From yuri at nlnetlabs.nl Thu Apr 5 08:40:40 2012 From: yuri at nlnetlabs.nl (Yuri Schaeffer) Date: Thu, 05 Apr 2012 10:40:40 +0200 Subject: [Opendnssec-develop] Bash completion Message-ID: <4F7D5A88.7000506@nlnetlabs.nl> I've picked up coding again and found myself typing a lot. Therefore I hacked a basic bash autocompletion script. It only supports enforcerng for now. I think it could be useful for others as well. Attached. On my system it lives in "/etc/bash_completion.d/opendnssec" //yuri -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: opendnssec URL: From yuri at nlnetlabs.nl Thu Apr 5 10:41:56 2012 From: yuri at nlnetlabs.nl (Yuri Schaeffer) Date: Thu, 05 Apr 2012 12:41:56 +0200 Subject: [Opendnssec-develop] Bash completion In-Reply-To: <4F7D5A88.7000506@nlnetlabs.nl> References: <4F7D5A88.7000506@nlnetlabs.nl> Message-ID: <4F7D76F4.2030900@nlnetlabs.nl> Just committed a new version to home/yuri/bash_completion which tries to complete --zone,--id,--keytag,--policy for ods-enforcer by calling ods-enforcer. :) //yuri From rickard at opendnssec.org Mon Apr 9 19:52:11 2012 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Mon, 9 Apr 2012 21:52:11 +0200 Subject: [Opendnssec-develop] Meeting 2012-04-10 Message-ID: Hi We have a meeting tomorrow. Please use the phone number sent by Sion on the otr-list. Date: Tuesday 10 April Time: 15:00-16:00 CEST, 14:00-15:00 BST Agenda: https://wiki.opendnssec.org/display/OpenDNSSEC/2012-04-10+Agenda // Rickard From Roland.vanRijswijk at surfnet.nl Tue Apr 10 10:08:37 2012 From: Roland.vanRijswijk at surfnet.nl (Roland van Rijswijk) Date: Tue, 10 Apr 2012 12:08:37 +0200 Subject: [Opendnssec-develop] Reminder: Enforcer NG telecon today at 13:00h CEST Message-ID: Hi all, Just a friendly reminder that we have an Enforcer NG telecon scheduled for today at 13:00h CEST. Here are the conference details: Dial-in to +31-30-2040323 Conference PIN: 030003 Cheers, Roland -- Roland M. van Rijswijk -- SURFnet Middleware Services -- t: +31-30-2305388 -- e: roland.vanrijswijk at surfnet.nl From jerry at opendnssec.org Tue Apr 10 10:14:34 2012 From: jerry at opendnssec.org (=?ISO-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Tue, 10 Apr 2012 12:14:34 +0200 Subject: [Opendnssec-develop] Reminder: Enforcer NG telecon today at 13:00h CEST In-Reply-To: References: Message-ID: On Tue, Apr 10, 2012 at 12:08 PM, Roland van Rijswijk wrote: > Just a friendly reminder that we have an Enforcer NG telecon scheduled for today at 13:00h CEST. Here are the conference details: I have this down at 14.00 CEST, wasnt that what we agreed? /Jerry From yuri at nlnetlabs.nl Tue Apr 10 10:37:26 2012 From: yuri at nlnetlabs.nl (Yuri Schaeffer) Date: Tue, 10 Apr 2012 12:37:26 +0200 Subject: [Opendnssec-develop] Reminder: Enforcer NG telecon today at 13:00h CEST In-Reply-To: References: Message-ID: <4F840D66.1070005@nlnetlabs.nl> >> Just a friendly reminder that we have an Enforcer NG telecon scheduled for today at 13:00h CEST. Here are the conference details: > I have this down at 14.00 CEST, wasnt that what we agreed? My agenda says 1400 as well... //yuri From Roland.vanRijswijk at surfnet.nl Tue Apr 10 10:50:46 2012 From: Roland.vanRijswijk at surfnet.nl (Roland van Rijswijk) Date: Tue, 10 Apr 2012 12:50:46 +0200 Subject: [Opendnssec-develop] Reminder: Enforcer NG telecon today at 13:00h CEST In-Reply-To: References: Message-ID: <4CB12BA3-F149-4F0A-977D-D9DC200FD39F@surfnet.nl> On 10 apr. 2012, at 12:14, Jerry Lundstr?m wrote: > On Tue, Apr 10, 2012 at 12:08 PM, Roland van Rijswijk > wrote: >> Just a friendly reminder that we have an Enforcer NG telecon scheduled for today at 13:00h CEST. Here are the conference details: > > I have this down at 14.00 CEST, wasnt that what we agreed? You're absolutely right, apologies everyone, it's at 14:00h CEST. Cheers, Roland -- Roland M. van Rijswijk -- SURFnet Middleware Services -- t: +31-30-2305388 -- e: roland.vanrijswijk at surfnet.nl From Roland.vanRijswijk at surfnet.nl Tue Apr 10 12:25:59 2012 From: Roland.vanRijswijk at surfnet.nl (Roland van Rijswijk) Date: Tue, 10 Apr 2012 14:25:59 +0200 Subject: [Opendnssec-develop] Enforcer NG meeting minutes 20120410 Message-ID: <2F7D583E-5D55-4737-A6DA-BD84EB324A00@surfnet.nl> Hi guys, The meeting minutes for today's Enforcer NG telecon are online: https://wiki.opendnssec.org/display/OpenDNSSEC/2012-04-10+-+Enforcer+NG+telecon Cheers, Roland -- Roland M. van Rijswijk -- SURFnet Middleware Services -- t: +31-30-2305388 -- e: roland.vanrijswijk at surfnet.nl From rick at openfortress.nl Tue Apr 10 14:43:20 2012 From: rick at openfortress.nl (Rick van Rein) Date: Tue, 10 Apr 2012 14:43:20 +0000 Subject: [Opendnssec-develop] Meeting notes of 2012-04-10 Message-ID: <20120410144320.GC9242@newphantom.local> Hello, I've put up the meeting notes for