Control: severity -1 important Hi,
this is not something really fixable without breaking existing user base (for now). The problem is that you need configured and initialized HSM store for the keys, and that something the user must do manually, because he is expected to provide his own HSM - and while softhsm2 is the most common implementation used together with OpenDNSSEC, it's not the only one. I could probably provide --no-start to dh_systemd_start invocation, but doing that now inside the stretch freeze would be very disruptive (in my opinion). It might be also fixed upstream to not exit violently when no key store is configured, but just refuse to generate new keys and log that prominently. I have fixed the other two RC bugs, and I am lowering the severity on this one, as this is how the OpenDNSSEC have worked since the beginning. Cheers, -- Ondřej Surý <ond...@sury.org> Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware, fast DNS(SEC) resolver Vše pro chleba (https://vseprochleba.cz) – Mouky ze mlýna a potřeby pro pečení chleba všeho druhu
