Your message dated Sat, 27 Apr 2019 11:14:32 +0100 with message-id <1556360072.2690.35.camel@adam-barratt.org.uk> and subject line Closing bugs for updates included in 9.9 has caused the Debian Bug report #925351, regarding stretch-pu: package dns-root-data/2019031302~deb9u1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 925351: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925351 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: stretch-pu: package dns-root-data/2019031302~deb9u1
- From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
- Date: Sat, 23 Mar 2019 16:04:55 +0100
- Message-id: <87sgvdk4x4.fsf@fifthhorseman.net>
Package: release.debian.org Severity: normal Tags: stretch User: release.debian.org@packages.debian.org Usertags: pu Control: affects -1 src:dns-root-data Please consider an update to dns-root-data in debian stretch. This package reflects the state of the network, and keeping it current is useful for all the packages that depend on it. In particular, it removes a DNSSEC root key that is expired. For future DNSSEC root key rollovers, we should do something better than a package upgrade (see https://bugs.debian.org/925349) but for now this is the least restrictive change. The debdiff from the previous version in stretch is attached. This proposed release is also available at the "debian/2019031302_deb9u1" tag on the "debian/stretch" branch at the git repo for dns-root-data packaging: https://salsa.debian.org/dns-team/dns-root-data Please followup on this ticket to confirm whether I should upload this revision to stretch. Thanks for helping to maintain debian's stable release! --dkgdiff --git publicsuffix-2017072601~deb9u1/debian/changelog publicsuffix-2019031302~deb9u1/debian/changelog index 036aebe..660bdd3 100644 --- publicsuffix-2017072601~deb9u1/debian/changelog +++ publicsuffix-2019031302~deb9u1/debian/changelog @@ -1,3 +1,19 @@ +dns-root-data (2019031302~deb9u1) stretch; urgency=medium + + * Rebuild for stretch-backports. + * d/control: move Vcs-* to salsa.debian.org + * d/control: use dns-root-data@packages.debian.org as Maintainer + * sort generated .ds files by key tag + * Update root.hints to 2018013001 + * Update order of root.key to follow output of unbound-anchor + * use DEP-14 branches + * update root data to 2019031302 + * parse-root-anchors.sh: account for validity windows + * check: deliberately skip the TTL generated by ldns-key2ds + * add myself to uploaders + + -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sat, 23 Mar 2019 15:43:27 +0100 + dns-root-data (2017072601~deb9u1) stretch; urgency=high * Update root.hints to 2017072601 version diff --git publicsuffix-2017072601~deb9u1/debian/control publicsuffix-2019031302~deb9u1/debian/control index 8413872..bd0ab25 100644 --- publicsuffix-2017072601~deb9u1/debian/control +++ publicsuffix-2019031302~deb9u1/debian/control @@ -1,8 +1,9 @@ Source: dns-root-data Section: misc Priority: optional -Maintainer: Debian DNS Maintainers <pkg-dns-devel@lists.alioth.debian.org> +Maintainer: dns-root-data packagers <dns-root-data@packages.debian.org> Uploaders: Ondřej Surý <ondrej@debian.org>, + Daniel Kahn Gillmor <dkg@fifthhorseman.net>, Robert Edmonds <edmonds@debian.org> Build-Depends: debhelper (>= 8.0.0), unbound-anchor, @@ -11,8 +12,8 @@ Build-Depends: debhelper (>= 8.0.0), xml2 Standards-Version: 3.9.6 Homepage: https://data.iana.org/root-anchors/ -Vcs-Git: git://git.debian.org/pkg-dns/dns-root-data.git -Vcs-Browser: http://git.debian.org/?p=pkg-dns/dns-root-data.git;a=summary +Vcs-Git: https://salsa.debian.org/dns-team/dns-root-data.git -b debian/stretch +Vcs-Browser: https://salsa.debian.org/dns-team/dns-root-data Package: dns-root-data Architecture: all diff --git publicsuffix-2017072601~deb9u1/debian/gbp.conf publicsuffix-2019031302~deb9u1/debian/gbp.conf index 3b27f6d..9453f5b 100644 --- publicsuffix-2017072601~deb9u1/debian/gbp.conf +++ publicsuffix-2019031302~deb9u1/debian/gbp.conf @@ -1,2 +1,2 @@ [DEFAULT] -debian-branch = master-stretch +debian-branch = debian/stretch diff --git publicsuffix-2017072601~deb9u1/debian/rules publicsuffix-2019031302~deb9u1/debian/rules index b697fc0..453b594 100755 --- publicsuffix-2017072601~deb9u1/debian/rules +++ publicsuffix-2019031302~deb9u1/debian/rules @@ -15,13 +15,13 @@ override_dh_auto_build: openssl smime -verify -noverify -inform DER -in root-anchors.p7s -content root-anchors.xml # Create key from validated root-anchors.xml - ./parse-root-anchors.sh < root-anchors.xml > root-anchors.ds + ./parse-root-anchors.sh < root-anchors.xml | sort -k 4 -n > root-anchors.ds # Create key from downloaded root.key - /usr/bin/ldns-key2ds -n -2 root.key | sed -e 's/\t/ /g' -e 's/ 172800//' > root.ds + /usr/bin/ldns-key2ds -n -2 root.key | cut --fields=1,3- --output-delimiter=' ' | sort -k 4 -n > root.ds # Compare the DS from root.key and from root-anchors.xml - diff root-anchors.ds root.ds + diff -u root-anchors.ds root.ds override_dh_auto_clean: rm -f root-anchors.ds root.ds diff --git publicsuffix-2017072601~deb9u1/parse-root-anchors.sh publicsuffix-2019031302~deb9u1/parse-root-anchors.sh index 4281534..eb1696b 100755 --- publicsuffix-2017072601~deb9u1/parse-root-anchors.sh +++ publicsuffix-2019031302~deb9u1/parse-root-anchors.sh @@ -1,6 +1,6 @@ #!/bin/sh -unset ZONE KTAG ALGO DTYPE DIGEST +unset ZONE KTAG ALGO DTYPE DIGEST EXPIRES BEGINS export IFS="=" xml2 | while read -r KEY VAL; do @@ -9,14 +9,22 @@ xml2 | while read -r KEY VAL; do "/TrustAnchor/KeyDigest/KeyTag") KTAG="$VAL";; "/TrustAnchor/KeyDigest/Algorithm") ALGO="$VAL";; "/TrustAnchor/KeyDigest/DigestType") DTYPE="$VAL";; + "/TrustAnchor/KeyDigest/@validUntil") EXPIRES="$VAL";; + "/TrustAnchor/KeyDigest/@validFrom") BEGINS="$VAL";; "/TrustAnchor/KeyDigest/Digest") DIGEST="$(echo "$VAL" | tr "[:upper:]" "[:lower:]")" if [ -z "$ZONE" ] || [ -z "$KTAG" ] || [ -z "$ALGO" ] || [ -z "$DTYPE" ]; then echo "Missing some KeyDigest parameter" exit 1 fi - printf "%s IN DS %s %s %s %s\n" "$ZONE" "$KTAG" "$ALGO" "$DTYPE" "$DIGEST" - unset KTAG ALGO DTYPE DIGEST + if [ -n "$EXPIRES" ] && [ "$(date +%s -d "$EXPIRES")" -lt "$(date +%s)" ]; then + printf 'Digest %s expired on %s\n' "$DIGEST" "$EXPIRES" >&2 + elif [ -n "$BEGINS" ] && [ "$(date +%s -d "$BEGINS")" -gt "$(date +%s)" ]; then + printf 'Digest %s will not be valid until %s\n' "$DIGEST" "$BEGINS" >&2 + else + printf "%s IN DS %s %s %s %s\n" "$ZONE" "$KTAG" "$ALGO" "$DTYPE" "$DIGEST" + fi + unset KTAG ALGO DTYPE DIGEST EXPIRES BEGINS ;; esac done diff --git publicsuffix-2017072601~deb9u1/root-anchors.p7s publicsuffix-2019031302~deb9u1/root-anchors.p7s index ee06fe5..ff40c7a 100644 Binary files publicsuffix-2017072601~deb9u1/root-anchors.p7s and publicsuffix-2019031302~deb9u1/root-anchors.p7s differ diff --git publicsuffix-2017072601~deb9u1/root-anchors.xml publicsuffix-2019031302~deb9u1/root-anchors.xml index bf84089..3536f08 100644 --- publicsuffix-2017072601~deb9u1/root-anchors.xml +++ publicsuffix-2019031302~deb9u1/root-anchors.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> -<TrustAnchor id="0AF79DEA-A7CD-43DC-9EDD-AD241CA63AE2" source="http://data.iana.org/root-anchors/root-anchors.xml"> +<TrustAnchor id="380DC50D-484E-40D0-A3AE-68F2B18F61C7" source="http://data.iana.org/root-anchors/root-anchors.xml"> <Zone>.