diff options
author | Petr Menšík <pemensik@redhat.com> | 2017-10-31 17:37:27 +0100 |
---|---|---|
committer | Petr Menšík <pemensik@redhat.com> | 2017-10-31 17:37:27 +0100 |
commit | f5cbbc1a87d188bfaf3b6b5c32a58241fc92db10 (patch) | |
tree | 8944bdd46c8e8bf1c0feca030a5f21deacd99ee4 | |
parent | 4d8c7099754496dfb0ed8143d51cb819346a07b2 (diff) | |
download | bind-f5cbbc1a87d188bfaf3b6b5c32a58241fc92db10.tar.gz bind-f5cbbc1a87d188bfaf3b6b5c32a58241fc92db10.tar.xz bind-f5cbbc1a87d188bfaf3b6b5c32a58241fc92db10.zip |
Use hmac-sha256 for new RNDC keys (#1508003)
Signed-off-by: Petr Menšík <pemensik@redhat.com>
-rw-r--r-- | bind.spec | 5 | ||||
-rwxr-xr-x | generate-rndc-key.sh | 5 |
2 files changed, 6 insertions, 4 deletions
@@ -1155,9 +1155,10 @@ rm -rf ${RPM_BUILD_ROOT} %changelog * Mon Oct 23 2017 Petr Menšík <pemensik@redhat.com> - 32:9.11.2-2 -- build against mariadb-connector-c-devel (#1493615) -- include DNSKEY 20326 also in trusted-key.key (#1505476) +- Build against mariadb-connector-c-devel (#1493615) +- Include DNSKEY 20326 also in trusted-key.key (#1505476) - Fix dynamic symbols conflict with ldap (#1205168) +- Use hmac-sha256 for new RNDC keys (#1508003) * Wed Aug 02 2017 Petr Menšík <pemensik@redhat.com> - 32:9.11.2-1 - Update to 9.11.2 diff --git a/generate-rndc-key.sh b/generate-rndc-key.sh index 194e65b..dde7f70 100755 --- a/generate-rndc-key.sh +++ b/generate-rndc-key.sh @@ -6,9 +6,10 @@ if [ ! -s /etc/rndc.key -a ! -s /etc/rndc.conf ]; then echo -n $"Generating /etc/rndc.key:" - if /usr/sbin/rndc-confgen -a -r /dev/urandom > /dev/null 2>&1; then + if /usr/sbin/rndc-confgen -a -A hmac-sha256 -r /dev/urandom > /dev/null 2>&1 + then chmod 640 /etc/rndc.key - chown root.named /etc/rndc.key + chown root:named /etc/rndc.key [ -x /sbin/restorecon ] && /sbin/restorecon /etc/rndc.key success $"/etc/rndc.key generation" echo |