commit a2d59fc: [Minor] rspamadm roll -r must not generate new keys

Christian Roessner c at roessner.co
Mon Jul 20 18:49:06 UTC 2020 

Author: Christian Roessner
Date: 2020-07-20 14:41:40 +0200
URL: https://github.com/rspamd/rspamd/commit/a2d59fc11d470a90a589b47e677b1d0771dac1c7 (refs/pull/3447/head)

[Minor] rspamadm roll -r must not generate new keys

---
 lualib/rspamadm/vault.lua | 47 +++++++++++++++++++++++++----------------------
 1 file changed, 25 insertions(+), 22 deletions(-)

diff --git a/lualib/rspamadm/vault.lua b/lualib/rspamadm/vault.lua
index d0b448a8d..6414d9273 100644
--- a/lualib/rspamadm/vault.lua
+++ b/lualib/rspamadm/vault.lua
@@ -455,30 +455,33 @@ local function roll_handler(opts, domain)
         end, fun.tail(keys))
         os.exit(1)
       end
-      -- OK to process
-      -- Insert keys for each algorithm in pairs <old_key(s)>, <new_key>
-      local sk,pk = genkey({algorithm = alg, bits = keys[1].bits})
-      local selector = string.format('%s-%s', alg,
-          os.date("!%Y%m%d"))
-
-      if selector == keys[1].selector then
-        selector = selector .. '-1'
-      end
-      local nelt = {
-        selector = selector,
-        domain = domain,
-        key = tostring(sk),
-        pubkey = tostring(pk),
-        alg = alg,
-        bits = keys[1].bits,
-        valid_start = os.time(),
-      }
+      -- Do not create new keys, if we only want to remove expired keys
+      if not opts.remove_expired then
+        -- OK to process
+        -- Insert keys for each algorithm in pairs <old_key(s)>, <new_key>
+        local sk,pk = genkey({algorithm = alg, bits = keys[1].bits})
+        local selector = string.format('%s-%s', alg,
+            os.date("!%Y%m%d"))
+
+        if selector == keys[1].selector then
+          selector = selector .. '-1'
+        end
+        local nelt = {
+          selector = selector,
+          domain = domain,
+          key = tostring(sk),
+          pubkey = tostring(pk),
+          alg = alg,
+          bits = keys[1].bits,
+          valid_start = os.time(),
+        }
+
+        if opts.expire then
+          nelt.valid_end = os.time() + opts.expire * 3600 * 24
+        end
 
-      if opts.expire then
-        nelt.valid_end = os.time() + opts.expire * 3600 * 24
+        table.insert(res.selectors, nelt)
       end
-
-      table.insert(res.selectors, nelt)
       for _,k in ipairs(keys) do
         table.insert(res.selectors, k)
       end

More information about the Commits mailing list