Merge ~utkarsh/ubuntu/+source/keyutils:apply-default-ttl-to-records-impish into ubuntu/+source/keyutils:ubuntu/impish-devel
- Git
- lp:~utkarsh/ubuntu/+source/keyutils
- apply-default-ttl-to-records-impish
- Merge into ubuntu/impish-devel
Proposed by
Utkarsh Gupta
Status: | Needs review | ||||
---|---|---|---|---|---|
Proposed branch: | ~utkarsh/ubuntu/+source/keyutils:apply-default-ttl-to-records-impish | ||||
Merge into: | ubuntu/+source/keyutils:ubuntu/impish-devel | ||||
Diff against target: |
553 lines (+531/-0) 3 files modified
debian/changelog (+8/-0) debian/patches/apply-default-ttl-to-records.patch (+522/-0) debian/patches/series (+1/-0) |
||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Chris Newcomer | Pending | ||
Utkarsh Gupta | Pending | ||
git-ubuntu import | Pending | ||
Review via email: mp+416129@code.launchpad.net |
Commit message
Description of the change
To post a comment you must log in.
Unmerged commits
- 7b0f7a2... by Utkarsh Gupta
-
Update d/ch for 1.6.1-2ubuntu2.1 release
- 3f83464... by Utkarsh Gupta
-
* d/p/apply-
default- ttl-to- records. patch: Add patch
to apply default TTL to records obtained from
getaddrinfo(). (LP: #1962453)
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | diff --git a/debian/changelog b/debian/changelog |
2 | index 2b581f6..52c1765 100644 |
3 | --- a/debian/changelog |
4 | +++ b/debian/changelog |
5 | @@ -1,3 +1,11 @@ |
6 | +keyutils (1.6.1-2ubuntu2.1) impish; urgency=medium |
7 | + |
8 | + * d/p/apply-default-ttl-to-records.patch: Add patch |
9 | + to apply default TTL to records obtained from |
10 | + getaddrinfo(). (LP: #1962453) |
11 | + |
12 | + -- Utkarsh Gupta <utkarsh.gupta@canonical.com> Mon, 28 Feb 2022 16:20:06 +0530 |
13 | + |
14 | keyutils (1.6.1-2ubuntu2) impish; urgency=medium |
15 | |
16 | * No-change rebuild to build packages with zstd compression. |
17 | diff --git a/debian/patches/apply-default-ttl-to-records.patch b/debian/patches/apply-default-ttl-to-records.patch |
18 | new file mode 100644 |
19 | index 0000000..d0776ce |
20 | --- /dev/null |
21 | +++ b/debian/patches/apply-default-ttl-to-records.patch |
22 | @@ -0,0 +1,522 @@ |
23 | +From 75e7568dc516db698093b33ea273e1b4a30b70be Mon Sep 17 00:00:00 2001 |
24 | +From: David Howells <dhowells@redhat.com> |
25 | +Date: Tue, 14 Apr 2020 16:07:26 +0100 |
26 | +Subject: dns: Apply a default TTL to records obtained from getaddrinfo() |
27 | + Address records obtained from getaddrinfo() don't come with any TTL |
28 | + information, even if they're obtained from the DNS, with the result that |
29 | + key.dns_resolver upcall program doesn't set an expiry time on dns_resolver |
30 | + records unless they include a component obtained directly from the DNS, |
31 | + such as an SRV or AFSDB record. |
32 | + . |
33 | + Fix this to apply a default TTL of 10mins in the event that we haven't got |
34 | + one. This can be configured in /etc/keyutils/key.dns_resolver.conf by |
35 | + adding the line: |
36 | + . |
37 | + default_ttl = <number-of-seconds> |
