diff options
author | Christian Roessner <c@roessner.co> | 2020-07-20 14:41:40 +0200 |
---|---|---|
committer | Christian Roessner <c@roessner.co> | 2020-07-20 14:41:40 +0200 |
commit | a2d59fc11d470a90a589b47e677b1d0771dac1c7 (patch) | |
tree | 27fee5acc221b7f8b8013a0a09747e795a025110 /lualib | |
parent | de69712b7450abab62cf04df871a7c9609ad3376 (diff) | |
download | rspamd-a2d59fc11d470a90a589b47e677b1d0771dac1c7.tar.gz rspamd-a2d59fc11d470a90a589b47e677b1d0771dac1c7.zip |
[Minor] rspamadm roll -r must not generate new keys
Diffstat (limited to 'lualib')
-rw-r--r-- | lualib/rspamadm/vault.lua | 47 |
1 files changed, 25 insertions, 22 deletions
diff --git a/lualib/rspamadm/vault.lua b/lualib/rspamadm/vault.lua index d0b448a8d..6414d9273 100644 --- a/lualib/rspamadm/vault.lua +++ b/lualib/rspamadm/vault.lua @@ -455,30 +455,33 @@ local function roll_handler(opts, domain) end, fun.tail(keys)) os.exit(1) end - -- OK to process - -- Insert keys for each algorithm in pairs <old_key(s)>, <new_key> - local sk,pk = genkey({algorithm = alg, bits = keys[1].bits}) - local selector = string.format('%s-%s', alg, - os.date("!%Y%m%d")) - - if selector == keys[1].selector then - selector = selector .. '-1' - end - local nelt = { - selector = selector, - domain = domain, - key = tostring(sk), - pubkey = tostring(pk), - alg = alg, - bits = keys[1].bits, - valid_start = os.time(), - } + -- Do not create new keys, if we only want to remove expired keys + if not opts.remove_expired then + -- OK to process + -- Insert keys for each algorithm in pairs <old_key(s)>, <new_key> + local sk,pk = genkey({algorithm = alg, bits = keys[1].bits}) + local selector = string.format('%s-%s', alg, + os.date("!%Y%m%d")) + + if selector == keys[1].selector then + selector = selector .. '-1' + end + local nelt = { + selector = selector, + domain = domain, + key = tostring(sk), + pubkey = tostring(pk), + alg = alg, + bits = keys[1].bits, + valid_start = os.time(), + } + + if opts.expire then + nelt.valid_end = os.time() + opts.expire * 3600 * 24 + end - if opts.expire then - nelt.valid_end = os.time() + opts.expire * 3600 * 24 + table.insert(res.selectors, nelt) end - - table.insert(res.selectors, nelt) for _,k in ipairs(keys) do table.insert(res.selectors, k) end |