Your message dated Sat, 27 Apr 2019 11:14:32 +0100
with message-id <[email protected]>
and subject line Closing bugs for updates included in 9.9
has caused the Debian Bug report #925351,
regarding stretch-pu: package dns-root-data/2019031302~deb9u1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
925351: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925351
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: [email protected]
Usertags: pu
Control: affects -1 src:dns-root-data
Please consider an update to dns-root-data in debian stretch.
This package reflects the state of the network, and keeping it current
is useful for all the packages that depend on it. In particular, it
removes a DNSSEC root key that is expired.
For future DNSSEC root key rollovers, we should do something better than
a package upgrade (see https://bugs.debian.org/925349) but for now this
is the least restrictive change.
The debdiff from the previous version in stretch is attached.
This proposed release is also available at the
"debian/2019031302_deb9u1" tag on the "debian/stretch" branch at
the git repo for dns-root-data packaging:
https://salsa.debian.org/dns-team/dns-root-data
Please followup on this ticket to confirm whether I should upload this
revision to stretch.
Thanks for helping to maintain debian's stable release!
--dkg
diff --git publicsuffix-2017072601~deb9u1/debian/changelog publicsuffix-2019031302~deb9u1/debian/changelog
index 036aebe..660bdd3 100644
--- publicsuffix-2017072601~deb9u1/debian/changelog
+++ publicsuffix-2019031302~deb9u1/debian/changelog
@@ -1,3 +1,19 @@
+dns-root-data (2019031302~deb9u1) stretch; urgency=medium
+
+ * Rebuild for stretch-backports.
+ * d/control: move Vcs-* to salsa.debian.org
+ * d/control: use [email protected] as Maintainer
+ * sort generated .ds files by key tag
+ * Update root.hints to 2018013001
+ * Update order of root.key to follow output of unbound-anchor
+ * use DEP-14 branches
+ * update root data to 2019031302
+ * parse-root-anchors.sh: account for validity windows
+ * check: deliberately skip the TTL generated by ldns-key2ds
+ * add myself to uploaders
+
+ -- Daniel Kahn Gillmor <[email protected]> Sat, 23 Mar 2019 15:43:27 +0100
+
dns-root-data (2017072601~deb9u1) stretch; urgency=high
* Update root.hints to 2017072601 version
diff --git publicsuffix-2017072601~deb9u1/debian/control publicsuffix-2019031302~deb9u1/debian/control
index 8413872..bd0ab25 100644
--- publicsuffix-2017072601~deb9u1/debian/control
+++ publicsuffix-2019031302~deb9u1/debian/control
@@ -1,8 +1,9 @@
Source: dns-root-data
Section: misc
Priority: optional
-Maintainer: Debian DNS Maintainers <[email protected]>
+Maintainer: dns-root-data packagers <[email protected]>
Uploaders: Ondřej Surý <[email protected]>,
+ Daniel Kahn Gillmor <[email protected]>,
Robert Edmonds <[email protected]>
Build-Depends: debhelper (>= 8.0.0),
unbound-anchor,
@@ -11,8 +12,8 @@ Build-Depends: debhelper (>= 8.0.0),
xml2
Standards-Version: 3.9.6
Homepage: https://data.iana.org/root-anchors/
-Vcs-Git: git://git.debian.org/pkg-dns/dns-root-data.git
-Vcs-Browser: http://git.debian.org/?p=pkg-dns/dns-root-data.git;a=summary
+Vcs-Git: https://salsa.debian.org/dns-team/dns-root-data.git -b debian/stretch
+Vcs-Browser: https://salsa.debian.org/dns-team/dns-root-data
Package: dns-root-data
Architecture: all
diff --git publicsuffix-2017072601~deb9u1/debian/gbp.conf publicsuffix-2019031302~deb9u1/debian/gbp.conf
index 3b27f6d..9453f5b 100644
--- publicsuffix-2017072601~deb9u1/debian/gbp.conf
+++ publicsuffix-2019031302~deb9u1/debian/gbp.conf
@@ -1,2 +1,2 @@
[DEFAULT]
-debian-branch = master-stretch
+debian-branch = debian/stretch
diff --git publicsuffix-2017072601~deb9u1/debian/rules publicsuffix-2019031302~deb9u1/debian/rules
index b697fc0..453b594 100755
--- publicsuffix-2017072601~deb9u1/debian/rules
+++ publicsuffix-2019031302~deb9u1/debian/rules
@@ -15,13 +15,13 @@ override_dh_auto_build:
openssl smime -verify -noverify -inform DER -in root-anchors.p7s -content root-anchors.xml
# Create key from validated root-anchors.xml
- ./parse-root-anchors.sh < root-anchors.xml > root-anchors.ds
+ ./parse-root-anchors.sh < root-anchors.xml | sort -k 4 -n > root-anchors.ds
# Create key from downloaded root.key
- /usr/bin/ldns-key2ds -n -2 root.key | sed -e 's/\t/ /g' -e 's/ 172800//' > root.ds