today's General Meeting about OpenDNSSEC: https://wiki.opendnssec.org/display/OpenDNSSEC/2012-04-10+Minut +es I also took the liberty to put up the next agenda, so I could sneak in the date of Sion's email about the teleconf info. -Rick From rick at openfortress.nl Sun Apr 15 22:16:23 2012 From: rick at openfortress.nl (Rick van Rein) Date: Sun, 15 Apr 2012 22:16:23 +0000 Subject: [Opendnssec-develop] ZKT migration page Message-ID: <20120415221623.GA5003@newphantom.local> Hello, I've finished the promised documentation page on migration from ZKT to OpenDNSSEC. Feedback or updates are most welcome. https://wiki.opendnssec.org/display/DOCS/Migrating+from+ZKT Cheers, -Rick From jakob at kirei.se Tue Apr 17 13:04:24 2012 From: jakob at kirei.se (Jakob Schlyter) Date: Tue, 17 Apr 2012 15:04:24 +0200 Subject: [Opendnssec-develop] Proposed KASP changes for 1.4/trunk Message-ID: I think we should consider increasing the default signature lifetime to 14 days and the ZSK lifetime to 90 days. What say you? jakob Index: kasp.xml.in =================================================================== --- kasp.xml.in (revision 6260) +++ kasp.xml.in (working copy) @@ -21,8 +21,8 @@ PT2H P3D - P7D - P7D + P14D + P14D PT12H PT3600S @@ -58,7 +58,7 @@ 8 - P30D + P90D SoftHSM -- Jakob Schlyter Kirei AB - http://www.kirei.se/ From matthijs at nlnetlabs.nl Tue Apr 17 13:07:50 2012 From: matthijs at nlnetlabs.nl (Matthijs Mekking) Date: Tue, 17 Apr 2012 15:07:50 +0200 Subject: [Opendnssec-develop] Proposed KASP changes for 1.4/trunk In-Reply-To: References: Message-ID: <4F8D6B26.80706@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yes. On 04/17/2012 03:04 PM, Jakob Schlyter wrote: > I think we should consider increasing the default signature > lifetime to 14 days and the ZSK lifetime to 90 days. > > What say you? > > jakob > > > Index: kasp.xml.in > =================================================================== > > - --- kasp.xml.in (revision 6260) > +++ kasp.xml.in (working copy) @@ -21,8 +21,8 @@ > PT2H P3D - > P7D - P7D + > P14D + P14D > PT12H PT3600S > @@ -58,7 +58,7 @@ length="1024">8 - P30D + > P90D SoftHSM > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPjWskAAoJEA8yVCPsQCW5H7wH/2ktWYHgNxe8Ly9FHoExOSMG ERsHYE92zd/BZtiWpfmKq2nXll5UEeHbCcYUSmMTllpbcxKPUhveAZUGKYGjZfIq Z7QvnnJSqhh5xk2aOWteN0M1izwpG/3OTrD/EPJi1cqWb6ZjGZxIqyoNCQwMfLOm mqHdNixjlIMP9j+zFKEEuCeqnTMFWAJX9gTtmvAu7OK/6XBgZB9l5In32aH9H+Kv D6OaHN8GEmWMjT1g47s5jveqFOEF3eyn74ts457iY46SW7nAwWZ116PcjZr6lz6D jgBPD7MOUno8GQdkv8AF7A9v9wjaVUySm3M6RdY2TiX+RYkk1cEih6hK0/3R+78= =qbEB -----END PGP SIGNATURE----- From rickard at opendnssec.org Tue Apr 17 14:10:28 2012 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Tue, 17 Apr 2012 16:10:28 +0200 Subject: [Opendnssec-develop] Proposed KASP changes for 1.4/trunk In-Reply-To: References: Message-ID: > I think we should consider increasing the default signature lifetime to 14 days and the ZSK lifetime to 90 days. > > What say you? Ok From Roland.vanRijswijk at surfnet.nl Tue Apr 17 14:54:57 2012 From: Roland.vanRijswijk at surfnet.nl (Roland van Rijswijk) Date: Tue, 17 Apr 2012 16:54:57 +0200 Subject: [Opendnssec-develop] Proposed KASP changes for 1.4/trunk In-Reply-To: References: Message-ID: <1033737E-CBE8-480D-A4DA-FA6FFF898F14@surfnet.nl> +1 On 17 apr. 2012, at 15:04, Jakob Schlyter wrote: > I think we should consider increasing the default signature lifetime to 14 days and the ZSK lifetime to 90 days. > > What say you? > > jakob > > > Index: kasp.xml.in > =================================================================== > --- kasp.xml.in (revision 6260) > +++ kasp.xml.in (working copy) > @@ -21,8 +21,8 @@ > PT2H > P3D > > - P7D > - P7D > + P14D > + P14D > > PT12H > PT3600S > @@ -58,7 +58,7 @@ > > > 8 > - P30D > + P90D > SoftHSM > > > > -- > Jakob Schlyter > Kirei AB - http://www.kirei.se/ > > _______________________________________________ > Opendnssec-develop mailing list > Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop -- Roland M. van Rijswijk -- SURFnet Middleware Services -- t: +31-30-2305388 -- e: roland.vanrijswijk at surfnet.nl From sion at nominet.org.uk Wed Apr 18 07:27:14 2012 From: sion at nominet.org.uk (Sion Lloyd) Date: Wed, 18 Apr 2012 07:27:14 +0000 Subject: [Opendnssec-develop] Proposed KASP changes for 1.4/trunk In-Reply-To: <1033737E-CBE8-480D-A4DA-FA6FFF898F14@surfnet.nl> References: , <1033737E-CBE8-480D-A4DA-FA6FFF898F14@surfnet.nl> Message-ID: +1 Should we communicate this change to the users list to encourage people to check their own policy? In case folk used the old defaults without noticing. ________________________________________ From: opendnssec-develop-bounces at lists.opendnssec.org [opendnssec-develop-bounces at lists.opendnssec.org] on behalf of Roland van Rijswijk [Roland.vanRijswijk at