Robert Luberda wrote: > Upgraded dns-root-data should declare "Breaks: dnsmasq (<< 2.77-1~)", > see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863896#15
A "Breaks" doesn't really make sense here. There are only cosmetic differences between the root.ds file format generated by previous versions of dns-root-data and the current version in testing/unstable. If we're going to make another dns-root-data upload for stretch we should just switch the format to something that dnsmasq in testing can understand. Something like this in root.ds would support both the ad hoc sed parsers in dnsmasq 2.76-5 (testing) and dnsmasq 2.77-1: . IN DS 19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 . IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d The attached patch implements this format. (BTW, I'm not sure what's going on with the just-uploaded sed parser in dnsmasq 2.77-2. It generates the message "sed: -e expression #1, char 103: Invalid range end" when I try to run it.) -- Robert Edmonds [email protected]
>From bf353876ab64a7c3afe9c72ea8019d6df89bbf42 Mon Sep 17 00:00:00 2001 From: Robert Edmonds <[email protected]> Date: Tue, 6 Jun 2017 00:55:19 -0400 Subject: [PATCH] Change DS creation to omit TTL and use spaces instead of tabs (Closes: #864016) The version of dnsmasq in testing (currently 2.76-5) and which will apparently be released with stretch uses the following sed parser to convert the root.ds file in dns-root-data to command-line arguments for dnsmasq: sed -e s/". IN DS "/--trust-anchor=.,/ -e s/" "/,/g $ROOT_DS This chokes on the root.ds file shipped in the dns-root-data 2017041101 package. (See #858506 and #860064.) Consequently dnsmasq 2.77-1 shipped the following parser: sed -e s/"^.*DS[\t ]"/--trust-anchor=.,/ -e s/" "/,/g $ROOT_DS This commit relaxes the format of the root.ds file so that it can be parsed by the init script in both dnsmasq 2.76-5 and dnsmasq 2.77-1, by removing the TTL field (which doesn't make much sense for a trust anchor anyway) and converting the tab characters to spaces. This results in the following root.ds content: . IN DS 19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 . IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d Both the dnsmasq 2.76-5 and 2.77-1 parsers convert the above root.ds content to the following dnsmasq command-line arguments: --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d For comparison, previous versions of dns-root-data (before we started shipping the second trust anchor for the KSK rollover) formatted the root.ds file like this: . IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5 This commit also adds a workaround in debian/rules to munge the output of ldns-key2ds so that the diff comparison will succeed. --- debian/rules | 2 +- parse-root-anchors.sh | 4 +--- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/debian/rules b/debian/rules index 16893f5..b697fc0 100755 --- a/debian/rules +++ b/debian/rules @@ -18,7 +18,7 @@ override_dh_auto_build: ./parse-root-anchors.sh < root-anchors.xml > root-anchors.ds # Create key from downloaded root.key - /usr/bin/ldns-key2ds -n -2 root.key > root.ds + /usr/bin/ldns-key2ds -n -2 root.key | sed -e 's/\t/ /g' -e 's/ 172800//' > root.ds # Compare the DS from root.key and from root-anchors.xml diff root-anchors.ds root.ds diff --git a/parse-root-anchors.sh b/parse-root-anchors.sh index 3f96d69..4281534 100755 --- a/parse-root-anchors.sh +++ b/parse-root-anchors.sh @@ -2,8 +2,6 @@ unset ZONE KTAG ALGO DTYPE DIGEST -TTL=172800 - export IFS="=" xml2 | while read -r KEY VAL; do case "$KEY" in @@ -17,7 +15,7 @@ xml2 | while read -r KEY VAL; do echo "Missing some KeyDigest parameter" exit 1 fi - printf "%s\t%s\tIN\tDS\t%s %s %s %s\n" "$ZONE" "$TTL" "$KTAG" "$ALGO" "$DTYPE" "$DIGEST" + printf "%s IN DS %s %s %s %s\n" "$ZONE" "$KTAG" "$ALGO" "$DTYPE" "$DIGEST" unset KTAG ALGO DTYPE DIGEST ;; esac -- 2.11.0
