From 6b2b1f3e6c9b2863d59c753f7ac8aaaa5549a191 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Vavru=C5=A1a?= <marek.vavrusa@nic.cz>
Date: Thu, 24 Sep 2015 14:26:37 +0200
Subject: [PATCH] daemon: -k [file] options allows to set trust anchors file
 without config

example:
$ kdig @a.root-servers.net +short +tcp DNSKEY . > root.key
$ kresd -k root.key
---
 daemon/main.c | 44 ++++++++++++++++++++++++++++++++------------
 1 file changed, 32 insertions(+), 12 deletions(-)

diff --git a/daemon/main.c b/daemon/main.c
index a0d940924..0f34139bf 100644
--- a/daemon/main.c
+++ b/daemon/main.c
@@ -121,13 +121,14 @@ static void help(int argc, char *argv[])
 {
 	printf("Usage: %s [parameters] [rundir]\n", argv[0]);
 	printf("\nParameters:\n"
-	       " -a, --addr=[addr]   Server address (default: localhost#53).\n"
-	       " -f, --forks=N       Start N forks sharing the configuration.\n"
-	       " -v, --verbose       Run in verbose mode.\n"
-	       " -V, --version       Print version of the server.\n"
-	       " -h, --help          Print help and usage.\n"
+	       " -a, --addr=[addr]    Server address (default: localhost#53).\n"
+	       " -k, --keyfile=[path] File containing trust anchors (DS or DNSKEY).\n"
+	       " -f, --forks=N        Start N forks sharing the configuration.\n"
+	       " -v, --verbose        Run in verbose mode.\n"
+	       " -V, --version        Print version of the server.\n"
+	       " -h, --help           Print help and usage.\n"
 	       "Options:\n"
-	       " [rundir]            Path to the working directory (default: .)\n");
+	       " [rundir]             Path to the working directory (default: .)\n");
 }
 
 static struct worker_ctx *init_worker(uv_loop_t *loop, struct engine *engine, mm_ctx_t *pool, int worker_id)
@@ -195,18 +196,20 @@ int main(int argc, char **argv)
 	int forks = 1;
 	array_t(char*) addr_set;
 	array_init(addr_set);
+	const char *keyfile = NULL;
 
 	/* Long options. */
 	int c = 0, li = 0, ret = 0;
 	struct option opts[] = {
-		{"addr", required_argument, 0, 'a'},
-		{"forks",required_argument, 0, 'f'},
-		{"verbose",    no_argument, 0, 'v'},
-		{"version",   no_argument,  0, 'V'},
-		{"help",      no_argument,  0, 'h'},
+		{"addr", required_argument,   0, 'a'},
+		{"keyfile",required_argument, 0, 'k'},
+		{"forks",required_argument,   0, 'f'},
+		{"verbose",    no_argument,   0, 'v'},
+		{"version",   no_argument,    0, 'V'},
+		{"help",      no_argument,    0, 'h'},
 		{0, 0, 0, 0}
 	};
-	while ((c = getopt_long(argc, argv, "a:f:vVh", opts, &li)) != -1) {
+	while ((c = getopt_long(argc, argv, "a:f:k:vVh", opts, &li)) != -1) {
 		switch (c)
 		{
 		case 'a':
@@ -220,6 +223,13 @@ int main(int argc, char **argv)
 				return EXIT_FAILURE;
 			}
 			break;
+		case 'k':
+			keyfile = optarg;
+			if (access(optarg, R_OK) != 0) {
+				log_error("[system] keyfile '%s': not readable\n", optarg);
+				return EXIT_FAILURE;
+			}
+			break;
 		case 'v':
 			log_debug_enable(true);
 			break;
@@ -290,6 +300,16 @@ int main(int argc, char **argv)
 		log_error("[system] not enough memory\n");
 		return EXIT_FAILURE;
 	}
+	/* Set keyfile */
+	if (keyfile) {
+		auto_free char *cmd = afmt("trust_anchors.file = '%s'", keyfile);
+		if (!cmd) {
+			log_error("[system] not enough memory\n");
+			return EXIT_FAILURE;
+		}
+		engine_cmd(&engine, cmd);
+		lua_pop(engine.L, 1);
+	}
 	/* Bind to sockets and run */
 	for (size_t i = 0; i < addr_set.len; ++i) {
 		int port = 53;
-- 
GitLab