38 | + . |
39 | + to the file. |
40 | + . |
41 | + Signed-off-by: David Howells <dhowells@redhat.com> |
42 | + Reviewed-by: Ben Boeckel <me@benboeckel.net> |
43 | + Reviewed-by: Jeff Layton <jlayton@kernel.org> |
44 | +Origin: upstream, https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git/commit/?id=75e7568dc516db698093b33ea273e1b4a30b70be |
45 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/keyutils/+bug/1962453 |
46 | +Last-Updated: 2022-02-28 |
47 | + |
48 | +--- |
49 | + Makefile | 1 + |
50 | + dns.afsdb.c | 16 ++-- |
51 | + key.dns.h | 4 + |
52 | + key.dns_resolver.c | 208 +++++++++++++++++++++++++++++++++++++++++--- |
53 | + man/key.dns_resolver.8 | 25 ++++-- |
54 | + man/key.dns_resolver.conf.5 | 48 ++++++++++ |
55 | + 6 files changed, 277 insertions(+), 25 deletions(-) |
56 | + create mode 100644 man/key.dns_resolver.conf.5 |
57 | + |
58 | +--- a/Makefile |
59 | ++++ b/Makefile |
60 | +@@ -204,6 +204,7 @@ |
61 | + $(INSTALL) -D key.dns_resolver $(DESTDIR)$(SBINDIR)/key.dns_resolver |
62 | + $(INSTALL) -D -m 0644 request-key.conf $(DESTDIR)$(ETCDIR)/request-key.conf |
63 | + mkdir -p $(DESTDIR)$(ETCDIR)/request-key.d |
64 | ++ mkdir -p $(DESTDIR)$(ETCDIR)/keyutils |
65 | + mkdir -p $(DESTDIR)$(MAN1) |
66 | + $(INSTALL) -m 0644 $(wildcard man/*.1) $(DESTDIR)$(MAN1) |
67 | + mkdir -p $(DESTDIR)$(MAN3) |
68 | +--- a/dns.afsdb.c |
69 | ++++ b/dns.afsdb.c |
70 | +@@ -37,8 +37,6 @@ |
71 | + */ |
72 | + #include "key.dns.h" |
73 | + |
74 | +-static unsigned long afs_ttl = ULONG_MAX; |
75 | +- |
76 | + /* |
77 | + * |
78 | + */ |
79 | +@@ -114,8 +112,8 @@ |
80 | + } |
81 | + } |
82 | + |
83 | +- afs_ttl = ttl; |
84 | +- info("ttl: %u", ttl); |
85 | ++ key_expiry = ttl; |
86 | ++ info("ttl: %u", key_expiry); |
87 | + } |
88 | + |
89 | + /* |
90 | +@@ -203,8 +201,8 @@ |
91 | + } |
92 | + } |
93 | + |
94 | +- afs_ttl = ttl; |
95 | +- info("ttl: %u", ttl); |
96 | ++ key_expiry = ttl; |
97 | ++ info("ttl: %u", key_expiry); |
98 | + } |
99 | + |
100 | + /* |
101 | +@@ -240,7 +238,7 @@ |
102 | + /* look up the hostnames we've obtained to get the actual addresses */ |
103 | + afsdb_hosts_to_addrs(handle, ns_s_an); |
104 | + |
105 | +- info("DNS query AFSDB RR results:%u ttl:%lu", payload_index, afs_ttl); |
106 | ++ info("DNS query AFSDB RR results:%u ttl:%u", payload_index, key_expiry); |
107 | + return 0; |
108 | + } |
109 | + |
110 | +@@ -279,7 +277,7 @@ |
111 | + /* look up the hostnames we've obtained to get the actual addresses */ |
112 | + srv_hosts_to_addrs(handle, ns_s_an); |
113 | + |
114 | +- info("DNS query VL SRV RR results:%u ttl:%lu", payload_index, afs_ttl); |
115 | ++ info("DNS query VL SRV RR results:%u ttl:%u", payload_index, key_expiry); |
116 | + return 0; |
117 | + } |
118 | + |
119 | +@@ -293,7 +291,7 @@ |
120 | + |
121 | + /* set the key's expiry time from the minimum TTL encountered */ |
122 | + if (!debug_mode) { |
123 | +- ret = keyctl_set_timeout(key, afs_ttl); |
124 | ++ ret = keyctl_set_timeout(key, key_expiry); |
