upstream/knot-dns
1
0
Fork 0
mirror of https://gitlab.nic.cz/knot/knot-dns.git synced 2026-05-11 08:38:11 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

zone backup: dont fail when public-only key is there

Browse source
This commit is contained in:
Libor Peltan 2020-12-10 14:31:02 +01:00
parent 6bd46b9230
commit 43d028eeb4
2 changed files with 16 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
src/knot/zone/backup.c
View file

@ -190,7 +190,7 @@ static conf_val_t get_zone_policy(conf_t *conf, const knot_dname_t *zone)
return policy;
}
#define LOG_FAIL(action) log_zone_warning(zone->name, "%s, %s failed (%s)\n", ctx->restore_mode ? "restore" : "backup", (action), knot_strerror(ret))
#define LOG_FAIL(action) log_zone_warning(zone->name, "%s, %s failed (%s)", ctx->restore_mode ? "restore" : "backup", (action), knot_strerror(ret))
static int backup_keystore(conf_t *conf, zone_t *zone, zone_backup_ctx_t *ctx)
{
@ -230,9 +230,10 @@ static int backup_keystore(conf_t *conf, zone_t *zone, zone_backup_ctx_t *ctx)
}
ptrnode_t *n;
WALK_LIST(n, key_params) {
if (ret == KNOT_EOK) {
ret = backup_key(n->d, from, to);
free_key_params(n->d);
key_params_t *parm = n->d;
if (ret == KNOT_EOK && !parm->is_pub_only) {
ret = backup_key(parm, from, to);
free_key_params(parm);
}
}
if (ret != KNOT_EOK) {

13
tests-extra/tests/zone/backup/test.py
View file

@ -5,6 +5,7 @@
from dnstest.test import Test
from dnstest.module import ModOnlineSign
from dnstest.utils import *
from dnstest.keys import Keymgr
import shutil
import random
@ -28,8 +29,10 @@ t.link(zones, master, slave)
for z in zones:
if random.choice([True, False]):
master.dnssec(z).enable = True
master.dnssec(z).algorithm = "ECDSAP256SHA256"
master.dnssec(z).single_type_signing = False
else:
master.add_module(z, ModOnlineSign())
master.add_module(z, ModOnlineSign(algorithm="ECDSAP256SHA256"))
slave.zones[z.name].journal_content = "all"
slave.zonefile_load = "none"
@ -40,9 +43,15 @@ zone0_expire = 45 # zone zones[0] expiration time in its SOA
valgrind_delay = 2 if slave.valgrind else 0 # allow a little time margin under Valgrind
t.start()
slave.zones_wait(zones)
serials_init = slave.zones_wait(zones)
start_time = int(t.uptime())
for z in zones:
if master.dnssec(z).enable:
Keymgr.run_check(master.confile, z.name, "import-pub", "%s/%skey" % (t.data_dir, z.name))
master.ctl("zone-sign " + z.name)
slave.zone_wait(z, serials_init[z.name])
master.ctl("zone-backup +backupdir %s" % backup_dir)
slave.ctl("zone-backup %s %s +journal +backupdir %s +nozonefile" % \
(zones[0].name, zones[1].name, slave_bck_dir))