Robert Luberda wrote:
> Upgraded dns-root-data should declare "Breaks: dnsmasq (<< 2.77-1~)",
> see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863896#15
A "Breaks" doesn't really make sense here. There are only cosmetic
differences between the root.ds file format generated by previous
versions of dns-root-data and the current version in testing/unstable.
If we're going to make another dns-root-data upload for stretch we
should just switch the format to something that dnsmasq in testing can
understand.
Something like this in root.ds would support both the ad hoc sed parsers
in dnsmasq 2.76-5 (testing) and dnsmasq 2.77-1:
. IN DS 19036 8 2
49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5
. IN DS 20326 8 2
e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
The attached patch implements this format.
(BTW, I'm not sure what's going on with the just-uploaded sed parser in
dnsmasq 2.77-2. It generates the message "sed: -e expression #1, char
103: Invalid range end" when I try to run it.)
--
Robert Edmonds
edmo...@debian.org
>From bf353876ab64a7c3afe9c72ea8019d6df89bbf42 Mon Sep 17 00:00:00 2001
From: Robert Edmonds <edmo...@debian.org>
Date: Tue, 6 Jun 2017 00:55:19 -0400
Subject: [PATCH] Change DS creation to omit TTL and use spaces instead of tabs
(Closes: #864016)
The version of dnsmasq in testing (currently 2.76-5) and which will
apparently be released with stretch uses the following sed parser to
convert the root.ds file in dns-root-data to command-line arguments for
dnsmasq:
sed -e s/". IN DS "/--trust-anchor=.,/ -e s/" "/,/g $ROOT_DS
This chokes on the root.ds file shipped in the dns-root-data 2017041101
package. (See #858506 and #860064.) Consequently dnsmasq 2.77-1 shipped
the following parser:
sed -e s/"^.*DS[\t ]"/--trust-anchor=.,/ -e s/" "/,/g $ROOT_DS
This commit relaxes the format of the root.ds file so that it can be
parsed by the init script in both dnsmasq 2.76-5 and dnsmasq 2.77-1, by
removing the TTL field (which doesn't make much sense for a trust anchor
anyway) and converting the tab characters to spaces. This results in the
following root.ds content:
. IN DS 19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5
. IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
Both the dnsmasq 2.76-5 and 2.77-1 parsers convert the above root.ds
content to the following dnsmasq command-line arguments:
--trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5
--trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
For comparison, previous versions of dns-root-data (before we started
shipping the second trust anchor for the KSK rollover) formatted the
root.ds file like this:
. IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
This commit also adds a workaround in debian/rules to munge the output
of ldns-key2ds so that the diff comparison will succeed.
---
debian/rules | 2 +-
parse-root-anchors.sh | 4 +---
2 files changed, 2 insertions(+), 4 deletions(-)
diff --git a/debian/rules b/debian/rules
index 16893f5..b697fc0 100755
--- a/debian/rules
+++ b/debian/rules
@@ -18,7 +18,7 @@ override_dh_auto_build:
./parse-root-anchors.sh < root-anchors.xml > root-anchors.ds
# Create key from downloaded root.key
- /usr/bin/ldns-key2ds -n -2 root.key > root.ds
+ /usr/bin/ldns-key2ds -n -2 root.key | sed -e 's/\t/ /g' -e 's/ 172800//' > root.ds
# Compare the DS from root.key and from root-anchors.xml
diff root-anchors.ds root.ds
diff --git a/parse-root-anchors.sh b/parse-root-anchors.sh
index 3f96d69..4281534 100755
--- a/parse-root-anchors.sh
+++ b/parse-root-anchors.sh
@@ -2,8 +2,6 @@
unset ZONE KTAG ALGO DTYPE DIGEST
-TTL=172800
-
export IFS="="
xml2 | while read -r KEY VAL; do
case "$KEY" in
@@ -17,7 +15,7 @@ xml2 | while read -r KEY VAL; do
echo "Missing some KeyDigest parameter"
exit 1
fi
- printf "%s\t%s\tIN\tDS\t%s %s %s %s\n" "$ZONE" "$TTL" "$KTAG" "$ALGO" "$DTYPE" "$DIGEST"
+ printf "%s IN DS %s %s %s %s\n" "$ZONE" "$KTAG" "$ALGO" "$DTYPE" "$DIGEST"
unset KTAG ALGO DTYPE DIGEST
;;
esac
--
2.11.0