surfnet.nl] Sent: 17 April 2012 15:54 To: Jakob Schlyter Cc: Developers Subject: Re: [Opendnssec-develop] Proposed KASP changes for 1.4/trunk +1 On 17 apr. 2012, at 15:04, Jakob Schlyter wrote: > I think we should consider increasing the default signature lifetime to 14 days and the ZSK lifetime to 90 days. > > What say you? > > jakob > > > Index: kasp.xml.in > =================================================================== > --- kasp.xml.in (revision 6260) > +++ kasp.xml.in (working copy) > @@ -21,8 +21,8 @@ > PT2H > P3D > > - P7D > - P7D > + P14D > + P14D > > PT12H > PT3600S > @@ -58,7 +58,7 @@ > > > 8 > - P30D > + P90D > SoftHSM > > > > -- > Jakob Schlyter > Kirei AB - http://www.kirei.se/ > > _______________________________________________ > Opendnssec-develop mailing list > Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop -- Roland M. van Rijswijk -- SURFnet Middleware Services -- t: +31-30-2305388 -- e: roland.vanrijswijk at surfnet.nl _______________________________________________ Opendnssec-develop mailing list Opendnssec-develop at lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop From rickard at opendnssec.org Wed Apr 18 07:35:53 2012 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Wed, 18 Apr 2012 09:35:53 +0200 Subject: [Opendnssec-develop] ZKT migration page In-Reply-To: <20120415221623.GA5003@newphantom.local> References: <20120415221623.GA5003@newphantom.local> Message-ID: On Mon, Apr 16, 2012 at 12:16 AM, Rick van Rein wrote: > Hello, > > I've finished the promised documentation page on migration > from ZKT to OpenDNSSEC. ?Feedback or updates are most welcome. Great! I have some comments below: *** You should remove the line "$INCLUDE dnskey.db" from your zone.db file, as OpenDNSSEC will insert DNSKEY records by itself, while signing your zone. Forget this, and the signer will not be able to load your zone file. *** OpenDNSSEC can handle duplicate DNSKEY (DNSKEY in unsigned zone matches DNSKEY in signconf). So the issue was probably the path to the include file or that the Auditor does not support $INCLUDE. Think this section can be clarified. E.g. by just saying that OpenDNSSEC will add the DNSKEY RRset itself and does not need to be included in the unsigned zone. *** --algorithm 5 *** The value should come from SCHEME, right? *** Note that you may find that you have more than one KSK, and/or more than one ZSK. Assuming that all are active, you would import them all. You may need to vary the --keystate parameter in other cases, or make a clever decision to leave out those keys. *** It is not a good idea to import multiple active keys, since OpenDNSSEC only handles one active KSK and one active ZSK. Will ZKT ever have multiple active keys? If not, then just say that --keystate needs to adjusted for the other keys. // Rickard From rick at openfortress.nl Wed Apr 18 09:24:12 2012 From: rick at openfortress.nl (Rick van Rein) Date: Wed, 18 Apr 2012 09:24:12 +0000 Subject: [Opendnssec-develop] Proposed KASP changes for 1.4/trunk In-Reply-To: References: <1033737E-CBE8-480D-A4DA-FA6FFF898F14@surfnet.nl> Message-ID: <20120418092412.GA19287@newphantom.local> Hello, > Should we communicate this change to the users list to encourage people to check their own policy? In case folk used the old defaults without noticing. That is a good idea. Also, how to make the change on active domains (which is not the same as changing the policy file AFAIK). Important would be how to do this without security-downtime, of course. Since it involves (somewhat scary) work, a motivation should be part of it also. -Rick From jakob at kirei.se Wed Apr 18 12:47:56 2012 From: jakob at kirei.se (Jakob Schlyter) Date: Wed, 18 Apr 2012 14:47:56 +0200 Subject: [Opendnssec-develop] Proposed KASP changes for 1.4/trunk In-Reply-To: <20120418092412.GA19287@newphantom.local> References: <1033737E-CBE8-480D-A4DA-FA6FFF898F14@surfnet.nl> <20120418092412.GA19287@newphantom.local> Message-ID: <61B623B5-DAC9-44CD-AEFC-D78D5F929FBF@kirei.se> On 18 apr 2012, at 11:24, Rick van Rein wrote: > That is a good idea. Also, how to make the change on active domains (which > is not the same as changing the policy file AFAIK). Important would be > how to do this without security-downtime, of course. Since it involves > (somewhat scary) work, a motivation should be part of it also. I do believe the change is to update the policy and notify the enforcer, no? jakob From jakob at kirei.se Wed Apr 18 12:48:39 2012 From: jakob at kirei.se (Jakob Schlyter) Date: Wed, 18 Apr 2012 14:48:39 +0200 Subject: [Opendnssec-develop] Proposed KASP changes for 1.4/trunk In-Reply-To: References: , <1033737E-CBE8-480D-A4DA-FA6FFF898F14@surfnet.nl> Message-ID: <1EC8E77F-F2C0-473F-BAB0-C74BD52A0AE1@kirei.se> On 18 apr 2012, at 09:27, Sion Lloyd wrote: > +1 Change made in r6261. I will post