Well, servers are following -current on amd64 but reinstalled (-r) opendnssec package using the version from stable (7.0, amd64) instead of the snapshots version. It solved the issue and servers regained capacity to sign with the ed25519 keys in use. There is something about that last commit that really broke opendnssec capacity to use ed25519 keys already in place. PpMiguel
On Mon, 6 Dec 2021, 01:18 Pp Xyz, <[email protected]> wrote: > I am sorry if I'm missing something but can't figure this one out... > Did the last commit to by sthen on 2021/11/28 to opendnssec port with > patches for libhsm break servers using ed25519 keys by removing ability to > sign or resign the zones with current keys? > Nothing else changed on my servers, keys are listed and seem ok. > Have a few domains using ed25519 keys, all stopped signing after last > commit. > > Log repeats same over and over: > > ods-signerd : [hsm] error signing rrset with libhsm > ods-signerd : [rrset] unable to sign RRset[50]: lhsm_sign() failed > > Anyone else has same problem? > Is there a way to recover the signing capability? > > Thanks in advance for your help and thank you to all Devs for such great > work >
