dnssec-keygen: -K keydir takes priority

When using dnssec-policy with dnssec-keygen in combination with setting
the key-directory on the command line, the commandline argument takes
priority over the key-directory from the default named.conf.

bin/dnssec/dnssec-keygen.c

@@ -256,7 +256,7 @@ progress(int p) {
 
 static void
 kasp_from_conf(cfg_obj_t *config, isc_mem_t *mctx, const char *name,
-	       const char *engine, dns_kasp_t **kaspp) {
+	       const char *keydir, const char *engine, dns_kasp_t **kaspp) {
 	isc_result_t result = ISC_R_NOTFOUND;
 	const cfg_listelt_t *element;
 	const cfg_obj_t *kasps = NULL;
@@ -289,6 +289,10 @@ kasp_from_conf(cfg_obj_t *config, isc_mem_t *mctx, const char *name,
 	ks = NULL;
 	(void)cfg_keystore_fromconfig(NULL, mctx, lctx, engine, &kslist, &ks);
 	INSIST(ks != NULL);
+	if (keydir != NULL) {
+		/* '-K keydir' takes priority */
+		dns_keystore_setdirectory(ks, keydir);
+	}
 	dns_keystore_detach(&ks);
 
 	(void)cfg_map_get(config, "dnssec-policy", &kasps);
@@ -1328,7 +1332,8 @@ main(int argc, char **argv) {
 				      ctx.policy, ctx.configfile);
 			}
 
-			kasp_from_conf(config, mctx, ctx.policy, engine, &kasp);
+			kasp_from_conf(config, mctx, ctx.policy, ctx.directory,
+				       engine, &kasp);
 			if (kasp == NULL) {
 				fatal("failed to load dnssec-policy '%s'",
 				      ctx.policy);

bin/tests/system/kasp/tests.sh

@@ -97,6 +97,7 @@ set_zonesigning "KEY4" "yes"
 
 lines=$(get_keyids "$DIR" "$ZONE" | wc -l)
 test "$lines" -eq $NUM_KEYS || log_error "bad number of key ids"
+status=$((status + ret))
 
 ids=$(get_keyids "$DIR" "$ZONE")
 for id in $ids; do