4396. [func] dnssec-keymgr now takes a '-r randomfile' option.

[RT #42455]
2016-06-24 14:12:24 +10:00
parent b709d84755
commit c1a72112b2
6 changed files with 35 additions and 7 deletions
--- a/bin/python/dnssec-keymgr.docbook
+++ b/bin/python/dnssec-keymgr.docbook
@@ -14,10 +14,9 @@
 - PERFORMANCE OF THIS SOFTWARE.
 -->

-<!-- Converted by db4-upgrade version 1.0 -->
 <refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.dnssec-keymgr">
  <info>
-    <date>2016-04-03</date>
+    <date>2016-06-03</date>
  </info>
  <refentryinfo>
    <corpname>ISC</corpname>
@@ -53,6 +52,7 @@
      <arg choice="opt" rep="norepeat"><option>-v</option></arg>
      <arg choice="opt" rep="norepeat"><option>-z</option></arg>
      <arg choice="opt" rep="norepeat"><option>-g <replaceable class="parameter">path</replaceable></option></arg>
+      <arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">path</replaceable></option></arg>
      <arg choice="opt" rep="norepeat"><option>-s <replaceable class="parameter">path</replaceable></option></arg>
      <arg choice="opt" rep="repeat">zone</arg>
    </cmdsynopsis>
@@ -191,6 +191,18 @@
        </listitem>
      </varlistentry>

+      <varlistentry>
+        <term>-r <replaceable class="parameter">randomdev</replaceable></term>
+        <listitem>
+          <para>
+            Specifies a path to a file containing random data.
+            This is passed to the <command>dnssec-keygen</command> binary
+            using its <option>-r</option> option.
+<!-- TODO: what to do about "-r keyboard"? -->
+          </para>
+        </listitem>
+      </varlistentry>
+
      <varlistentry>
        <term>-s <replaceable class="parameter">settime-path</replaceable></term>
        <listitem>
--- a/bin/python/isc/dnskey.py.in
+++ b/bin/python/isc/dnskey.py.in
@@ -170,12 +170,15 @@ class dnskey:
                self._changed[prop] = False

    @classmethod
-    def generate(cls, keygen_bin, keys_dir, name, alg, keysize, sep,
+    def generate(cls, keygen_bin, randomdev, keys_dir, name, alg, keysize, sep,
                 ttl, publish=None, activate=None, **kwargs):
        quiet = kwargs.get('quiet', False)

        keygen_cmd = [keygen_bin, "-q", "-K", keys_dir, "-L", str(ttl)]

+        if randomdev:
+            keygen_cmd += ["-r", randomdev]
+
        if sep:
            keygen_cmd.append("-fk")

@@ -210,7 +213,7 @@ class dnskey:
        except Exception as e:
            raise Exception('unable to parse generated key: %s' % str(e))

-    def generate_successor(self, keygen_bin, **kwargs):
+    def generate_successor(self, keygen_bin, randomdev, **kwargs):
        quiet = kwargs.get('quiet', False)

        if not self.inactive():
@@ -221,6 +224,9 @@ class dnskey:
        if self.ttl:
            keygen_cmd += ["-L", str(self.ttl)]

+        if randomdev:
+            keygen_cmd += ["-r", randomdev]
+
        if not quiet:
            print('# ' + ' '.join(keygen_cmd))

--- a/bin/python/isc/keymgr.py.in
+++ b/bin/python/isc/keymgr.py.in
@@ -80,6 +80,9 @@ def parse_args():
    parser.add_argument('-g', dest='keygen', default=keygen, type=str,
                        help='Path to \'dnssec-keygen\'',
                        metavar='path')
+    parser.add_argument('-r', dest='randomdev', type=str, default=None,
+                        help='Path to a file containing random data to pass to \'dnssec-keygen\'',
+                        metavar='path')
    parser.add_argument('-s', dest='settime', default=settime, type=str,
                        help='Path to \'dnssec-settime\'',
                        metavar='path')
@@ -130,7 +133,8 @@ def main():
    # into a context object that can be passed around
    context = {'keygen_path': args.keygen,
               'settime_path': args.settime,
-               'keys_path': args.path}
+               'keys_path': args.path,
+               'randomdev': args.randomdev}

    try:
        dp = policy.dnssec_policy(args.policyfile)
--- a/bin/python/isc/keyseries.py.in
+++ b/bin/python/isc/keyseries.py.in
@@ -131,6 +131,7 @@ class keyseries:
            # generated if Inactive has been set in the predecessor key
            prev.commit(self._context['settime_path'], **kwargs)
            key = prev.generate_successor(self._context['keygen_path'],
+                                          self._context['randomdev'],
                                          **kwargs)

            key.setinactive(key.activate() + rp, **kwargs)
@@ -166,6 +167,7 @@ class keyseries:
            if 'ksk' not in kwargs or not kwargs['ksk']:
                if len(self._Z[zone][algnum]) == 0:
                    k = dnskey.generate(self._context['keygen_path'],
+                                        self._context['randomdev'],
                                        keys_dir, zone, alg,
                                        policy.zsk_keysize, False,
                                        policy.keyttl or 3600,
@@ -176,6 +178,7 @@ class keyseries:
            if 'zsk' not in kwargs or not kwargs['zsk']:
                if len(self._K[zone][algnum]) == 0:
                    k = dnskey.generate(self._context['keygen_path'],
+                                        self._context['randomdev'],
                                        keys_dir, zone, alg,
                                        policy.ksk_keysize, True,
                                        policy.keyttl or 3600,