Commit 08731cf1 authored by Tomas Krizek's avatar Tomas Krizek

distro/deb: sync keyfile-ro patch from debian

parent a4124983
From fff3b5513a48e225fa8fa49899ba1f376552fa99 Mon Sep 17 00:00:00 2001
From: Tomas Krizek <tomas.krizek@nic.cz>
Date: Tue, 27 Feb 2018 18:05:08 +0100
Subject: [PATCH] Update documentation of --keyfile-ro
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Sat, 17 Feb 2018 15:52:20 -0500
Subject: Update documentation of --keyfile-ro
On Debian systems, we depend on the OS package management to update
the dns root data. Make the documentation for running with this
option less scary-sounding, as it is the default.
---
doc/kresd.8.in | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
doc/kresd.8.in | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/doc/kresd.8.in b/doc/kresd.8.in
index 266e9f05..05a9dd67 100644
index 266e9f0..6c5195b 100644
--- a/doc/kresd.8.in
+++ b/doc/kresd.8.in
@@ -123,7 +123,7 @@ file at the default location (\fIconfig\fR). The syntax is
......@@ -23,21 +22,20 @@ index 266e9f05..05a9dd67 100644
Root trust anchors in this file are managed using standard RFC 5011 (Automated Updates of DNS Security Trust Anchors).
Kresd needs write access to the directory containing the keyfile.
@@ -134,9 +134,12 @@ The file contains DNSKEY/DS records in presentation format,
@@ -134,9 +134,14 @@ The file contains DNSKEY/DS records in presentation format,
and is compatible with Unbound and BIND 9 root key files.
.TP
.B \-K\fI keyfile\fR, \fB\-\-keyfile\-ro=\fI<keyfile>
-(Discouraged) Static root trust anchors file. The file is not updated by kresd. Use of this option is discouraged because it will break your installation when the trust anchor key changes!
+Static root trust anchors file. The file is not updated by
+kresd. Please ensure that any running kresd instances are restarted if
+the trust anchors change. (On Debian, this should happen automatically
+on upgrade of the dns-root-data package).
+the trust anchors change. (On Debian, kresd will be restarted
+automatically when the dns-root-data package updates
+/usr/share/dns/root.key, so nothing extra needs to be done unless you
+diverge from the default here.)
-Default: "@KEYFILE_DEFAULT@" (can be empty if your distribution did not provide one)
+Default: "@KEYFILE_DEFAULT@"
.TP
.B \-m\fI path\fR, \fB\-\-moduledir=\fI<path>
Override the directory that is searched for modules. Default: @MODULEDIR@
--
2.14.3
0002-Update-documentation-of-keyfile-ro.patch
0001-Update-documentation-of-keyfile-ro.patch
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment