diff --git a/src/Propellor/Property/Dns.hs b/src/Propellor/Property/Dns.hs index 8918096..38e98ea 100644 --- a/src/Propellor/Property/Dns.hs +++ b/src/Propellor/Property/Dns.hs @@ -136,7 +136,6 @@ signedPrimary recurrance hosts domain soa rs = RevertableProperty setup cleanup -- TODO put signed zone file in named.conf. -- TODO enable dnssec options. -- dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; - -- TODO if keys change, resign zone file. -- TODO write to entirely different files than does primary, -- so that primary can be reverted and signedPrimary enabled, -- or vice-versa, without conflicts. diff --git a/src/Propellor/Property/DnsSec.hs b/src/Propellor/Property/DnsSec.hs index 201cc00..ba9c2a1 100644 --- a/src/Propellor/Property/DnsSec.hs +++ b/src/Propellor/Property/DnsSec.hs @@ -53,15 +53,18 @@ zoneSigned domain zonefile = RevertableProperty setup cleanup dssetfile = dir "-" ++ domain ++ "." dir = takeDirectory zonefile - -- Need to update the signed zone if the zone file - -- has a newer timestamp. + -- Need to update the signed zone file if the zone file or + -- any of the keys have a newer timestamp. needupdate = do v <- catchMaybeIO $ getModificationTime signedzonefile case v of Nothing -> return True - Just t1 -> do - t2 <- getModificationTime zonefile - return (t2 >= t1) + Just t1 -> anyM (newerthan t1) $ + zonefile : map (keyFn domain) [minBound..maxBound] + + newerthan t1 f = do + t2 <- getModificationTime f + return (t2 >= t1) forceZoneSigned :: Domain -> FilePath -> Property forceZoneSigned domain zonefile = property ("zone signed for " ++ domain) $ liftIO $ do diff --git a/src/Propellor/Types/PrivData.hs b/src/Propellor/Types/PrivData.hs index 636c965..d6941a7 100644 --- a/src/Propellor/Types/PrivData.hs +++ b/src/Propellor/Types/PrivData.hs @@ -104,4 +104,4 @@ data DnsSecKey | PrivZSK -- ^ DNSSEC Zone Signing Key (private) | PubKSK -- ^ DNSSEC Key Signing Key (public) | PrivKSK -- ^ DNSSEC Key Signing Key (private) - deriving (Read, Show, Ord, Eq) + deriving (Read, Show, Ord, Eq, Bounded, Enum)