a message to the users' list. jakob From matthijs at nlnetlabs.nl Thu Apr 19 07:53:59 2012 From: matthijs at nlnetlabs.nl (Matthijs Mekking) Date: Thu, 19 Apr 2012 09:53:59 +0200 Subject: [Opendnssec-develop] Re: [dnsext] Review of draft-ietf-dnsext-rfc1995bis-ixfr-00.txt (from Knot DNS team) In-Reply-To: <201204181900.VAA29701@TR-Sys.de> References: <201204181900.VAA29701@TR-Sys.de> Message-ID: <4F8FC497.3030106@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/18/2012 09:00 PM, Alfred ? wrote: ... >> 3) Section 2, last paragraph - why has to RRSIG(SOA) [to] follow >> the SOA in the AXFR-fallback example? > > Actually, there's no "MUST" requirement, but it is good practice in > AXFR implementations to group RRsets together in AXFR responses, > and, according to the base DNSSEC specs, the RRSIG(SOA) > conceptionally is part of the SOA RRset (except in the context of a > query for RRSIG, which does not apply here). However, server > implementations have found it convenient to send RRsets as > contiguous groups within AXFR responses (because of the manner they > are stored, for grouped inclusion in ordinary DNS responses); > similarly, for clients that choose to perform detailed plausibility > checks of received zone content before serving a new version of the > zone data, checking of consistency likely will comprise a check for > equality of TTL values within RRsets (Section 5.2 of RFC 2181), and > maybe even RRSIG verification, it is beneficial to receive the RRs > of RRsets grouped together (so that common DRAM cache replacement > algorithms make it much more likely to find the related RRs in the > most high-speed memeory comonents present in the system, and hence > processing will be much faster). Since IXFR is all about speed and > optimization of the zone synchronization process, such server > behavior is very desirable in IXFR implementations as well. > > Taking this into account, I have tentatively modified the draft > text to now say: > > "In contrast, in the case of fallback to AXFR, the IXFR response > would typically convey, in order:" ^^^^^^^^^^^ > > But if implementers do strongly prefer to have IXFR clients find > RRsets grouped together, or at leaest to have the RRSIG(SOA) RRs > always be placed at the beginning (in the case of IXFR fallback to > AXFR), we could make the RR order shown in the draft mandatory > (SHOULD or MUST) for IXFR servers. > > Opinions from other implementers? OpenDNSSEC 1.4.0a1 does indeed now transfer the zone in the order such that signatures follow the corresponding RRsets immediately. However, due to a change in the way we store the data in the backup files, that might change into first send all the RRsets, followed by all NSEC(3)s and finally all RRSIGs, because that's the order they are stored. You argue that this is disadvantageous for the IXFR client, but that is depending on the implementation I guess. In our case, it would be beneficial for the IXFR server to do otherwise. So at least, I would disagree with making the RR order more mandatory. Best regards, Matthijs >> 4) Section 6.2 - missing RFC2119 language; shoulds and mays are >> small caps, is that intentional? > > The server's purging behavior is difficult to test externally. It > is strongly recommended to use RFC 2119 terms sparingly and only in > cases where the behavior is needed for interoperability and can be > tested by observing externally visible behavior. > > The mandatory rules on "fallback to AXFR" IMO are sufficient to > ensure interoperability, and IXFR-ONLY is dedicated to address > efficiency issues that plague deployments in specific > circumstances, so the details of IXFR server purging behavior seem > to be local to implementations, subject to implementation-specific > resource management strategies and resource restrictions, and hence > out of the bailiwick of RFC 2119. ( :-) ) > > However, if the WG feels strong about having more detailed, yet > testable, requirements regarding the purging and condensation > strategy of IXFR servers (Sections 6.2 and 6.3 of the I-D), the > draft of course can be modified accordingly. > > >> >> 5) And today new question have arrised: "What should IXFR client >> do if it receives incomplete multichunked IXFR response?" A) >> discard whole transfer and start over; B) save usable chunks >> (e.g. use data to update zone from sn_o to sn_o+x, where sn_o+x < >> sn_n) > > Section 7.1 already is explicit in saying that an IXFR client > "MAY" follow strategy B). In particular, the draft says: > > |7. Client Behavior | | [...] | |7.1. Zone Integrity | | The > elaborations on Zone Integrity for AXFR in Section 6 of RFC 5936 | > [RFC5936] apply in a similar fashion for IXFR. | | However, during > the receipt of an incremental IXFR response, and upon | successful > processing of an SOA RR