• Robert Edmonds's avatar
    Change DS creation to omit TTL and use spaces instead of tabs (Closes: #864016) · be97d5a0
    Robert Edmonds authored
    The version of dnsmasq in testing (currently 2.76-5) and which will
    apparently be released with stretch uses the following sed parser to
    convert the root.ds file in dns-root-data to command-line arguments for
    dnsmasq:
    
        sed -e s/". IN DS "/--trust-anchor=.,/ -e s/" "/,/g $ROOT_DS
    
    This chokes on the root.ds file shipped in the dns-root-data 2017041101
    package. (See #858506 and #860064.) Consequently dnsmasq 2.77-1 shipped
    the following parser:
    
        sed -e s/"^.*DS[\t ]"/--trust-anchor=.,/ -e s/" "/,/g $ROOT_DS
    
    This commit relaxes the format of the root.ds file so that it can be
    parsed by the init script in both dnsmasq 2.76-5 and dnsmasq 2.77-1, by
    removing the TTL field (which doesn't make much sense for a trust anchor
    anyway) and converting the tab characters to spaces. This results in the
    following root.ds content:
    
        . IN DS 19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5
        . IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
    
    Both the dnsmasq 2.76-5 and 2.77-1 parsers convert the above root.ds
    content to the following dnsmasq command-line arguments:
    
        --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5
        --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
    
    For comparison, previous versions of dns-root-data (before we started
    shipping the second trust anchor for the KSK rollover) formatted the
    root.ds file like this:
    
        . IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
    
    This commit also adds a workaround in debian/rules to munge the output
    of ldns-key2ds so that the diff comparison will succeed.
    be97d5a0
Name
Last commit
Last update
debian Loading commit data...
Kjqmt7v.crt Loading commit data...
Kjqmt7v.csr Loading commit data...
icannbundle.pem Loading commit data...
parse-root-anchors.sh Loading commit data...
root-anchors.p7s Loading commit data...
root-anchors.xml Loading commit data...
root.hints Loading commit data...
root.key Loading commit data...