• Robert Edmonds's avatar
    Change DS creation to omit TTL and use spaces instead of tabs (Closes: #864016) · be97d5a0
    Robert Edmonds authored
    The version of dnsmasq in testing (currently 2.76-5) and which will
    apparently be released with stretch uses the following sed parser to
    convert the root.ds file in dns-root-data to command-line arguments for
        sed -e s/". IN DS "/--trust-anchor=.,/ -e s/" "/,/g $ROOT_DS
    This chokes on the root.ds file shipped in the dns-root-data 2017041101
    package. (See #858506 and #860064.) Consequently dnsmasq 2.77-1 shipped
    the following parser:
        sed -e s/"^.*DS[\t ]"/--trust-anchor=.,/ -e s/" "/,/g $ROOT_DS
    This commit relaxes the format of the root.ds file so that it can be
    parsed by the init script in both dnsmasq 2.76-5 and dnsmasq 2.77-1, by
    removing the TTL field (which doesn't make much sense for a trust anchor
    anyway) and converting the tab characters to spaces. This results in the
    following root.ds content:
        . IN DS 19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5
        . IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
    Both the dnsmasq 2.76-5 and 2.77-1 parsers convert the above root.ds
    content to the following dnsmasq command-line arguments:
    For comparison, previous versions of dns-root-data (before we started
    shipping the second trust anchor for the KSK rollover) formatted the
    root.ds file like this:
        . IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
    This commit also adds a workaround in debian/rules to munge the output
    of ldns-key2ds so that the diff comparison will succeed.
Last commit
Last update
debian Loading commit data...
Kjqmt7v.crt Loading commit data...
Kjqmt7v.csr Loading commit data...
icannbundle.pem Loading commit data...
parse-root-anchors.sh Loading commit data...
root-anchors.p7s Loading commit data...
root-anchors.xml Loading commit data...
root.hints Loading commit data...
root.key Loading commit data...