125 | + if (ret == -1) |
126 | + error("%s: keyctl_set_timeout: %m", __func__); |
127 | + } |
128 | +--- a/key.dns.h |
129 | ++++ b/key.dns.h |
130 | +@@ -29,6 +29,7 @@ |
131 | + #include <stdlib.h> |
132 | + #include <unistd.h> |
133 | + #include <time.h> |
134 | ++#include <ctype.h> |
135 | + |
136 | + #define MAX_VLS 15 /* Max Volume Location Servers Per-Cell */ |
137 | + #define INET_IP4_ONLY 0x1 |
138 | +@@ -42,6 +43,7 @@ |
139 | + extern key_serial_t key; |
140 | + extern int debug_mode; |
141 | + extern unsigned mask; |
142 | ++extern unsigned int key_expiry; |
143 | + |
144 | + #define N_PAYLOAD 256 |
145 | + extern struct iovec payload[N_PAYLOAD]; |
146 | +@@ -52,6 +54,8 @@ |
147 | + extern __attribute__((format(printf, 1, 2))) |
148 | + void _error(const char *fmt, ...); |
149 | + extern __attribute__((format(printf, 1, 2))) |
150 | ++void warning(const char *fmt, ...); |
151 | ++extern __attribute__((format(printf, 1, 2))) |
152 | + void info(const char *fmt, ...); |
153 | + extern __attribute__((noreturn)) |
154 | + void nsError(int err, const char *domain); |
155 | +--- a/key.dns_resolver.c |
156 | ++++ b/key.dns_resolver.c |
157 | +@@ -46,10 +46,13 @@ |
158 | + static const char a_query_type[] = "a"; |
159 | + static const char aaaa_query_type[] = "aaaa"; |
160 | + static const char afsdb_query_type[] = "afsdb"; |
161 | ++static const char *config_file = "/etc/keyutils/key.dns_resolver.conf"; |
162 | ++static bool config_specified = false; |
163 | + key_serial_t key; |
164 | + static int verbose; |
165 | + int debug_mode; |
166 | + unsigned mask = INET_ALL; |
167 | ++unsigned int key_expiry = 5; |
168 | + |
169 | + |
170 | + /* |
171 | +@@ -106,6 +109,23 @@ |
172 | + } |
173 | + |
174 | + /* |
175 | ++ * Print a warning to stderr or the syslog |
176 | ++ */ |
177 | ++void warning(const char *fmt, ...) |
178 | ++{ |
179 | ++ va_list va; |
180 | ++ |
181 | ++ va_start(va, fmt); |
182 | ++ if (isatty(2)) { |
183 | ++ vfprintf(stderr, fmt, va); |
184 | ++ fputc('\n', stderr); |
185 | ++ } else { |
186 | ++ vsyslog(LOG_WARNING, fmt, va); |
187 | ++ } |
188 | ++ va_end(va); |
189 | ++} |
190 | ++ |
191 | ++/* |
192 | + * Print status information |
193 | + */ |
194 | + void info(const char *fmt, ...) |
195 | +@@ -272,6 +292,7 @@ |
196 | + } |
197 | + |
198 | + info("The key instantiation data is '%s'", buf); |
199 | ++ info("The expiry time is %us", key_expiry); |
200 | + free(buf); |
201 | + } |
202 | + |
203 | +@@ -412,6 +433,9 @@ |
204 | + |
205 | + /* load the key with data key */ |
206 | + if (!debug_mode) { |
207 | ++ ret = keyctl_set_timeout(key, key_expiry); |
208 | ++ if (ret == -1) |
209 | ++ error("%s: keyctl_set_timeout: %m", __func__); |
210 | + ret = keyctl_instantiate_iov(key, payload, payload_index, 0); |
211 | + if (ret == -1) |
212 | + error("%s: keyctl_instantiate: %m", __func__); |
213 | +@@ -421,6 +445,157 @@ |
214 | + } |
215 | + |
216 | + /* |
217 | ++ * Read the config file. |
218 | ++ */ |
