From 2a0ef82b19ea6c4c003233a01af301782b37cee8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Fri, 18 Aug 2017 11:17:43 +0200 Subject: [PATCH] [v9_10] Prevent dnssec-settime from printing a bogus warning 4686. [bug] dnssec-settime -p could print a bogus warning about key deletion scheduled before its inactivation when a key had an inactivation date set but no deletion date set. [RT #45807] (cherry picked from commit 330365566dab00a1b659dd32e90698800f13af0f) --- CHANGES | 5 +++++ bin/dnssec/dnssec-settime.c | 2 +- bin/tests/system/metadata/tests.sh | 9 +++++++++ 3 files changed, 15 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 81dea93961..de92389f67 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,8 @@ +4686. [bug] dnssec-settime -p could print a bogus warning about + key deletion scheduled before its inactivation when a + key had an inactivation date set but no deletion date + set. [RT #45807] + 4685. [bug] dnssec-settime incorrectly calculated publication and activation dates for a successor key. [RT #45806] diff --git a/bin/dnssec/dnssec-settime.c b/bin/dnssec/dnssec-settime.c index dcfcdf27ab..3e7f32c637 100644 --- a/bin/dnssec/dnssec-settime.c +++ b/bin/dnssec/dnssec-settime.c @@ -485,7 +485,7 @@ main(int argc, char **argv) { &prevdel) == ISC_R_SUCCESS && setinact && !setdel && !unsetdel && prevdel < inact) || (!setdel && !unsetdel && !setinact && !unsetinact && - prevdel < previnact)) + prevdel != 0 && prevdel < previnact)) fprintf(stderr, "%s: warning: Key is scheduled to " "be deleted before it is\n\t" "scheduled to be inactive.\n", diff --git a/bin/tests/system/metadata/tests.sh b/bin/tests/system/metadata/tests.sh index d5fed2bea6..719ad0c726 100644 --- a/bin/tests/system/metadata/tests.sh +++ b/bin/tests/system/metadata/tests.sh @@ -170,6 +170,15 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` +echo "I:checking no warning about delete date < inactive date with dnssec-settime when delete date is unset ($n)" +ret=0 +$SETTIME -D none `cat oldstyle.key` > tmp.out 2>&1 || ret=1 +$SETTIME -p all `cat oldstyle.key` > tmp.out 2>&1 || ret=1 +grep "warning" tmp.out > /dev/null 2>&1 && ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + echo "I:checking warning about delete date < inactive date with dnssec-keygen ($n)" ret=0 # keygen should print a warning about delete < inactive