fBnever\fP, or \fBunset\fP\&. .INDENT 0.0 .TP .B \-P date/offset diff --git a/doc/man/dnssec-settime.1in b/doc/man/dnssec-settime.1in index f8dd6386c4..369cea80e7 100644 --- a/doc/man/dnssec-settime.1in +++ b/doc/man/dnssec-settime.1in @@ -126,15 +126,17 @@ or \(aqDay Mon DD HH:MM:SS YYYY\(aq (as printed by \fBdnssec\-settime \-p\fP), or UNIX epoch time (as printed by \fBdnssec\-settime \-up\fP), or the literal \fBnow\fP\&. .sp -The argument can be followed by \(aq+\(aq or \(aq\-\(aq and an offset from the +The argument can be followed by \fB+\fP or \fB\-\fP and an offset from the given time. The literal \fBnow\fP can be omitted before an offset. The -offset can be followed by one of the suffixes \(aqy\(aq, \(aqmo\(aq, \(aqw\(aq, \(aqd\(aq, -\(aqh\(aq, or \(aqmi\(aq, so that it is computed in years (defined as 365 24\-hour -days, ignoring leap years), months (defined as 30 24\-hour days), -weeks, days, hours, or minutes, respectively. Without a suffix, the -offset is computed in seconds. +offset can be followed by one of the suffixes \fBy\fP, \fBmo\fP, \fBw\fP, +\fBd\fP, \fBh\fP, or \fBmi\fP, so that it is computed in years (defined as +365 24\-hour days, ignoring leap years), months (defined as 30 24\-hour +days), weeks, days, hours, or minutes, respectively. Without a suffix, +the offset is computed in seconds. .sp -To unset a date, use \fBnone\fP or \fBnever\fP\&. +To unset a date, use \fBnone\fP, \fBnever\fP, or \fBunset\fP\&. +.sp +All these formats are case\-insensitive. .INDENT 0.0 .TP .B \-P date/offset