[Opendnssec-user] Release candidate for OpenDNSSEC 2.1.8
Stefan Ubbink
Stefan.Ubbink at sidn.nl
Mon Nov 23 06:12:38 UTC 2020
On Fri, 20 Nov 2020 12:30:34 +0100
Stefan Ubbink via Opendnssec-user
<opendnssec-user at lists.opendnssec.org> wrote:
> On Wed, 18 Nov 2020 13:22:50 +0100
> "\(Berry\) A.W. van Halderen via Opendnssec-user"
> <opendnssec-user at lists.opendnssec.org> wrote:
>
> > To the key purge problem. Either when manually purging keys, or
> > having specified a <Purge> in your key policy (kasp.xml), the keys
> > are suppost to be removed from the HSM. However, for some time, the
> > keys were marked for deletion, and became invisible, but the removal
> > from the HSM was skipped. In this release candidate this is fixed,
> > but still allowing keys not to be removed entirely. When you
> > specify an automatic purge then the keys will, after the specified
> > period, will be completely removed. When you purge manually, keys
> > are not removed from the HSM unless you specify an additional flag
> > (the --delete or -d flag).
>
> A minor point for improvement, the enforcer/man/ods-enforcer.8.in file
> has not been updated to describe the --delete or -d flag.
It seems I am not reading the above description correctly. Because when
I use the --delete option for purging keys, I get the following result:
root at signt1:~# ods-enforcer key purge --zone=politie --delete
unknown arguments
Error parsing arguments key purge command line key purge --zone=politie --delete
Usage:
key purge
--policy <policy> | --zone <zone> aka -p | -z
root at signt1:~# ods-enforcer --version
opendnssec version 2.1.8rc1
root at signt1:~#
The log shows the following:
Nov 23 07:08:38 signt1 ods-enforcerd: received command key purge --zone=politie --delete
Nov 23 07:08:38 signt1 ods-enforcerd: [key_purge_cmd] unknown arguments for key purge command
What am I missing?
--
Stefan Ubbink
DNS & Systems Engineer
Present: Mon, Tue, Wed, Fri
SIDN | Meander 501 | 6825 MD | ARNHEM | The Netherlands
T +31 (0)26 352 55 00
https://www.sidn.nl
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20201123/da91bd91/attachment.bin>
More information about the Opendnssec-user
mailing list