that serves as a sentinel for the | end of > any change information chunk, an IXFR client MAY immediately | > apply and commit to stable storage the SOA serial number change | > described by that chunk (and previous chunks, if not already > done). | This operation MUST externally appear as an atomar > operation. | | [...] > > Please revisit the full text in Section 7.1 for the detailed > considerations and tell us whether that is sufficient. > >> >> Ondrej on behalf of Lubos >> >> P.S.: Our Knot DNS team (different people than one of the authors >> of this document) will do a full review in WGLC. > > Thanks in advance! > > I hope that the chairs will proceed to issue WGLC on the upcoming > next draft version; experience has show that this is a strong > incentive for the WG to take a closer look at the document and > commenting on it. > >> ... {original draft announcement} > > > Kind regards, Alfred. > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPj8SWAAoJEA8yVCPsQCW5LYoIAK4OhT010si9+fBGzn8Rh4kd GYg5JRb+m2jswA/XfpktRrhWDWjea9xCXdh6QvZRQeHn/cPRQ0xw2XLHdFXKU5GT zHjXboYWNZTRnh1mDJdkGwLD5oYv0aOSAVMEeTnasDlmgR6St3IqIIQSlKZoeCS2 zThrdERTprzDjmjlcmZJZMc8h6pM2vQ7cpa5f98wATabBkwFIcu/9KZjbAfpUVbF 4RZu3HW4Wv75QjipXrMhtQVyaU2iNWznAvfXs4OOoIZwss7tcyoBz+cCMUXYxLKR JZLc2/l0+o3Cw/XBHXivF7XwrUtEsELYmW8SkLk+pLQRDBv2nUo0jsAVWC8dCTE= =b94B -----END PGP SIGNATURE----- From jakob at kirei.se Thu Apr 19 13:53:39 2012 From: jakob at kirei.se (Jakob Schlyter) Date: Thu, 19 Apr 2012 15:53:39 +0200 Subject: [Opendnssec-develop] ticket# in commit messages Message-ID: <2772CE68-6DE1-4D54-B2AD-ED76A0029148@kirei.se> Should we always include the ticket# in commit message regarding a specific issue? If so, what is the syntax? jakob From matthijs at nlnetlabs.nl Thu Apr 19 13:57:04 2012 From: matthijs at nlnetlabs.nl (Matthijs Mekking) Date: Thu, 19 Apr 2012 15:57:04 +0200 Subject: [Opendnssec-develop] ticket# in commit messages In-Reply-To: <2772CE68-6DE1-4D54-B2AD-ED76A0029148@kirei.se> References: <2772CE68-6DE1-4D54-B2AD-ED76A0029148@kirei.se> Message-ID: <4F9019B0.7050909@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I am doing that already, I believe the syntax is: OPENDNSSEC-XXX Where XXX is the bugreport number. Best regards, Matthijs On 04/19/2012 03:53 PM, Jakob Schlyter wrote: > Should we always include the ticket# in commit message regarding a > specific issue? If so, what is the syntax? > > jakob > > _______________________________________________ Opendnssec-develop > mailing list Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPkBmwAAoJEA8yVCPsQCW5pKoH/2I2hCrWGZFMB8dV//neMdci k6+KYPQEs0bA+pjrvV5mhk71pBEOs5q28qtuRSPV3hWvpdzavbJnIX+jKv9tQroH AqpDJggJ18MUJSltzdlPUYe7RxMXe9vwIwNJZVoeBAMk3T/b1YqW71Lyji2DW90C gZPif6zBpKyr3O5jmiA6yD67W+HFb0qRjF0oUS12vRkLjPZfvQ2L1LMHEJjD3twI 21vbStCQ7rSjrJMo58Ey/mYZOg+fPLmzQdSu2bCnVshcottuPXTgtPHXWchlGP9E PNpvHYUG1bvq+P11/yvx1xMsYHg/PKbAT1ZkyxGDsrRLAOq/kCT38uF04nnInFk= =i9kY -----END PGP SIGNATURE----- From jakob at kirei.se Mon Apr 23 08:04:30 2012 From: jakob at kirei.se (Jakob Schlyter) Date: Mon, 23 Apr 2012 10:04:30 +0200 Subject: [Opendnssec-develop] ticket# in commit messages In-Reply-To: <4F9019B0.7050909@nlnetlabs.nl> References: <2772CE68-6DE1-4D54-B2AD-ED76A0029148@kirei.se> <4F9019B0.7050909@nlnetlabs.nl> Message-ID: <965DBA9B-66F4-4ADF-AF94-31CEB8ECDD66@kirei.se> On 19 apr 2012, at 15:57, Matthijs Mekking wrote: > OPENDNSSEC-XXX Will that be automagically linked from Fisheye and/or from JIRA? jakob From rick at openfortress.nl Mon Apr 23 12:26:11 2012 From: rick at openfortress.nl (Rick van Rein) Date: Mon, 23 Apr 2012 12:26:11 +0000 Subject: [Opendnssec-develop] SVN write access? Message-ID: <20120423122610.GB12336@newphantom.local> Hello, Not sure who is managing SVN now, but: I'm trying to checkin my homework on the OpenDNSSEC tree. The server forbids my access -- do I have an account "vanrein" with SVN write access? I worked on "svn co" from the http URI and tried to "svn commit" and "svn commit --username vanrein" and am told that the server forbids access. Thanks, -Rick From jerry at opendnssec.org Mon Apr 23 12:30:26 2012 From: jerry at opendnssec.org (=?iso-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Mon, 23 Apr 2012 14:30:26 +0200 Subject: [Opendnssec-develop] SVN write access? In-Reply-To: <20120423122610.GB12336@newphantom.local> References: <20120423122610.GB12336@newphantom.local> Message-ID: <14592AC9-94CF-4F12-BD9C-5B9CF6EEBA9D@opendnssec.org> On Apr 23, 2012, at 14:26 , Rick van Rein wrote: > I'm trying to checkin my homework on the OpenDNSSEC tree. The server > forbids my access -- do I have an account "vanrein" with SVN write access? > > I worked on "svn co" from the http URI and tried to "svn commit" and > "svn commit --username vanrein" and am told that the server forbids