From b0f14a604d4c5681b0227305b4e1357554591935 Mon Sep 17 00:00:00 2001 From: Matthijs Mekking Date: Thu, 13 Apr 2023 11:17:43 +0200 Subject: [PATCH] dnssec-keygen: -K keydir takes priority When using dnssec-policy with dnssec-keygen in combination with setting the key-directory on the command line, the commandline argument takes priority over the key-directory from the default named.conf. --- bin/dnssec/dnssec-keygen.c | 9 +++++++-- bin/tests/system/kasp/tests.sh | 1 + 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/bin/dnssec/dnssec-keygen.c b/bin/dnssec/dnssec-keygen.c index 9f9c3b5b08..c3b98ce0a5 100644 --- a/bin/dnssec/dnssec-keygen.c +++ b/bin/dnssec/dnssec-keygen.c @@ -256,7 +256,7 @@ progress(int p) { static void kasp_from_conf(cfg_obj_t *config, isc_mem_t *mctx, const char *name, - const char *engine, dns_kasp_t **kaspp) { + const char *keydir, const char *engine, dns_kasp_t **kaspp) { isc_result_t result = ISC_R_NOTFOUND; const cfg_listelt_t *element; const cfg_obj_t *kasps = NULL; @@ -289,6 +289,10 @@ kasp_from_conf(cfg_obj_t *config, isc_mem_t *mctx, const char *name, ks = NULL; (void)cfg_keystore_fromconfig(NULL, mctx, lctx, engine, &kslist, &ks); INSIST(ks != NULL); + if (keydir != NULL) { + /* '-K keydir' takes priority */ + dns_keystore_setdirectory(ks, keydir); + } dns_keystore_detach(&ks); (void)cfg_map_get(config, "dnssec-policy", &kasps); @@ -1328,7 +1332,8 @@ main(int argc, char **argv) { ctx.policy, ctx.configfile); } - kasp_from_conf(config, mctx, ctx.policy, engine, &kasp); + kasp_from_conf(config, mctx, ctx.policy, ctx.directory, + engine, &kasp); if (kasp == NULL) { fatal("failed to load dnssec-policy '%s'", ctx.policy); diff --git a/bin/tests/system/kasp/tests.sh b/bin/tests/system/kasp/tests.sh index e0eb143385..b6c80b8311 100644 --- a/bin/tests/system/kasp/tests.sh +++ b/bin/tests/system/kasp/tests.sh @@ -97,6 +97,7 @@ set_zonesigning "KEY4" "yes" lines=$(get_keyids "$DIR" "$ZONE" | wc -l) test "$lines" -eq $NUM_KEYS || log_error "bad number of key ids" +status=$((status + ret)) ids=$(get_keyids "$DIR" "$ZONE") for id in $ids; do