219 | ++static void read_config(void) |
220 | ++{ |
221 | ++ FILE *f; |
222 | ++ char buf[4096], *b, *p, *k, *v; |
223 | ++ unsigned int line = 0, u; |
224 | ++ int n; |
225 | ++ |
226 | ++ info("READ CONFIG %s", config_file); |
227 | ++ |
228 | ++ f = fopen(config_file, "r"); |
229 | ++ if (!f) { |
230 | ++ if (errno == ENOENT && !config_specified) { |
231 | ++ debug("%s: %m", config_file); |
232 | ++ return; |
233 | ++ } |
234 | ++ error("%s: %m", config_file); |
235 | ++ } |
236 | ++ |
237 | ++ while (fgets(buf, sizeof(buf) - 1, f)) { |
238 | ++ line++; |
239 | ++ |
240 | ++ /* Trim off leading and trailing spaces and discard whole-line |
241 | ++ * comments. |
242 | ++ */ |
243 | ++ b = buf; |
244 | ++ while (isspace(*b)) |
245 | ++ b++; |
246 | ++ if (!*b || *b == '#') |
247 | ++ continue; |
248 | ++ p = strchr(b, '\n'); |
249 | ++ if (!p) |
250 | ++ error("%s:%u: line missing newline or too long", config_file, line); |
251 | ++ while (p > buf && isspace(p[-1])) |
252 | ++ p--; |
253 | ++ *p = 0; |
254 | ++ |
255 | ++ /* Split into key[=value] pairs and trim spaces. */ |
256 | ++ k = b; |
257 | ++ v = NULL; |
258 | ++ b = strchr(b, '='); |
259 | ++ if (b) { |
260 | ++ char quote = 0; |
261 | ++ bool esc = false; |
262 | ++ |
263 | ++ if (b == k) |
264 | ++ error("%s:%u: Unspecified key", |
265 | ++ config_file, line); |
266 | ++ |
267 | ++ /* NUL-terminate the key. */ |
268 | ++ for (p = b - 1; isspace(*p); p--) |
269 | ++ ; |
270 | ++ p[1] = 0; |
271 | ++ |
272 | ++ /* Strip leading spaces */ |
273 | ++ b++; |
274 | ++ while (isspace(*b)) |
275 | ++ b++; |
276 | ++ if (!*b) |
277 | ++ goto missing_value; |
278 | ++ |
279 | ++ if (*b == '"' || *b == '\'') { |
280 | ++ quote = *b; |
281 | ++ b++; |
282 | ++ } |
283 | ++ v = p = b; |
284 | ++ while (*b) { |
285 | ++ if (esc) { |
286 | ++ switch (*b) { |
287 | ++ case ' ': |
288 | ++ case '\t': |
289 | ++ case '"': |
290 | ++ case '\'': |
291 | ++ case '\\': |
292 | ++ break; |
293 | ++ default: |
294 | ++ goto invalid_escape_char; |
295 | ++ } |
296 | ++ esc = false; |
297 | ++ *p++ = *b++; |
298 | ++ continue; |
299 | ++ } |
300 | ++ if (*b == '\\') { |
301 | ++ esc = true; |
302 | ++ b++; |
303 | ++ continue; |
304 | ++ } |
305 | ++ if (*b == quote) { |
306 | ++ b++; |
307 | ++ if (*b) |
308 | ++ goto post_quote_data; |
309 | ++ quote = 0; |
310 | ++ break; |
311 | ++ } |
312 | ++ if (!quote && *b == '#') |
313 | ++ break; /* Terminal comment */ |
314 | ++ *p++ = *b++; |
315 | ++ } |
316 | ++ |
317 | ++ if (esc) |
318 | ++ error("%s:%u: Incomplete escape", config_file, line); |
319 | ++ if (quote) |
320 | ++ error("%s:%u: Unclosed quotes", config_file, line); |
321 | ++ *p = 0; |
322 | ++ } |
323 | ++ |
324 | ++ if (strcmp(k, "default_ttl") == 0) { |
325 | ++ if (!v) |
326 | ++ goto missing_value; |
327 | ++ if (sscanf(v, "%u%n", &u, &n) != 1) |
328 | ++ goto bad_value; |
329 | ++ if (v[n]) |
330 | ++ goto extra_data; |
331 | ++ if (u < 1 || u > INT_MAX) |
332 | ++ goto out_of_range; |
333 | ++ key_expiry = u; |