access. You can't commit to the http URI it, you need to use the svn+ssh://user at host/ URI and if you haven't done that then your probably don't have access. Talk to Jakob. /Jerry -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ From jakob at kirei.se Mon Apr 23 12:41:23 2012 From: jakob at kirei.se (Jakob Schlyter) Date: Mon, 23 Apr 2012 14:41:23 +0200 Subject: [Opendnssec-develop] SVN write access? In-Reply-To: <20120423122610.GB12336@newphantom.local> References: <20120423122610.GB12336@newphantom.local> Message-ID: <6529EDDA-F8DE-43FD-BADB-33EB3EB6DA33@kirei.se> On 23 apr 2012, at 14:26, Rick van Rein wrote: > Not sure who is managing SVN now, but: That's me. > I'm trying to checkin my homework on the OpenDNSSEC tree. The server > forbids my access -- do I have an account "vanrein" with SVN write access? Yes, you do. > I worked on "svn co" from the http URI and tried to "svn commit" and > "svn commit --username vanrein" and am told that the server forbids access. You should be using svn+ssh://svn.opendnssec.org/svn/dnssec jakob From jerry at opendnssec.org Mon Apr 23 14:31:42 2012 From: jerry at opendnssec.org (=?iso-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Mon, 23 Apr 2012 16:31:42 +0200 Subject: [Opendnssec-develop] r6276 - r6278 / OPENDNSSEC-239 : ods-control changes breaks a few jenkins tests Message-ID: With the changes to ods-control some of the tests fails now for 1.3, will fix them tomorrow. -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ From rickard at opendnssec.org Mon Apr 23 21:12:44 2012 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Mon, 23 Apr 2012 23:12:44 +0200 Subject: [Opendnssec-develop] Meeting 20120424 Message-ID: Hi We have a meeting tomorrow and the agenda can be found here: https://wiki.opendnssec.org/display/OpenDNSSEC/2012-04-24+Agenda Date: Tuesday 24 April Time: 15:00-16:00 CEST, 14:00-15:00 BST // Rickard From Roland.vanRijswijk at surfnet.nl Tue Apr 24 12:31:27 2012 From: Roland.vanRijswijk at surfnet.nl (Roland van Rijswijk) Date: Tue, 24 Apr 2012 14:31:27 +0200 Subject: [Opendnssec-develop] Meeting minutes for Enforcer NG telecon 20120424 Message-ID: Hi guys, The meeting minutes for today's Enforcer NG telecon are online: https://wiki.opendnssec.org/display/OpenDNSSEC/2012-04-24+Enforcer+NG+teleconference The next meeting is on Tuesday May 8th at 14:00h CEST. Cheers, Roland -- Roland M. van Rijswijk -- SURFnet Middleware Services -- t: +31-30-2305388 -- e: roland.vanrijswijk at surfnet.nl From matthijs at nlnetlabs.nl Tue Apr 24 13:39:47 2012 From: matthijs at nlnetlabs.nl (Matthijs Mekking) Date: Tue, 24 Apr 2012 15:39:47 +0200 Subject: [Opendnssec-develop] Meeting 20120424 In-Reply-To: References: Message-ID: <4F96AD23.9030706@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Fresh minutes https://wiki.opendnssec.org/display/OpenDNSSEC/2012-04-24+Minutes Best regards, Matthijs On 04/23/2012 11:12 PM, Rickard Bellgrim wrote: > Hi > > We have a meeting tomorrow and the agenda can be found here: > https://wiki.opendnssec.org/display/OpenDNSSEC/2012-04-24+Agenda > > Date: Tuesday 24 April Time: 15:00-16:00 CEST, 14:00-15:00 BST > > // Rickard _______________________________________________ > Opendnssec-develop mailing list > Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPlq0jAAoJEA8yVCPsQCW5PksH/jtLkDsoXgz2LM4ZcAjW8nhx tRqk5gGFkSoPoRoaMB7GTPxKiBvSYAukt2Q9iSLivtHvyIVk97QO6Ms02nshHTof TD+SzlcBdnuUTVAYKhM6pfkvBAqaz/jGGxgD1mrtXuu2Nu2Y1F22orMlHLcK5OFf yOZq9F62mSnYrcqTxyhZHX7tiaOwePJrxEcokG9om5A8vS/KavWDsQ/FVzfbMwhW j+OJsc7AmpKgHUm6QYvtI4v2QSXUS+HoyIlyvJXdSfthz1ZbzTOf4H0BzMMBQuoo aR0n9JDsjUR/LqdOz9VCg7Xr0oFSFFuvuNLJ3/iNwPMvJsYOH2dKrZ7WAgdaqC4= =yxFK -----END PGP SIGNATURE----- From rickard at opendnssec.org Wed Apr 25 06:06:11 2012 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Wed, 25 Apr 2012 08:06:11 +0200 Subject: [Opendnssec-develop] ticket# in commit messages In-Reply-To: <965DBA9B-66F4-4ADF-AF94-31CEB8ECDD66@kirei.se> References: <2772CE68-6DE1-4D54-B2AD-ED76A0029148@kirei.se> <4F9019B0.7050909@nlnetlabs.nl> <965DBA9B-66F4-4ADF-AF94-31CEB8ECDD66@kirei.se> Message-ID: >> OPENDNSSEC-XXX > > Will that be automagically linked from Fisheye and/or from JIRA? There is currently no integration like that enabled. // Rickard From jakob at kirei.se Wed Apr 25 06:27:29 2012 From: jakob at kirei.se (Jakob Schlyter) Date: Wed, 25 Apr 2012 08:27:29 +0200 Subject: [Opendnssec-develop] ticket# in commit messages In-Reply-To: References: <2772CE68-6DE1-4D54-B2AD-ED76A0029148@kirei.se> <4F9019B0.7050909@nlnetlabs.nl> <965DBA9B-66F4-4ADF-AF94-31CEB8ECDD66@kirei.se> Message-ID: On 25 apr 2012, at 08:06, Rickard Bellgrim wrote: >>> OPENDNSSEC-XXX >> >> Will that be automagically linked from Fisheye and/or from JIRA? > > There is currently no integration like that enabled. Jerry; could