From: Christian Roessner Date: Mon, 20 Jul 2020 12:41:40 +0000 (+0200) Subject: [Minor] rspamadm roll -r must not generate new keys X-Git-Tag: 2.6~225^2 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=refs%2Fpull%2F3447%2Fhead;p=rspamd.git [Minor] rspamadm roll -r must not generate new keys --- diff --git a/lualib/rspamadm/vault.lua b/lualib/rspamadm/vault.lua index d0b448a8d..6414d9273 100644 --- a/lualib/rspamadm/vault.lua +++ b/lualib/rspamadm/vault.lua @@ -455,30 +455,33 @@ local function roll_handler(opts, domain) end, fun.tail(keys)) os.exit(1) end - -- OK to process - -- Insert keys for each algorithm in pairs , - local sk,pk = genkey({algorithm = alg, bits = keys[1].bits}) - local selector = string.format('%s-%s', alg, - os.date("!%Y%m%d")) - - if selector == keys[1].selector then - selector = selector .. '-1' - end - local nelt = { - selector = selector, - domain = domain, - key = tostring(sk), - pubkey = tostring(pk), - alg = alg, - bits = keys[1].bits, - valid_start = os.time(), - } + -- Do not create new keys, if we only want to remove expired keys + if not opts.remove_expired then + -- OK to process + -- Insert keys for each algorithm in pairs , + local sk,pk = genkey({algorithm = alg, bits = keys[1].bits}) + local selector = string.format('%s-%s', alg, + os.date("!%Y%m%d")) + + if selector == keys[1].selector then + selector = selector .. '-1' + end + local nelt = { + selector = selector, + domain = domain, + key = tostring(sk), + pubkey = tostring(pk), + alg = alg, + bits = keys[1].bits, + valid_start = os.time(), + } + + if opts.expire then + nelt.valid_end = os.time() + opts.expire * 3600 * 24 + end - if opts.expire then - nelt.valid_end = os.time() + opts.expire * 3600 * 24 + table.insert(res.selectors, nelt) end - - table.insert(res.selectors, nelt) for _,k in ipairs(keys) do table.insert(res.selectors, k) end