334 | ++ } else { |
335 | ++ warning("%s:%u: Unknown option '%s'", config_file, line, k); |
336 | ++ } |
337 | ++ } |
338 | ++ |
339 | ++ if (ferror(f) || fclose(f) == EOF) |
340 | ++ error("%s: %m", config_file); |
341 | ++ return; |
342 | ++ |
343 | ++missing_value: |
344 | ++ error("%s:%u: %s: Missing value", config_file, line, k); |
345 | ++invalid_escape_char: |
346 | ++ error("%s:%u: %s: Invalid char in escape", config_file, line, k); |
347 | ++post_quote_data: |
348 | ++ error("%s:%u: %s: Data after closing quote", config_file, line, k); |
349 | ++bad_value: |
350 | ++ error("%s:%u: %s: Bad value", config_file, line, k); |
351 | ++extra_data: |
352 | ++ error("%s:%u: %s: Extra data supplied", config_file, line, k); |
353 | ++out_of_range: |
354 | ++ error("%s:%u: %s: Value out of range", config_file, line, k); |
355 | ++} |
356 | ++ |
357 | ++/* |
358 | ++ * Dump the configuration after parsing the config file. |
359 | ++ */ |
360 | ++static __attribute__((noreturn)) |
361 | ++void config_dumper(void) |
362 | ++{ |
363 | ++ printf("default_ttl = %u\n", key_expiry); |
364 | ++ exit(0); |
365 | ++} |
366 | ++ |
367 | ++/* |
368 | + * Print usage details, |
369 | + */ |
370 | + static __attribute__((noreturn)) |
371 | +@@ -428,22 +603,24 @@ |
372 | + { |
373 | + if (isatty(2)) { |
374 | + fprintf(stderr, |
375 | +- "Usage: %s [-vv] key_serial\n", |
376 | ++ "Usage: %s [-vv] [-c config] key_serial\n", |
377 | + prog); |
378 | + fprintf(stderr, |
379 | +- "Usage: %s -D [-vv] <desc> <calloutinfo>\n", |
380 | ++ "Usage: %s -D [-vv] [-c config] <desc> <calloutinfo>\n", |
381 | + prog); |
382 | + } else { |
383 | +- info("Usage: %s [-vv] key_serial", prog); |
384 | ++ info("Usage: %s [-vv] [-c config] key_serial", prog); |
385 | + } |
386 | + exit(2); |
387 | + } |
388 | + |
389 | +-const struct option long_options[] = { |
390 | +- { "debug", 0, NULL, 'D' }, |
391 | +- { "verbose", 0, NULL, 'v' }, |
392 | +- { "version", 0, NULL, 'V' }, |
393 | +- { NULL, 0, NULL, 0 } |
394 | ++static const struct option long_options[] = { |
395 | ++ { "config", 0, NULL, 'c' }, |
396 | ++ { "debug", 0, NULL, 'D' }, |
397 | ++ { "dump-config", 0, NULL, 2 }, |
398 | ++ { "verbose", 0, NULL, 'v' }, |
399 | ++ { "version", 0, NULL, 'V' }, |
400 | ++ { NULL, 0, NULL, 0 } |
401 | + }; |
402 | + |
403 | + /* |
404 | +@@ -455,11 +632,19 @@ |
405 | + char *keyend, *p; |
406 | + char *callout_info = NULL; |
407 | + char *buf = NULL, *name; |
408 | ++ bool dump_config = false; |
409 | + |
410 | + openlog(prog, 0, LOG_DAEMON); |
411 | + |
412 | +- while ((ret = getopt_long(argc, argv, "vDV", long_options, NULL)) != -1) { |
413 | ++ while ((ret = getopt_long(argc, argv, "c:vDV", long_options, NULL)) != -1) { |
414 | + switch (ret) { |
415 | ++ case 'c': |
416 | ++ config_file = optarg; |
417 | ++ config_specified = true; |
418 | ++ continue; |
419 | ++ case 2: |
420 | ++ dump_config = true; |
421 | ++ continue; |
422 | + case 'D': |
423 | + debug_mode = 1; |
424 | + continue; |