we set such integration? jakob From jerry at opendnssec.org Wed Apr 25 07:27:18 2012 From: jerry at opendnssec.org (=?ISO-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Wed, 25 Apr 2012 09:27:18 +0200 Subject: [Opendnssec-develop] ticket# in commit messages In-Reply-To: References: <2772CE68-6DE1-4D54-B2AD-ED76A0029148@kirei.se> <4F9019B0.7050909@nlnetlabs.nl> <965DBA9B-66F4-4ADF-AF94-31CEB8ECDD66@kirei.se> Message-ID: On Wed, Apr 25, 2012 at 8:27 AM, Jakob Schlyter wrote: > Jerry; could we set such integration? Not really, I think SURFnet / Prolocation needs to set up this correctly. Roland? JIRA -> FishEye: Could not get repositories for instance http://mountaineer.surfnet.nl:8082/ - java.io.IOException: Error in remote call to 'mountaineer' (http://mountaineer.surfnet.nl:8082) [AbstractRestCommand{path='api/rest/repositories', params={}, methodType=POST}] : Received status code 500 (Internal Server Error) FishEye -> JIRA: Your request was unable to be processed java.lang.reflect.InvocationTargetException - Could not initialize class javax.crypto.SunJCE_b /Jerry From roland.vanrijswijk at surfnet.nl Wed Apr 25 10:38:41 2012 From: roland.vanrijswijk at surfnet.nl (Roland van Rijswijk) Date: Wed, 25 Apr 2012 12:38:41 +0200 Subject: [Opendnssec-develop] ticket# in commit messages In-Reply-To: References: <2772CE68-6DE1-4D54-B2AD-ED76A0029148@kirei.se> <4F9019B0.7050909@nlnetlabs.nl> <965DBA9B-66F4-4ADF-AF94-31CEB8ECDD66@kirei.se> Message-ID: <52112936-A510-46FA-B1B4-7A5CAB03E7B3@surfnet.nl> Hi Jerry, On 25 apr. 2012, at 09:27, Jerry Lundstr?m wrote: > On Wed, Apr 25, 2012 at 8:27 AM, Jakob Schlyter wrote: >> Jerry; could we set such integration? > > Not really, I think SURFnet / Prolocation needs to set up this > correctly. Roland? > > JIRA -> FishEye: Could not get repositories for instance > http://mountaineer.surfnet.nl:8082/ - java.io.IOException: Error in > remote call to 'mountaineer' (http://mountaineer.surfnet.nl:8082) > [AbstractRestCommand{path='api/rest/repositories', params={}, > methodType=POST}] : Received status code 500 (Internal Server Error) > > FishEye -> JIRA: Your request was unable to be processed > java.lang.reflect.InvocationTargetException - Could not initialize > class javax.crypto.SunJCE_b Did I understand correctly that you would like FishEye to automatically link references to issues in SVN commit messages to the tickets in JIRA? If you let me know what should be changed in the setup I'd be happy to have Prolocation update the configuration. I'm just a user w.r.t. Atlassian products and have no clue what to change or what needs to be changed in the configuration? (and unfortunately, I don't have enough time to investigate how to change the setup). Cheers, Roland -- Roland M. van Rijswijk -- SURFnet Middleware Services -- t: +31-30-2305388 -- e: roland.vanrijswijk at surfnet.nl From jerry at opendnssec.org Wed Apr 25 10:45:10 2012 From: jerry at opendnssec.org (=?ISO-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Wed, 25 Apr 2012 12:45:10 +0200 Subject: [Opendnssec-develop] ticket# in commit messages In-Reply-To: <52112936-A510-46FA-B1B4-7A5CAB03E7B3@surfnet.nl> References: <2772CE68-6DE1-4D54-B2AD-ED76A0029148@kirei.se> <4F9019B0.7050909@nlnetlabs.nl> <965DBA9B-66F4-4ADF-AF94-31CEB8ECDD66@kirei.se> <52112936-A510-46FA-B1B4-7A5CAB03E7B3@surfnet.nl> Message-ID: On Wed, Apr 25, 2012 at 12:38 PM, Roland van Rijswijk wrote: > Did I understand correctly that you would like FishEye to automatically link references to issues in SVN commit messages to the tickets in JIRA? If you let me know what should be changed in the setup I'd be happy to have Prolocation update the configuration. I'm just a user w.r.t. Atlassian products and have no clue what to change or what needs to be changed in the configuration? (and unfortunately, I don't have enough time to investigate how to change the setup). Something like that yes, I don't know either but the application link between the products does not work apparently and one side complained about missing Java stuff so thats nothing we can fix. /Jerry From roland.vanrijswijk at surfnet.nl Wed Apr 25 10:50:45 2012 From: roland.vanrijswijk at surfnet.nl (Roland van Rijswijk) Date: Wed, 25 Apr 2012 12:50:45 +0200 Subject: [Opendnssec-develop] ticket# in commit messages In-Reply-To: References: <2772CE68-6DE1-4D54-B2AD-ED76A0029148@kirei.se> <4F9019B0.7050909@nlnetlabs.nl> <965DBA9B-66F4-4ADF-AF94-31CEB8ECDD66@kirei.se> <52112936-A510-46FA-B1B4-7A5CAB03E7B3@surfnet.nl> Message-ID: Hi Jerry, On 25 apr. 2012, at 12:45, Jerry Lundstr?m wrote: > On Wed, Apr 25, 2012 at 12:38 PM, Roland van Rijswijk > wrote: >> Did I understand correctly that you would like FishEye to automatically link references to issues in SVN commit messages to the tickets in JIRA? If you let me know what