Add CHANGES note for [GL !2947 ]

(cherry picked from commit fcca62859d)
Teach dnssec-settime to read times that it writes
2022-05-18 12:24:06 +02:00 · 2022-05-18 11:41:47 +02:00
7 changed files with 96 additions and 32 deletions
--- a/4
+++ b/4
@@ -7,6 +7,10 @@
 5888.	[bug]		Only write key files if the dnssec-policy keymgr has
 			changed the metadata. [GL #3302]

+5837.	[func]		Key timing options for `dnssec-keygen` and
+			`dnssec-settime` now accept times as printed by
+			`dnssec-settime -p`. [GL !2947]
+
 5885.	[bug]		RPZ NSIP and NSDNAME rule processing didn't handle stub
 			and static-stub zones at or above the query name.  This
 			has now been addressed. [GL #3232]
--- a/bin/dnssec/dnssec-keygen.rst
+++ b/bin/dnssec/dnssec-keygen.rst
@@ -204,14 +204,21 @@ Options
 Timing Options
 ~~~~~~~~~~~~~~

-Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the
-argument begins with a ``+`` or ``-``, it is interpreted as an offset from
-the present time. For convenience, if such an offset is followed by one
-of the suffixes ``y``, ``mo``, ``w``, ``d``, ``h``, or ``mi``, then the offset is
-computed in years (defined as 365 24-hour days, ignoring leap years),
-months (defined as 30 24-hour days), weeks, days, hours, or minutes,
-respectively. Without a suffix, the offset is computed in seconds. To
-explicitly prevent a date from being set, use ``none`` or ``never``.
+Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS
+(which is the format used inside key files),
+or 'Day Mon DD HH:MM:SS YYYY' (as printed by ``dnssec-settime -p``),
+or UNIX epoch time (as printed by ``dnssec-settime -up``),
+or the literal ``now``.
+
+The argument can be followed by '+' or '-' and an offset from the
+given time. The literal ``now`` can be omitted before an offset. The
+offset can be followed by one of the suffixes 'y', 'mo', 'w', 'd',
+'h', or 'mi', so that it is computed in years (defined as 365 24-hour
+days, ignoring leap years), months (defined as 30 24-hour days),
+weeks, days, hours, or minutes, respectively. Without a suffix, the
+offset is computed in seconds.
+
+To unset a date, use ``none`` or ``never``.

 ``-P date/offset``
   This option sets the date on which a key is to be published to the zone. After
--- a/bin/dnssec/dnssec-settime.rst
+++ b/bin/dnssec/dnssec-settime.rst
@@ -102,14 +102,21 @@ Options
 Timing Options
 ~~~~~~~~~~~~~~

-Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the
-argument begins with a ``+`` or ``-``, it is interpreted as an offset from
-the present time. For convenience, if such an offset is followed by one
-of the suffixes ``y``, ``mo``, ``w``, ``d``, ``h``, or ``mi``, then the offset is
-computed in years (defined as 365 24-hour days, ignoring leap years),
-months (defined as 30 24-hour days), weeks, days, hours, or minutes,
-respectively. Without a suffix, the offset is computed in seconds. To
-explicitly prevent a date from being set, use ``none`` or ``never``.
+Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS
+(which is the format used inside key files),
+or 'Day Mon DD HH:MM:SS YYYY' (as printed by ``dnssec-settime -p``),
+or UNIX epoch time (as printed by ``dnssec-settime -up``),
+or the literal ``now``.
+
+The argument can be followed by '+' or '-' and an offset from the
+given time. The literal ``now`` can be omitted before an offset. The
+offset can be followed by one of the suffixes 'y', 'mo', 'w', 'd',
+'h', or 'mi', so that it is computed in years (defined as 365 24-hour
+days, ignoring leap years), months (defined as 30 24-hour days),
+weeks, days, hours, or minutes, respectively. Without a suffix, the
+offset is computed in seconds.
+
+To unset a date, use ``none`` or ``never``.

 ``-P date/offset``
   This option sets the date on which a key is to be published to the zone. After
--- a/bin/dnssec/dnssectool.c
+++ b/bin/dnssec/dnssectool.c
@@ -37,6 +37,7 @@
 #include <isc/print.h>
 #include <isc/string.h>
 #include <isc/time.h>
+#include <isc/tm.h>
 #include <isc/util.h>

 #include <dns/db.h>
@@ -288,6 +289,7 @@ strtotime(const char *str, int64_t now, int64_t base, bool *setp) {
 	const char *orig = str;
 	char *endp;
 	size_t n;
+	struct tm tm;

 	if (isnone(str)) {
 		if (setp != NULL) {
@@ -309,6 +311,8 @@ strtotime(const char *str, int64_t now, int64_t base, bool *setp) {
 	 *   now([+-]offset)
 	 *   YYYYMMDD([+-]offset)
 	 *   YYYYMMDDhhmmss([+-]offset)
+	 *   Day Mon DD HH:MM:SS YYYY([+-]offset)
+	 *   1234567890([+-]offset)
 	 *   [+-]offset
 	 */
 	n = strspn(str, "0123456789");
@@ -328,9 +332,21 @@ strtotime(const char *str, int64_t now, int64_t base, bool *setp) {
 		}
 		base = val;
 		str += n;
+	} else if (n == 10u &&
+		   (str[n] == '\0' || str[n] == '-' || str[n] == '+')) {
+		base = strtoll(str, &endp, 0);
+		str += 10;
 	} else if (strncmp(str, "now", 3) == 0) {
 		base = now;
 		str += 3;
+	} else if (str[0] >= 'A' && str[0] <= 'Z') {
+		/* parse ctime() format as written by `dnssec-settime -p` */
+		endp = isc_tm_strptime(str, "%a %b %d %H:%M:%S %Y", &tm);
+		if (endp != str + 24) {
+			fatal("time value %s is invalid", orig);
+		}
+		base = mktime(&tm);
+		str += 24;
 	}

