./security/zkt, DNSSEC Zone Key Tool

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 1.1.4, Package name: zkt-1.1.4, Maintainer: pettai

ZKT is a tool to manage keys and signatures for DNSSEC-zones.
The Zone Key Tool consist of two commands:
* dnssec-zkt to create and list dnssec zone keys and
* dnssec-signer to sign a zone and manage the lifetime of the zone signing keys
Both commands are simple wrapper commands around the dnssec-keygen(8) and
dnssec-signzone(8) commands provided by BIND.

Required to build:

Master sites:

SHA1: ad2d4422f05f83d04278ecccfe854852956dcc62
RMD160: e987e25d960d5dba19cbc54e18b0b8144e83aa1a
Filesize: 373.661 KB

Version history: (Expand)

CVS history: (Expand)

   2020-09-01 16:06:52 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
security/zkt: update to 1.1.4

* pkgsrc change: switch dependency from net/bind914 to net/bind916.

zkt 1.1.4 -- 9. May 2016

* misc	Hint to mailinglist removed from README file

* bug	pathname wasn't initialized in any case (dist_and_reload() in nscomm.c
	Thanks Jeremy C. Reed

* bug	move $(LIBS) at the end of the ggc link line in Makefile.in

* misc	Exitcode of external command is now visible in log messages
	stderr of each external command is redirected to stdin

* bug	Fixed some potential memory leaks in ncparse.c dki.c zfparse.c
	and zkt-soaserial.c (mostly a missing fclose() on error conditions).
	Thanks to Jeremy C. Reed

* misc	README file changed to Markdown syntax

* bug	running zkt-keyman -3 didn't change anything on the key database
	so a zkt-signer run afterwards didn't see anything to do.
	Now the timestamp of the dnskey.db will be reset to a value less
	than the timestamp of the (new) key signing key.
	Thanks to Sven Strickroth for finding this.

* func	New binary zkt-delegate added
	Because it depends on the ldns library, it is located in
	a separate directory and use a different Makefile

* func	New Compile time option "--enable-ds-tracking" added.
	Now dig is used on KSK rollover to check if the DS record
	is announced in the parent zone.
	Thanks to Sven Strickroth providing the patch.

zkt 1.1.3 -- 21. Nov 2014

* func	New Config Parameter DependFiles added.
	Contains a (comma separated) list of files which are
	included into the ZoneFile. The timestamps of this files
	are checked additional to the timestamp of the ZoneFile.
	Based on a suggestion from Sven Strickroth

* misc	Makefile changed to build tar file out of git repository

* misc	Minimum supported BIND version is now 9.8

* bug	Fixed bug in BIND version parsing (9.10.1 was parsed as 910
	which is similar to 9.1.0)
	Version 9.10.1 is parsed now as 091001

* misc	Remove flag to request large exponent when creating keys
	(BIND always creates keys with large exponents since BIND 9.5.0)

* misc	Project moved to github
	Thanks to Jakob Schlyter for doing the initial stuff
   2020-01-26 18:32:28 by Roland Illig | Files touched by this commit (981)
Log message:
all: migrate homepages from http to https

pkglint -r --network --only "migrate"

As a side-effect of migrating the homepages, pkglint also fixed a few
indentations in unrelated lines. These and the new homepages have been
checked manually.
   2019-10-16 11:37:27 by Maya Rashish | Files touched by this commit (3)
Log message:
*: bind912 -> bind914

Thanks taca for the heads up.
   2018-09-27 06:23:12 by Thomas Klausner | Files touched by this commit (1)
Log message:
zkt: switch to an existing bind version

Only used on DragonFly
   2015-11-04 02:18:12 by Alistair G. Crooks | Files touched by this commit (434)
Log message:
Add SHA512 digests for distfiles for security category

Problems found locating distfiles:
	Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
	Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
	Package libidea: missing distfile libidea-0.8.2b.tar.gz
	Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
	Package uvscan: missing distfile vlp4510e.tar.Z

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
   2015-08-18 09:31:20 by Thomas Klausner | Files touched by this commit (282)
Log message:
Bump all packages that depend on curses.bui* or terminfo.bui* since they
might incur ncurses dependencies on some platforms, and ncurses just bumped
its shlib.
Some packages were bumped twice now, sorry for that.
   2014-01-02 01:50:07 by David A. Holland | Files touched by this commit (1)
Log message:
Use the correct path variable in one marino@'s dragonfly hacks.
   2013-03-16 00:34:45 by Fredrik Pettai | Files touched by this commit (2)
Log message:
zkt 1.1.2

* bug   Fixed bug introduced by changes on inc_soa_serial()

zkt 1.1.1

* bug   Error fixed in zkt-conf in parsing the version number
* misc  inc_soa_serial() now returns 0 on success
* bug   Fixed bug in inc_serial()
        The zone file wasn't closed on succesful change of the soa record.
        Many thanks to Frederik Soderblom for fixing this.