[opendnssec/el6] * add missing kaps.xml, fixup sources.
Paul Wouters
pwouters at fedoraproject.org
Tue Oct 30 19:24:10 UTC 2012
commit 859e03cd1b5e17b1616e364c4f998f04ecd1cec8
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Oct 30 15:22:36 2012 -0400
* add missing kaps.xml, fixup sources.
kasp.xml | 88 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
opendnssec.spec | 11 ++++---
sources | 4 --
3 files changed, 94 insertions(+), 9 deletions(-)
---
diff --git a/kasp.xml b/kasp.xml
new file mode 100644
index 0000000..caacca6
--- /dev/null
+++ b/kasp.xml
@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+
+ NOTE: The default policy below is a TEMPLATE ONLY and should be reviewed
+ before used in any production environment. The administrator should
+ consult the OpenDNSSEC documentation before changing any parameters.
+
+ If you can read this message, it is likely that this file has not
+ been reviewed nor updated.
+
+ -->
+
+<KASP>
+
+ <Policy name="default">
+ <Description>A default policy that will amaze you and your friends</Description>
+ <Signatures>
+ <Resign>PT2H</Resign>
+ <Refresh>P3D</Refresh>
+ <Validity>
+ <Default>P7D</Default>
+ <Denial>P7D</Denial>
+ </Validity>
+ <Jitter>PT12H</Jitter>
+ <!-- two hours to avoid daylight saving disasters -->
+ <InceptionOffset>PT7200S</InceptionOffset>
+ </Signatures>
+
+ <Denial>
+ <NSEC3>
+ <!-- <OptOut/> -->
+ <Resalt>P100D</Resalt>
+ <Hash>
+ <Algorithm>1</Algorithm>
+ <Iterations>5</Iterations>
+ <Salt length="8"/>
+ </Hash>
+ </NSEC3>
+ </Denial>
+
+ <Keys>
+ <!-- Parameters for both KSK and ZSK -->
+ <TTL>PT3600S</TTL>
+ <RetireSafety>PT3600S</RetireSafety>
+ <PublishSafety>PT3600S</PublishSafety>
+ <!-- <ShareKeys/> -->
+ <Purge>P14D</Purge>
+
+ <!-- Parameters for KSK only -->
+ <KSK>
+ <Algorithm length="2048">8</Algorithm>
+ <Lifetime>P1Y</Lifetime>
+ <Repository>AEP</Repository>
+ </KSK>
+
+ <!-- Parameters for ZSK only -->
+ <ZSK>
+ <Algorithm length="1024">8</Algorithm>
+ <Lifetime>P30D</Lifetime>
+ <Repository>AEP</Repository>
+ <!-- <ManualRollover/> -->
+ </ZSK>
+ </Keys>
+
+ <Zone>
+ <PropagationDelay>PT43200S</PropagationDelay>
+ <SOA>
+ <TTL>PT3600S</TTL>
+ <Minimum>PT3600S</Minimum>
+ <Serial>unixtime</Serial>
+ </SOA>
+ </Zone>
+
+ <Parent>
+ <PropagationDelay>PT9999S</PropagationDelay>
+ <DS>
+ <TTL>PT3600S</TTL>
+ </DS>
+ <SOA>
+ <TTL>PT172800S</TTL>
+ <Minimum>PT10800S</Minimum>
+ </SOA>
+ </Parent>
+
+
+ </Policy>
+</KASP>
diff --git a/opendnssec.spec b/opendnssec.spec
index 3d5e9eb..a8af86f 100644
--- a/opendnssec.spec
+++ b/opendnssec.spec
@@ -11,6 +11,7 @@ Source2: ods-signerd.init
Source3: ods.sysconfig
Source4: conf.xml
Source5: opendnssec.cron
+Source6: kasp.xml
Patch1: opendnssec-aggressive-retry.patch
Patch2: opendnssec-1.4.0a3-nsec3param.patch
Patch3: opendnssec-1.4.0b1-occluded.patch
@@ -50,16 +51,16 @@ rm -rf %{buildroot}
make DESTDIR=%{buildroot} install
mkdir -p %{buildroot}/var/opendnssec/{tmp,signed,signconf}
mkdir -p %{buildroot}/%{_initrddir}
-install -m 0755 %{SOURCE1} %{buildroot}/%{_initrddir}/ods-enforcerd
-install -m 0755 %{SOURCE2} %{buildroot}/%{_initrddir}/ods-signerd
+install -p -m 0755 %{SOURCE1} %{buildroot}/%{_initrddir}/ods-enforcerd
+install -p -m 0755 %{SOURCE2} %{buildroot}/%{_initrddir}/ods-signerd
install -d -m 0755 %{buildroot}%{_initrddir} %{buildroot}%{_sysconfdir}/cron.d/
-install -m 0644 %{SOURCE5} %{buildroot}/%{_sysconfdir}/cron.d/opendnssec
+install -p -m 0644 %{SOURCE5} %{buildroot}/%{_sysconfdir}/cron.d/opendnssec
# cleanup sample files
rm -f %{buildroot}/%{_sysconfdir}/opendnssec/*.sample
install -d -m 0755 %{buildroot}/%{_sysconfdir}/sysconfig
-install -m 0644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/sysconfig/ods
-install -m 0644 %{SOURCE4} %{buildroot}/%{_sysconfdir}/opendnssec/
+install -p -m 0644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/sysconfig/ods
+install -p -m 0644 %{SOURCE4} %{SOURCE6} %{buildroot}/%{_sysconfdir}/opendnssec/
mkdir -p %{buildroot}%{_localstatedir}/run/opendnssec
%files
diff --git a/sources b/sources
index 4a27788..bcdf49c 100644
--- a/sources
+++ b/sources
@@ -1,5 +1 @@
-<<<<<<< HEAD
-c7e00424dbbf87ccf4667f3b397b0aa1 opendnssec-1.4.0a1.tar.gz
-=======
->>>>>>> b55d6a7... * Tue Oct 30 2012 Paul Wouters <pwouters at redhat.com> - 1.4.0-0.4.b1
c5951e833a9414e3cbe575e7c66ee3ee opendnssec-1.4.0b1.tar.gz
More information about the scm-commits
mailing list