425 | +@@ -481,6 +666,9 @@ |
426 | + |
427 | + argc -= optind; |
428 | + argv += optind; |
429 | ++ read_config(); |
430 | ++ if (dump_config) |
431 | ++ config_dumper(); |
432 | + |
433 | + if (!debug_mode) { |
434 | + if (argc != 1) |
435 | +@@ -542,7 +730,7 @@ |
436 | + name++; |
437 | + |
438 | + info("Query type: '%*.*s'", qtlen, qtlen, keyend); |
439 | +- |
440 | ++ |
441 | + if ((qtlen == sizeof(a_query_type) - 1 && |
442 | + memcmp(keyend, a_query_type, sizeof(a_query_type) - 1) == 0) || |
443 | + (qtlen == sizeof(aaaa_query_type) - 1 && |
444 | +--- a/man/key.dns_resolver.8 |
445 | ++++ b/man/key.dns_resolver.8 |
446 | +@@ -7,28 +7,41 @@ |
447 | + .\" as published by the Free Software Foundation; either version |
448 | + .\" 2 of the License, or (at your option) any later version. |
449 | + .\" |
450 | +-.TH KEY.DNS_RESOLVER 8 "04 Mar 2011" Linux "Linux Key Management Utilities" |
451 | ++.TH KEY.DNS_RESOLVER 8 "18 May 2020" Linux "Linux Key Management Utilities" |
452 | + .SH NAME |
453 | + key.dns_resolver \- upcall for request\-key to handle dns_resolver keys |
454 | + .SH SYNOPSIS |
455 | + \fB/sbin/key.dns_resolver \fR<key> |
456 | + .br |
457 | +-\fB/sbin/key.dns_resolver \fR\-D [\-v] [\-v] <keydesc> <calloutinfo> |
458 | ++\fB/sbin/key.dns_resolver \fR--dump-config [\-c <configfile>] |
459 | ++.br |
460 | ++\fB/sbin/key.dns_resolver \fR\-D [\-v] [\-v] [\-c <configfile>] <desc> |
461 | ++.br |
462 | ++<calloutinfo> |
463 | + .SH DESCRIPTION |
464 | + This program is invoked by request\-key on behalf of the kernel when kernel |
465 | + services (such as NFS, CIFS and AFS) want to perform a hostname lookup and the |
466 | + kernel does not have the key cached. It is not ordinarily intended to be |
467 | + called directly. |
468 | + .P |
469 | +-It can be called in debugging mode to test its functionality by passing a |
470 | +-\fB\-D\fR flag on the command line. For this to work, the key description and |
471 | +-the callout information must be supplied. Verbosity can be increased by |
472 | +-supplying one or more \fB\-v\fR flags. |
473 | ++There program has internal parameters that can be changed with a configuration |
474 | ++file (see key.dns_resolver.conf(5) for more information). The default |
475 | ++configuration file is in /etc, but this can be overridden with the \fB-c\fR |
476 | ++flag. |
477 | ++.P |
478 | ++The program can be called in debugging mode to test its functionality by |
479 | ++passing a \fB\-D\fR or \fB\--debug\fR flag on the command line. For this to |
480 | ++work, the key description and the callout information must be supplied. |
481 | ++Verbosity can be increased by supplying one or more \fB\-v\fR flags. |
482 | ++.P |
483 | ++The program may also be called with \fB--dump-config\fR to show the values that |
484 | ++configurable parameters will have after parsing the config file. |
485 | + .SH ERRORS |
486 | + All errors will be logged to the syslog. |
487 | + .SH SEE ALSO |
488 | + .ad l |
489 | + .nh |