+ /usr/bin/ldns-key2ds -n -2 root.key | cut --fields=1,3- --output-delimiter=' ' | sort -k 4 -n > root.ds
# Compare the DS from root.key and from root-anchors.xml
- diff root-anchors.ds root.ds
+ diff -u root-anchors.ds root.ds
override_dh_auto_clean:
rm -f root-anchors.ds root.ds
diff --git publicsuffix-2017072601~deb9u1/parse-root-anchors.sh publicsuffix-2019031302~deb9u1/parse-root-anchors.sh
index 4281534..eb1696b 100755
--- publicsuffix-2017072601~deb9u1/parse-root-anchors.sh
+++ publicsuffix-2019031302~deb9u1/parse-root-anchors.sh
@@ -1,6 +1,6 @@
#!/bin/sh
-unset ZONE KTAG ALGO DTYPE DIGEST
+unset ZONE KTAG ALGO DTYPE DIGEST EXPIRES BEGINS
export IFS="="
xml2 | while read -r KEY VAL; do
@@ -9,14 +9,22 @@ xml2 | while read -r KEY VAL; do
"/TrustAnchor/KeyDigest/KeyTag") KTAG="$VAL";;
"/TrustAnchor/KeyDigest/Algorithm") ALGO="$VAL";;
"/TrustAnchor/KeyDigest/DigestType") DTYPE="$VAL";;
+ "/TrustAnchor/KeyDigest/@validUntil") EXPIRES="$VAL";;
+ "/TrustAnchor/KeyDigest/@validFrom") BEGINS="$VAL";;
"/TrustAnchor/KeyDigest/Digest")
DIGEST="$(echo "$VAL" | tr "[:upper:]" "[:lower:]")"
if [ -z "$ZONE" ] || [ -z "$KTAG" ] || [ -z "$ALGO" ] || [ -z "$DTYPE" ]; then
echo "Missing some KeyDigest parameter"
exit 1
fi
- printf "%s IN DS %s %s %s %s\n" "$ZONE" "$KTAG" "$ALGO" "$DTYPE" "$DIGEST"
- unset KTAG ALGO DTYPE DIGEST
+ if [ -n "$EXPIRES" ] && [ "$(date +%s -d "$EXPIRES")" -lt "$(date +%s)" ]; then
+ printf 'Digest %s expired on %s\n' "$DIGEST" "$EXPIRES" >&2
+ elif [ -n "$BEGINS" ] && [ "$(date +%s -d "$BEGINS")" -gt "$(date +%s)" ]; then
+ printf 'Digest %s will not be valid until %s\n' "$DIGEST" "$BEGINS" >&2
+ else
+ printf "%s IN DS %s %s %s %s\n" "$ZONE" "$KTAG" "$ALGO" "$DTYPE" "$DIGEST"
+ fi
+ unset KTAG ALGO DTYPE DIGEST EXPIRES BEGINS
;;
esac
done
diff --git publicsuffix-2017072601~deb9u1/root-anchors.p7s publicsuffix-2019031302~deb9u1/root-anchors.p7s
index ee06fe5..ff40c7a 100644
Binary files publicsuffix-2017072601~deb9u1/root-anchors.p7s and publicsuffix-2019031302~deb9u1/root-anchors.p7s differ
diff --git publicsuffix-2017072601~deb9u1/root-anchors.xml publicsuffix-2019031302~deb9u1/root-anchors.xml
index bf84089..3536f08 100644
--- publicsuffix-2017072601~deb9u1/root-anchors.xml
+++ publicsuffix-2019031302~deb9u1/root-anchors.xml
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
-<TrustAnchor id="0AF79DEA-A7CD-43DC-9EDD-AD241CA63AE2" source="http://data.iana.org/root-anchors/root-anchors.xml";>
+<TrustAnchor id="380DC50D-484E-40D0-A3AE-68F2B18F61C7" source="http://data.iana.org/root-anchors/root-anchors.xml";>
<Zone>.</Zone>
-<KeyDigest id="Kjqmt7v" validFrom="2010-07-15T00:00:00+00:00">
+<KeyDigest id="Kjqmt7v" validFrom="2010-07-15T00:00:00+00:00" validUntil="2019-01-11T00:00:00+00:00">
<KeyTag>19036</KeyTag>
<Algorithm>8</Algorithm>
<DigestType>2</DigestType>
diff --git publicsuffix-2017072601~deb9u1/root.hints publicsuffix-2019031302~deb9u1/root.hints
index 86cd815..cfb7094 100644
--- publicsuffix-2017072601~deb9u1/root.hints
+++ publicsuffix-2019031302~deb9u1/root.hints
@@ -9,8 +9,8 @@
; on server FTP.INTERNIC.NET
; -OR- RS.INTERNIC.NET
;
-; last update: July 26, 2017
-; related version of root zone: 2017072601
+; last update: March 13, 2019
+; related version of root zone: 2019031302
;
; FORMERLY NS.INTERNIC.NET
;
@@ -21,7 +21,7 @@ A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30
; FORMERLY NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
-B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
+B.ROOT-SERVERS.NET. 3600000 A 199.9.14.201
B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:200::b
;
; FORMERLY C.PSI.NET
diff --git publicsuffix-2017072601~deb9u1/root.key publicsuffix-2019031302~deb9u1/root.key
index af563d6..e8941ce 100644
--- publicsuffix-2017072601~deb9u1/root.key
+++ publicsuffix-2019031302~deb9u1/root.key
@@ -1,2 +1 @@
-. 172800 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= ;{id = 19036 (ksk), size = 2048b} ;;state=2 [ VALID ]
-. 172800 IN DNSKEY 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ;{id = 20326 (ksk), size = 2048b} ;;state=2 [ VALID ]
+. 86400 IN DNSKEY 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ;{id = 20326 (ksk), size = 2048b} ;;state=2 [ VALID ]
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Version: 9.9
Hi,
The update referenced by each of these bugs was included in this
morning's stretch point release.
Regards,
Adam
--- End Message ---
