./security/zkt, DNSSEC Zone Key Tool

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.1.6nb1, Package name: zkt-1.1.6nb1, Maintainer: pettai

ZKT is a tool to manage keys and signatures for DNSSEC-zones.
The Zone Key Tool consist of two commands:
* dnssec-zkt to create and list dnssec zone keys and
* dnssec-signer to sign a zone and manage the lifetime of the zone signing keys
Both commands are simple wrapper commands around the dnssec-keygen(8) and
dnssec-signzone(8) commands provided by BIND.


Required to build:
[pkgtools/cwrappers]

Master sites:

Filesize: 399.309 KB

Version history: (Expand)


CVS history: (Expand)


   2024-01-05 02:57:57 by Takahiro Kambe | Files touched by this commit (1)
Log message:
security/zkt: switch to use bind918

Switch to use bind918 instead of bind916.

Bump PKGREVISION.
   2023-03-03 10:24:20 by Frederic Cambus | Files touched by this commit (2) | Package updated
Log message:
zkt: update to 1.1.6.

zkt 1.1.6 -- 04. Jan 2023

* misc	New configure.ac file generated by 'autoscan'

* bug	Jan Münnich found out that "-fcommon" is needed to compile ZKT
	with gcc 10.
	This is because of a double external definition caused by
	including header files while defining "extern" as empty.
	This is fixed now by eliminating includes within include files
	so "-fcommon" is not needed.

* misc	Increase of some string vars because of compiler warnings

* bug	Fixed an empty statement (semicolon) in freeconfig()
	(Thank you gcc!)

zkt 1.1.5 -- 17. Jun 2019

* misc	Option -r of dnssec-keygen has been deprecated since 9.13 (or so)
	Usage removed in dki_new()

* func	recursive_file_mtime() function added by Sven Stickroth
	This is useful if several zone files are included in a main zone.db
	file to track a change of any of the input files.
	It is not compiled in by default (use configure --enable-inc-file-tracking
	to enable) because for large zone files this could be a time consuming process.
	It is possible to add all included files to the local config parameter
	"DependFiles" instead. (Use zkt-conf <zonefile> to get a list \ 
of files to be added).

* misc	Log name of zone if KSK is expired
	Thanks to Sven Stickroth

* misc	DEST_DIR added to Makefile to install executables at common places
	Thanks to Sven Stickroth

* bug	Fix typos in rollover.c
	make clean also cleans OBJ_KLS files
	Thanks to Sven Stickroth
   2021-10-26 13:18:07 by Nia Alarie | Files touched by this commit (605)
Log message:
security: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Unfetchable distfiles (fetched conditionally?):
./security/cyrus-sasl/distinfo \ 
cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2
   2021-10-07 16:54:50 by Nia Alarie | Files touched by this commit (606)
Log message:
security: Remove SHA1 hashes for distfiles
   2020-09-01 16:06:52 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
security/zkt: update to 1.1.4

* pkgsrc change: switch dependency from net/bind914 to net/bind916.

zkt 1.1.4 -- 9. May 2016

* misc	Hint to mailinglist removed from README file

* bug	pathname wasn't initialized in any case (dist_and_reload() in nscomm.c
	Thanks Jeremy C. Reed

* bug	move $(LIBS) at the end of the ggc link line in Makefile.in

* misc	Exitcode of external command is now visible in log messages
	stderr of each external command is redirected to stdin

* bug	Fixed some potential memory leaks in ncparse.c dki.c zfparse.c
	and zkt-soaserial.c (mostly a missing fclose() on error conditions).
	Thanks to Jeremy C. Reed

* misc	README file changed to Markdown syntax

* bug	running zkt-keyman -3 didn't change anything on the key database
	so a zkt-signer run afterwards didn't see anything to do.
	Now the timestamp of the dnskey.db will be reset to a value less
	than the timestamp of the (new) key signing key.
	Thanks to Sven Strickroth for finding this.

* func	New binary zkt-delegate added
	Because it depends on the ldns library, it is located in
	a separate directory and use a different Makefile

* func	New Compile time option "--enable-ds-tracking" added.
	Now dig is used on KSK rollover to check if the DS record
	is announced in the parent zone.
	Thanks to Sven Strickroth providing the patch.

zkt 1.1.3 -- 21. Nov 2014

* func	New Config Parameter DependFiles added.
	Contains a (comma separated) list of files which are
	included into the ZoneFile. The timestamps of this files
	are checked additional to the timestamp of the ZoneFile.
	Based on a suggestion from Sven Strickroth

* misc	Makefile changed to build tar file out of git repository

* misc	Minimum supported BIND version is now 9.8

* bug	Fixed bug in BIND version parsing (9.10.1 was parsed as 910
	which is similar to 9.1.0)
	Version 9.10.1 is parsed now as 091001

* misc	Remove flag to request large exponent when creating keys
	(BIND always creates keys with large exponents since BIND 9.5.0)

* misc	Project moved to github
	Thanks to Jakob Schlyter for doing the initial stuff
   2020-01-26 18:32:28 by Roland Illig | Files touched by this commit (981)
Log message:
all: migrate homepages from http to https

pkglint -r --network --only "migrate"

As a side-effect of migrating the homepages, pkglint also fixed a few
indentations in unrelated lines. These and the new homepages have been
checked manually.
   2019-10-16 11:37:27 by Maya Rashish | Files touched by this commit (3)
Log message:
*: bind912 -> bind914

Thanks taca for the heads up.
   2018-09-27 06:23:12 by Thomas Klausner | Files touched by this commit (1)
Log message:
zkt: switch to an existing bind version

Only used on DragonFly