[opendnssec/el6] * add missing kaps.xml, fixup sources.

Tue Oct 30 19:24:10 UTC 2012

commit 859e03cd1b5e17b1616e364c4f998f04ecd1cec8
Author: Paul Wouters <pwouters at redhat.com>
Date:   Tue Oct 30 15:22:36 2012 -0400

    * add missing kaps.xml, fixup sources.

 kasp.xml        |   88 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 opendnssec.spec |   11 ++++---
 sources         |    4 --
 3 files changed, 94 insertions(+), 9 deletions(-)
---

diff --git a/kasp.xml b/kasp.xml
new file mode 100644
index 0000000..caacca6
--- /dev/null
+++ b/kasp.xml
@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+  
+  NOTE:  The default policy below is a TEMPLATE ONLY and should be reviewed
+         before used in any production environment. The administrator should
+         consult the OpenDNSSEC documentation before changing any parameters.
+         
+         If you can read this message, it is likely that this file has not
+         been reviewed nor updated.
+
+  -->
+
+<KASP>
+
+	<Policy name="default">
+		<Description>A default policy that will amaze you and your friends</Description>
+		<Signatures>
+			<Resign>PT2H</Resign>
+			<Refresh>P3D</Refresh>
+			<Validity>
+				<Default>P7D</Default>
+				<Denial>P7D</Denial>
+			</Validity>
+			<Jitter>PT12H</Jitter>
+			<!-- two hours to avoid daylight saving disasters -->
+			<InceptionOffset>PT7200S</InceptionOffset>
+		</Signatures>
+
+		<Denial>
+			<NSEC3>
+				<!-- <OptOut/> -->
+				<Resalt>P100D</Resalt>
+				<Hash>
+					<Algorithm>1</Algorithm>
+					<Iterations>5</Iterations>
+					<Salt length="8"/>
+				</Hash>
+			</NSEC3>
+		</Denial>
+
+		<Keys>
+			<!-- Parameters for both KSK and ZSK -->
+			<TTL>PT3600S</TTL>
+			<RetireSafety>PT3600S</RetireSafety>
+			<PublishSafety>PT3600S</PublishSafety>
+			<!-- <ShareKeys/> -->
+			<Purge>P14D</Purge>
+
+			<!-- Parameters for KSK only -->
+			<KSK>
+				<Algorithm length="2048">8</Algorithm>
+				<Lifetime>P1Y</Lifetime>
+				<Repository>AEP</Repository>
+			</KSK>
+
+			<!-- Parameters for ZSK only -->
+			<ZSK>
+				<Algorithm length="1024">8</Algorithm>
+				<Lifetime>P30D</Lifetime>
+				<Repository>AEP</Repository>
+				<!-- <ManualRollover/> -->
+			</ZSK>
+		</Keys>
+
+		<Zone>
+			<PropagationDelay>PT43200S</PropagationDelay>
+			<SOA>
+				<TTL>PT3600S</TTL>
+				<Minimum>PT3600S</Minimum>
+				<Serial>unixtime</Serial>
+			</SOA>
+		</Zone>
+
+		<Parent>
+			<PropagationDelay>PT9999S</PropagationDelay>
+			<DS>
+				<TTL>PT3600S</TTL>
+			</DS>
+			<SOA>
+				<TTL>PT172800S</TTL>
+				<Minimum>PT10800S</Minimum>
+			</SOA>
+		</Parent>
+
+
+	</Policy>
+</KASP>
diff --git a/opendnssec.spec b/opendnssec.spec
index 3d5e9eb..a8af86f 100644
--- a/opendnssec.spec
+++ b/opendnssec.spec
@@ -11,6 +11,7 @@ Source2: ods-signerd.init
 Source3: ods.sysconfig
 Source4: conf.xml
 Source5: opendnssec.cron
+Source6: kasp.xml
 Patch1: opendnssec-aggressive-retry.patch
 Patch2: opendnssec-1.4.0a3-nsec3param.patch
 Patch3: opendnssec-1.4.0b1-occluded.patch
@@ -50,16 +51,16 @@ rm -rf %{buildroot}
 make DESTDIR=%{buildroot} install
 mkdir -p %{buildroot}/var/opendnssec/{tmp,signed,signconf}
 mkdir -p %{buildroot}/%{_initrddir}
-install -m 0755 %{SOURCE1} %{buildroot}/%{_initrddir}/ods-enforcerd
-install -m 0755 %{SOURCE2} %{buildroot}/%{_initrddir}/ods-signerd
+install -p -m 0755 %{SOURCE1} %{buildroot}/%{_initrddir}/ods-enforcerd
+install -p -m 0755 %{SOURCE2} %{buildroot}/%{_initrddir}/ods-signerd
 install -d -m 0755 %{buildroot}%{_initrddir} %{buildroot}%{_sysconfdir}/cron.d/
-install -m 0644 %{SOURCE5} %{buildroot}/%{_sysconfdir}/cron.d/opendnssec
+install -p -m 0644 %{SOURCE5} %{buildroot}/%{_sysconfdir}/cron.d/opendnssec
 
 # cleanup sample files
 rm -f %{buildroot}/%{_sysconfdir}/opendnssec/*.sample
 install -d -m 0755 %{buildroot}/%{_sysconfdir}/sysconfig 
-install -m 0644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/sysconfig/ods
-install -m 0644 %{SOURCE4} %{buildroot}/%{_sysconfdir}/opendnssec/
+install -p -m 0644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/sysconfig/ods
+install -p -m 0644 %{SOURCE4} %{SOURCE6} %{buildroot}/%{_sysconfdir}/opendnssec/
 mkdir -p %{buildroot}%{_localstatedir}/run/opendnssec
 
 %files 
diff --git a/sources b/sources
index 4a27788..bcdf49c 100644
--- a/sources
+++ b/sources
@@ -1,5 +1 @@
-<<<<<<< HEAD
-c7e00424dbbf87ccf4667f3b397b0aa1  opendnssec-1.4.0a1.tar.gz
-=======
->>>>>>> b55d6a7... * Tue Oct 30 2012 Paul Wouters <pwouters at redhat.com> - 1.4.0-0.4.b1
 c5951e833a9414e3cbe575e7c66ee3ee  opendnssec-1.4.0b1.tar.gz