should be changed in the setup I'd be happy to have Prolocation update the configuration. I'm just a user w.r.t. Atlassian products and have no clue what to change or what needs to be changed in the configuration? (and unfortunately, I don't have enough time to investigate how to change the setup). > > Something like that yes, I don't know either but the application link > between the products does not work apparently and one side complained > about missing Java stuff so thats nothing we can fix. If you can make an attempt at describing what kind of connections between both systems are necessary I can ask Prolocation to investigate. Cheers, Roland -- Roland M. van Rijswijk -- SURFnet Middleware Services -- t: +31-30-2305388 -- e: roland.vanrijswijk at surfnet.nl From jerry at opendnssec.org Wed Apr 25 13:06:43 2012 From: jerry at opendnssec.org (=?ISO-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Wed, 25 Apr 2012 15:06:43 +0200 Subject: [Opendnssec-develop] ticket# in commit messages In-Reply-To: References: <2772CE68-6DE1-4D54-B2AD-ED76A0029148@kirei.se> <4F9019B0.7050909@nlnetlabs.nl> <965DBA9B-66F4-4ADF-AF94-31CEB8ECDD66@kirei.se> <52112936-A510-46FA-B1B4-7A5CAB03E7B3@surfnet.nl> Message-ID: On Wed, Apr 25, 2012 at 12:50 PM, Roland van Rijswijk wrote: > If you can make an attempt at describing what kind of connections between both systems are necessary I can ask Prolocation to investigate. Its all in the manual, https://studio.plugins.atlassian.com/wiki/display/FISH/JIRA+FishEye+Plugin+3.0.17+-+Perforce+Job+Integration . But the application links does not work and its Prolocation that set this up. I get this when I try to map the OpenDNSSEC project to FishEye: "There was a problem retrieving data from your FishEye instance. Please ensure that you have setup your FishEye connection correctly." /Jerry From jerry at opendnssec.org Thu Apr 26 09:42:06 2012 From: jerry at opendnssec.org (=?iso-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Thu, 26 Apr 2012 11:42:06 +0200 Subject: [Opendnssec-develop] Jenkins build status emails Message-ID: Hi, I'm going to enable the emails from Jenkins today. There isn't any easy way to get all failed nodes into one email so it will be a bit spammy, people will have to tune their filters if they feel its too much. Jenkins will send emails on every failed build to the commits list and the committers. If the build is fixed it will send one email about that then nothing until the next failed build. There will be one email per failed node. /Jerry -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ From jerry at opendnssec.org Thu Apr 26 10:03:12 2012 From: jerry at opendnssec.org (=?iso-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Thu, 26 Apr 2012 12:03:12 +0200 Subject: [Opendnssec-develop] Re: Jenkins build status emails In-Reply-To: References: Message-ID: On Apr 26, 2012, at 11:42 , Jerry Lundstr?m wrote: > Jenkins will send emails on every failed build to the commits list and the committers. If the build is fixed it will send one email about that then nothing until the next failed build. There will be one email per failed node. Forgot one thing, the test-* parts won't be sent to the committers, just the commits list. -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ From jerry at opendnssec.org Thu Apr 26 15:00:47 2012 From: jerry at opendnssec.org (=?iso-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Thu, 26 Apr 2012 17:00:47 +0200 Subject: [Opendnssec-develop] Single different tests failing from time to time Message-ID: <354FADDF-0321-416A-B75B-00FF3509005C@opendnssec.org> Hi, If you saw just now Sion made a small commit and one test on ubuntu and freebsd failed (not the same test). I've seen this from time to time, mostly on trunk, and it seems to be something todo with the ods-control that checks if the start or stop of enforcer/signer was correct. Sometimes ods-signer hangs when trying to call ods-signerd, sometimes ods-control enforcer start returns SUCCESSFUL even when it failed to start and outputed errors in the log. I don't know why this happens just some times but if you commit and a stable platform just happened to have a test fail its most likely not your fault. What you can do is to get an account on Jenkins (if your don't already have it) and rerun the test to see if it clears up. /Jerry -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ From jerry at opendnssec.org Fri Apr 27 10:03:42 2012 From: jerry at opendnssec.org (=?iso-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Fri, 27 Apr 2012 12:03:42 +0200 Subject: [Opendnssec-develop] Test platform update and firewall configuration Message-ID: Hi, I'll be doing some updates and firewall configurations so builds and tests might break. /Jerry -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/