Re: [Opendnssec-user] Release candidate for OpenDNSSEC 2.1.8

Sun, 22 Nov 2020 22:13:08 -0800 

On Fri, 20 Nov 2020 12:30:34 +0100
Stefan Ubbink via Opendnssec-user
<[email protected]> wrote:

> On Wed, 18 Nov 2020 13:22:50 +0100
> "\(Berry\) A.W. van Halderen via Opendnssec-user"
> <[email protected]> wrote:
> 
> > To the key purge problem.  Either when manually purging keys, or
> > having specified a <Purge> in your key policy (kasp.xml), the keys
> > are suppost to be removed from the HSM.  However, for some time, the
> > keys were marked for deletion, and became invisible, but the removal
> > from the HSM was skipped.  In this release candidate this is fixed,
> > but still allowing keys not to be removed entirely.  When you
> > specify an automatic purge then the keys will, after the specified
> > period, will be completely removed.  When you purge manually, keys
> > are not removed from the HSM unless you specify an additional flag
> > (the --delete or -d flag).  
> 
> A minor point for improvement, the enforcer/man/ods-enforcer.8.in file
> has not been updated to describe the --delete or -d flag.

It seems I am not reading the above description correctly. Because when
I use the --delete option for purging keys, I get the following result:

root@signt1:~# ods-enforcer key purge --zone=politie --delete
unknown arguments
Error parsing arguments key purge command line key purge --zone=politie --delete
Usage:

key purge
        --policy <policy> | --zone <zone>       aka -p | -z
root@signt1:~# ods-enforcer --version
opendnssec version 2.1.8rc1
root@signt1:~#

The log shows the following:
Nov 23 07:08:38 signt1 ods-enforcerd: received command key purge --zone=politie 
--delete
Nov 23 07:08:38 signt1 ods-enforcerd: [key_purge_cmd] unknown arguments for key 
purge command

What am I missing?

-- 
Stefan Ubbink
DNS & Systems Engineer
Present: Mon, Tue, Wed, Fri
SIDN | Meander 501 | 6825 MD | ARNHEM | The Netherlands
T +31 (0)26 352 55 00
https://www.sidn.nl

Attachment: pgpovTkoHPFVt.pgp
Description: OpenPGP digital signature

_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user

Reply via email to