 	if (str[0] == '\0') {
--- a/bin/tests/system/metadata/tests.sh
+++ b/bin/tests/system/metadata/tests.sh
@@ -209,5 +209,21 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`

+key=`$KEYGEN -q -a RSASHA1 $czone`
+
+echo_i "checking -p output time is accepted ($n)"
+t=`$SETTIME -pA $key | sed 's/.*: //'`
+$SETTIME -Psync "$t" $key > /dev/null 2>&1 || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
+echo_i "checking -up output time is accepted ($n)"
+t=`$SETTIME -upA $key | sed 's/.*: //'`
+$SETTIME -Dsync "$t" $key > /dev/null 2>&1 || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
 echo_i "exit status: $status"
 [ $status -eq 0 ] || exit 1
--- a/doc/man/dnssec-keygen.8in
+++ b/doc/man/dnssec-keygen.8in
@@ -213,14 +213,21 @@ This option sets the debugging level.
 .UNINDENT
 .SH TIMING OPTIONS
 .sp
-Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the
-argument begins with a \fB+\fP or \fB\-\fP, it is interpreted as an offset from
-the present time. For convenience, if such an offset is followed by one
-of the suffixes \fBy\fP, \fBmo\fP, \fBw\fP, \fBd\fP, \fBh\fP, or \fBmi\fP, then the offset is
-computed in years (defined as 365 24\-hour days, ignoring leap years),
-months (defined as 30 24\-hour days), weeks, days, hours, or minutes,
-respectively. Without a suffix, the offset is computed in seconds. To
-explicitly prevent a date from being set, use \fBnone\fP or \fBnever\fP\&.
+Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS
+(which is the format used inside key files),
+or \(aqDay Mon DD HH:MM:SS YYYY\(aq (as printed by \fBdnssec\-settime \-p\fP),
+or UNIX epoch time (as printed by \fBdnssec\-settime \-up\fP),
+or the literal \fBnow\fP\&.
+.sp
+The argument can be followed by \(aq+\(aq or \(aq\-\(aq and an offset from the
+given time. The literal \fBnow\fP can be omitted before an offset. The
+offset can be followed by one of the suffixes \(aqy\(aq, \(aqmo\(aq, \(aqw\(aq, \(aqd\(aq,
+\(aqh\(aq, or \(aqmi\(aq, so that it is computed in years (defined as 365 24\-hour
+days, ignoring leap years), months (defined as 30 24\-hour days),
+weeks, days, hours, or minutes, respectively. Without a suffix, the
+offset is computed in seconds.
+.sp
+To unset a date, use \fBnone\fP or \fBnever\fP\&.
 .INDENT 0.0
 .TP
 .B \fB\-P date/offset\fP
--- a/doc/man/dnssec-settime.8in
+++ b/doc/man/dnssec-settime.8in
@@ -111,14 +111,21 @@ defaults to the path of the PKCS#11 provider library specified via
 .UNINDENT
 .SH TIMING OPTIONS
 .sp
-Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the
-argument begins with a \fB+\fP or \fB\-\fP, it is interpreted as an offset from
-the present time. For convenience, if such an offset is followed by one
-of the suffixes \fBy\fP, \fBmo\fP, \fBw\fP, \fBd\fP, \fBh\fP, or \fBmi\fP, then the offset is
-computed in years (defined as 365 24\-hour days, ignoring leap years),
-months (defined as 30 24\-hour days), weeks, days, hours, or minutes,
-respectively. Without a suffix, the offset is computed in seconds. To
-explicitly prevent a date from being set, use \fBnone\fP or \fBnever\fP\&.
+Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS
+(which is the format used inside key files),
+or \(aqDay Mon DD HH:MM:SS YYYY\(aq (as printed by \fBdnssec\-settime \-p\fP),
+or UNIX epoch time (as printed by \fBdnssec\-settime \-up\fP),
+or the literal \fBnow\fP\&.
+.sp
+The argument can be followed by \(aq+\(aq or \(aq\-\(aq and an offset from the
+given time. The literal \fBnow\fP can be omitted before an offset. The
+offset can be followed by one of the suffixes \(aqy\(aq, \(aqmo\(aq, \(aqw\(aq, \(aqd\(aq,
+\(aqh\(aq, or \(aqmi\(aq, so that it is computed in years (defined as 365 24\-hour
+days, ignoring leap years), months (defined as 30 24\-hour days),
+weeks, days, hours, or minutes, respectively. Without a suffix, the
+offset is computed in seconds.
+.sp
+To unset a date, use \fBnone\fP or \fBnever\fP\&.
 .INDENT 0.0
 .TP
 .B \fB\-P date/offset\fP