-
Type:
Bug
-
Status: Resolved
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: OpenDNSSEC 2.0
-
Fix Version/s: None
-
Component/s: Enforcer
-
Labels:None
{{
for
ods-enforcer --version
opendnssec version 2.1.0-dev
exporting a key for scripted use, e.g., in updating records via API at registrars, outputs keys of the form
ods-enforcer key export \
--zone example.com \
--keystate READY \
--keytype KSK
example.com. 300 IN DNSKEY 257 3 14 xxx...xxx ;
{id = 50248 (ksk), size = 384b}That key, if uploaded as-is, returns on upload method exec, (e.g. @ Gandi)
$VAR1 = {
'faultString' => 'Error on object : OBJECT_STRING (CAUSE_BADPARAMETER) [public_key: invalid base64 string \'xxx...xxx ;{id = 50248 (ksk), size = 384b}
\']',
'faultCode' => '501237'
};
It's choking on the trailing comment.
If trimmed of the comment
ods-enforcer key export \
--zone example.com \
--keystate READY \
--keytype KSK \
| sed 's | ;.* | g' |
|---|
so that input is
example.com. 300 IN DNSKEY 257 3 14 xxx...xxx
Then the upload is accepted without error.
It's unclear if a key can validly include a comment ...
In any case, there should be an option to provide clean key export, i.e. UNCOMMENTED.
Perhaps default export format should be cleaned of comments, with a "--comment" option for inclusion.
}}