[Opendnssec-user] Repository softHSM is full

sion at nominet.org.uk sion at nominet.org.uk
Tue Oct 13 07:49:07 UTC 2009

> Purging the keys solved my immediate problem, and the signing process
> could go on.
> However, I don't have a capacity tag in the conf.xml (actually I do, but
> it's commented out). Compared to the conf.xml.sample, I have only
> changed <NotifyCommand> in my conf.xml, so my softHSM should already be
> "unlimited" if I understand things correctly. Can I check if my softHSM
> is "unlimited" in some way?

One way you can do this is to run "ods-ksmutil update", which pushes any
changes from your configuration files into your database.
This will display text like:

Repository softHSM found
No Maximum Capacity set.


Repository softHSM2 found
Capacity set to 1000.

depending on the capacity tag. Note that just changing the configuration
files is not enough, you need to run the update command afterwards.

Alternatively, if you want to see what state the database is in without
changing it, you could run the following statements:

SQLite version 3.6.10
Enter ".help" for instructions
Enter SQL statements terminated with a ";"
sqlite> .header on
sqlite> select * from securitymodules;

Where the NULL in the capacity column shows that it is unlimited.

> Another problem, maybe related to the above, when sent a command to sign
> a zone, it is actually signed, but not copied to my output directory. I
> can however find the sign file in the temp directory. If I manually copy
> the signed file from the tmp directory to my output directory, bind
> accepts it. It seems the auditor fails for some reason, please see the
> attached file for details. I'll be happy to provide more information
> about my system if you need.

I think that this is an unrelated problem, but I'll have to leave it for
the relevant developer to look at.


More information about the Opendnssec-user mailing list