490 | ++.BR key.dns_resolver.conf (5), |
491 | + .BR request\-key.conf (5), |
492 | + .BR keyrings (7), |
493 | + .BR request\-key (8) |
494 | +--- /dev/null |
495 | ++++ b/man/key.dns_resolver.conf.5 |
496 | +@@ -0,0 +1,48 @@ |
497 | ++.\" -*- nroff -*- |
498 | ++.\" Copyright (C) 2020 Red Hat, Inc. All Rights Reserved. |
499 | ++.\" Written by David Howells (dhowells@redhat.com) |
500 | ++.\" |
501 | ++.\" This program is free software; you can redistribute it and/or |
502 | ++.\" modify it under the terms of the GNU General Public License |
503 | ++.\" as published by the Free Software Foundation; either version |
504 | ++.\" 2 of the License, or (at your option) any later version. |
505 | ++.\" |
506 | ++.TH KEY.DNS_RESOLVER.CONF 5 "18 May 2020" Linux "Linux Key Management Utilities" |
507 | ++.SH NAME |
508 | ++key.dns_resolver.conf \- Kernel DNS resolver config |
509 | ++.SH DESCRIPTION |
510 | ++This file is used by the key.dns_resolver(5) program to set parameters. |
511 | ++Unless otherwise overridden with the \fB\-c\fR flag, the program reads: |
512 | ++.IP |
513 | ++/etc/key.dns_resolver.conf |
514 | ++.P |
515 | ++Configuration options are given in \fBkey[=value]\fR form, where \fBvalue\fR is |
516 | ++optional. If present, the value may be surrounded by a pair of single ('') or |
517 | ++double quotes ("") which will be stripped off. The special characters in the |
518 | ++value may be escaped with a backslash to turn them into ordinary characters. |
519 | ++.P |
520 | ++Lines beginning with a '#' are considered comments and ignored. A '#' symbol |
521 | ++anywhere after the '=' makes the rest of the line into a comment unless the '#' |
522 | ++is inside a quoted section or is escaped. |
523 | ++.P |
524 | ++Leading and trailing spaces and spaces around the '=' symbol will be stripped |
525 | ++off. |
526 | ++.P |
527 | ++Available options include: |
528 | ++.TP |
529 | ++.B default_ttl=<number> |
530 | ++The number of seconds to set as the expiration on a cached record. This will |
531 | ++be overridden if the program manages to retrieve TTL information along with |
532 | ++the addresses (if, for example, it accesses the DNS directly). The default is |
533 | ++5 seconds. The value must be in the range 1 to INT_MAX. |
534 | ++.P |
535 | ++The file can also include comments beginning with a '#' character unless |
536 | ++otherwise suppressed by being inside a quoted value or being escaped with a |
537 | ++backslash. |
538 | ++ |
539 | ++.SH FILES |
540 | ++.ul |
541 | ++/etc/key.dns_resolver.conf |
542 | ++.ul 0 |
543 | ++.SH SEE ALSO |
544 | ++\fBkey.dns_resolver\fR(8) |
545 | diff --git a/debian/patches/series b/debian/patches/series |
546 | index 5631eeb..5f4637c 100644 |
547 | --- a/debian/patches/series |
548 | +++ b/debian/patches/series |
549 | @@ -8,3 +8,4 @@ pkg-config-install-tweaks.patch |
550 | man-page-fixes.patch |
551 | Tests-for-KEYCTL_MOVE-require-kernel-5.3-or-above.patch |
552 | private-priv.patch |
553 | +apply-default-ttl-to-records.patch |