aboutsummaryrefslogtreecommitdiffstats
path: root/lualib
diff options
context:
space:
mode:
authorChristian Roessner <c@roessner.co>2020-07-20 14:41:40 +0200
committerChristian Roessner <c@roessner.co>2020-07-20 14:41:40 +0200
commita2d59fc11d470a90a589b47e677b1d0771dac1c7 (patch)
tree27fee5acc221b7f8b8013a0a09747e795a025110 /lualib
parentde69712b7450abab62cf04df871a7c9609ad3376 (diff)
downloadrspamd-a2d59fc11d470a90a589b47e677b1d0771dac1c7.tar.gz
rspamd-a2d59fc11d470a90a589b47e677b1d0771dac1c7.zip
[Minor] rspamadm roll -r must not generate new keys
Diffstat (limited to 'lualib')
-rw-r--r--lualib/rspamadm/vault.lua47
1 files changed, 25 insertions, 22 deletions
diff --git a/lualib/rspamadm/vault.lua b/lualib/rspamadm/vault.lua
index d0b448a8d..6414d9273 100644
--- a/lualib/rspamadm/vault.lua
+++ b/lualib/rspamadm/vault.lua
@@ -455,30 +455,33 @@ local function roll_handler(opts, domain)
end, fun.tail(keys))
os.exit(1)
end
- -- OK to process
- -- Insert keys for each algorithm in pairs <old_key(s)>, <new_key>
- local sk,pk = genkey({algorithm = alg, bits = keys[1].bits})
- local selector = string.format('%s-%s', alg,
- os.date("!%Y%m%d"))
-
- if selector == keys[1].selector then
- selector = selector .. '-1'
- end
- local nelt = {
- selector = selector,
- domain = domain,
- key = tostring(sk),
- pubkey = tostring(pk),
- alg = alg,
- bits = keys[1].bits,
- valid_start = os.time(),
- }
+ -- Do not create new keys, if we only want to remove expired keys
+ if not opts.remove_expired then
+ -- OK to process
+ -- Insert keys for each algorithm in pairs <old_key(s)>, <new_key>
+ local sk,pk = genkey({algorithm = alg, bits = keys[1].bits})
+ local selector = string.format('%s-%s', alg,
+ os.date("!%Y%m%d"))
+
+ if selector == keys[1].selector then
+ selector = selector .. '-1'
+ end
+ local nelt = {
+ selector = selector,
+ domain = domain,
+ key = tostring(sk),
+ pubkey = tostring(pk),
+ alg = alg,
+ bits = keys[1].bits,
+ valid_start = os.time(),
+ }
+
+ if opts.expire then
+ nelt.valid_end = os.time() + opts.expire * 3600 * 24
+ end
- if opts.expire then
- nelt.valid_end = os.time() + opts.expire * 3600 * 24
+ table.insert(res.selectors, nelt)
end
-
- table.insert(res.selectors, nelt)
for _,k in ipairs(keys) do
table.insert(res.selectors, k)
end