external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2026-03-17 17:57:23 +01:00
Code Issues Releases Wiki Activity

dnssec: use RSASHA256 keys for .email domains

Browse Source
This commit is contained in:
Joshua Tauberer
2014-10-04 17:29:42 +00:00
parent ba33669a62
commit 4ae76aa2dd
4 changed files with 45 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
setup/migrate.py
View File

@@ -60,6 +60,13 @@ def migration_5(env):
# The secret key for encrypting backups was world readable. Fix here.
os.chmod(os.path.join(env["STORAGE_ROOT"], 'backup/secret_key.txt'), 0o600)
def migration_6(env):
# We now will generate multiple DNSSEC keys for different algorithms, since TLDs may
# not support them all. .email only supports RSA/SHA-256. Rename the keys.conf file
# to be algorithm-specific.
basepath = os.path.join(env["STORAGE_ROOT"], 'dns/dnssec')
shutil.move(os.path.join(basepath, 'keys.conf'), os.path.join(basepath, 'RSASHA1-NSEC3-SHA1.conf'))
def get_current_migration():
ver = 0
while True: