3086. [bug] Running dnssec-settime -f on an old-style key will

now force an update to the new key format even if no
			other change has been specified, using "-P now -A now"
			as default values.  [RT #22474]

CHANGES

@@ -1,3 +1,8 @@
+3086.	[bug]		Running dnssec-settime -f on an old-style key will
+			now force an update to the new key format even if no
+			other change has been specified, using "-P now -A now"
+			as default values.  [RT #22474]
+
 3083.	[bug]		NOTIFY messages were not being sent when generating
 			a NSEC3 chain incrementally. [RT #23702]
 

bin/dnssec/dnssec-settime.c

@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssec-settime.c,v 1.28 2010/12/19 07:29:36 each Exp $ */
+/* $Id: dnssec-settime.c,v 1.28.16.1 2011/03/21 15:56:12 each Exp $ */
 
 /*! \file */
 
@@ -513,6 +513,16 @@ main(int argc, char **argv) {
 	else if (unsetdel)
 		dst_key_unsettime(key, DST_TIME_DELETE);
 
+	/*
+	 * No metadata changes were made but we're forcing an upgrade
+	 * to the new format anyway: use "-P now -A now" as the default
+	 */
+	if (force && !changed) {
+		dst_key_settime(key, DST_TIME_PUBLISH, now);
+		dst_key_settime(key, DST_TIME_ACTIVATE, now);
+		changed = ISC_TRUE;
+	}
+
 	/*
 	 * Print out time values, if -p was used.
 	 */

bin/dnssec/dnssec-settime.docbook

@@ -17,7 +17,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: dnssec-settime.docbook,v 1.11 2010/08/16 22:21:06 marka Exp $ -->
+<!-- $Id: dnssec-settime.docbook,v 1.11.70.1 2011/03/21 15:56:12 each Exp $ -->
 <refentry id="man.dnssec-settime">
   <refentryinfo>
     <date>July 15, 2009</date>
@@ -98,7 +98,9 @@
             fail when attempting to update a legacy key.  With this option,
             the key will be recreated in the new format, but with the
             original key data retained.  The key's creation date will be
-            set to the present time. 
+            set to the present time.  If no other values are specified, 
+            then the key's publication and activation dates will also 
+            be set to the present time.
 	  </para>
         </listitem>
       </varlistentry>

bin/tests/system/metadata/clean.sh

@@ -14,10 +14,10 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: clean.sh,v 1.3 2009/11/30 23:48:02 tbox Exp $
+# $Id: clean.sh,v 1.3.250.1 2011/03/21 15:56:12 each Exp $
 
 rm -f K* dsset-* *.signed *.new random.data
 rm -f zsk.key ksk.key parent.ksk.key parent.zsk.key 
 rm -f pending.key rolling.key standby.key inact.key
-rm -f prerev.key postrev.key
+rm -f prerev.key postrev.key oldstyle.key
 rm -f keys sigs

bin/tests/system/metadata/setup.sh

@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: setup.sh,v 1.3 2009/11/30 23:48:02 tbox Exp $
+# $Id: setup.sh,v 1.3.250.1 2011/03/21 15:56:12 each Exp $
 
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
@@ -66,3 +66,6 @@ echo $pzsk > parent.zsk.key
 pksk=`$KEYGEN -q -r $RANDFILE -fk $pzone`
 echo $pksk > parent.ksk.key
 
+oldstyle=`$KEYGEN -Cq -r $RANDFILE $pzone`
+echo $oldstyle > oldstyle.key
+

bin/tests/system/metadata/tests.sh

@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: tests.sh,v 1.5 2009/12/02 17:54:45 each Exp $
+# $Id: tests.sh,v 1.5.250.1 2011/03/21 15:56:12 each Exp $
 
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
@@ -134,5 +134,16 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`
 
+echo "I:checking update of an old-style key"
+ret=0
+# printing metadata should not work with an old-style key
+$SETTIME -pall `cat oldstyle.key` > /dev/null 2>&1 && ret=1
+$SETTIME -f `cat oldstyle.key` > /dev/null 2>&1 || ret=1
+# but now it should
+$SETTIME -pall `cat oldstyle.key` > /dev/null 2>&1 || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
 echo "I:exit status: $status"
 exit $status