</Zone> -<KeyDigest id="Kjqmt7v" validFrom="2010-07-15T00:00:00+00:00"> +<KeyDigest id="Kjqmt7v" validFrom="2010-07-15T00:00:00+00:00" validUntil="2019-01-11T00:00:00+00:00"> <KeyTag>19036</KeyTag> <Algorithm>8</Algorithm> <DigestType>2</DigestType> diff --git publicsuffix-2017072601~deb9u1/root.hints publicsuffix-2019031302~deb9u1/root.hints index 86cd815..cfb7094 100644 --- publicsuffix-2017072601~deb9u1/root.hints +++ publicsuffix-2019031302~deb9u1/root.hints @@ -9,8 +9,8 @@ ; on server FTP.INTERNIC.NET ; -OR- RS.INTERNIC.NET ; -; last update: July 26, 2017 -; related version of root zone: 2017072601 +; last update: March 13, 2019 +; related version of root zone: 2019031302 ; ; FORMERLY NS.INTERNIC.NET ; @@ -21,7 +21,7 @@ A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30 ; FORMERLY NS1.ISI.EDU ; . 3600000 NS B.ROOT-SERVERS.NET. -B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201 +B.ROOT-SERVERS.NET. 3600000 A 199.9.14.201 B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:200::b ; ; FORMERLY C.PSI.NET diff --git publicsuffix-2017072601~deb9u1/root.key publicsuffix-2019031302~deb9u1/root.key index af563d6..e8941ce 100644 --- publicsuffix-2017072601~deb9u1/root.key +++ publicsuffix-2019031302~deb9u1/root.key @@ -1,2 +1 @@ -. 172800 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= ;{id = 19036 (ksk), size = 2048b} ;;state=2 [ VALID ] -. 172800 IN DNSKEY 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ;{id = 20326 (ksk), size = 2048b} ;;state=2 [ VALID ] +. 86400 IN DNSKEY 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ;{id = 20326 (ksk), size = 2048b} ;;state=2 [ VALID ]Attachment: signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
- To: 890889-done@bugs.debian.org, 892070-done@bugs.debian.org, 910805-done@bugs.debian.org, 914187-done@bugs.debian.org, 914591-done@bugs.debian.org, 919043-done@bugs.debian.org, 919576-done@bugs.debian.org, 921748-done@bugs.debian.org, 921977-done@bugs.debian.org, 921983-done@bugs.debian.org, 922918-done@bugs.debian.org, 922987-done@bugs.debian.org, 922996-done@bugs.debian.org, 923202-done@bugs.debian.org, 923323-done@bugs.debian.org, 923342-done@bugs.debian.org, 923556-done@bugs.debian.org, 923897-done@bugs.debian.org, 924145-done@bugs.debian.org, 924150-done@bugs.debian.org, 924255-done@bugs.debian.org, 924261-done@bugs.debian.org, 924282-done@bugs.debian.org, 924377-done@bugs.debian.org, 924433-done@bugs.debian.org, 924463-done@bugs.debian.org, 924493-done@bugs.debian.org, 924642-done@bugs.debian.org, 924939-done@bugs.debian.org, 924945-done@bugs.debian.org, 925154-done@bugs.debian.org, 925161-done@bugs.debian.org, 925214-done@bugs.debian.org, 925228-done@bugs.debian.org, 925351-done@bugs.debian.org, 925401-done@bugs.debian.org, 925482-done@bugs.debian.org, 925506-done@bugs.debian.org, 925548-done@bugs.debian.org, 925569-done@bugs.debian.org, 926003-done@bugs.debian.org, 926050-done@bugs.debian.org, 926136-done@bugs.debian.org, 926190-done@bugs.debian.org, 926199-done@bugs.debian.org, 926397-done@bugs.debian.org, 926438-done@bugs.debian.org, 926506-done@bugs.debian.org, 926739-done@bugs.debian.org, 926870-done@bugs.debian.org, 926892-done@bugs.debian.org, 926894-done@bugs.debian.org, 926897-done@bugs.debian.org, 927067-done@bugs.debian.org, 927068-done@bugs.debian.org, 927072-done@bugs.debian.org, 927160-done@bugs.debian.org, 927191-done@bugs.debian.org, 927223-done@bugs.debian.org, 927378-done@bugs.debian.org, 927422-done@bugs.debian.org, 927424-done@bugs.debian.org, 922484-done@bugs.debian.org
- Subject: Closing bugs for updates included in 9.9
- From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Date: Sat, 27 Apr 2019 11:14:32 +0100
- Message-id: <1556360072.2690.35.camel@adam-barratt.org.uk>
Version: 9.9 Hi, The update referenced by each of these bugs was included in this morning's stretch point release. Regards, Adam
--- End Message ---