Use hmac-sha256 for new RNDC keys (#1508003)

Signed-off-by: Petr Menšík <pemensik@redhat.com>
2017-10-31 17:37:27 +01:00 · 2017-10-31 17:37:27 +01:00 · f5cbbc1a87
parent 4d8c709975
commit f5cbbc1a87
2 changed files with 6 additions and 4 deletions
--- a/bind.spec
+++ b/bind.spec
@ -1155,9 +1155,10 @@ rm -rf ${RPM_BUILD_ROOT}

 %changelog
 * Mon Oct 23 2017 Petr Menšík <pemensik@redhat.com> - 32:9.11.2-2
- build against mariadb-connector-c-devel (#1493615)
- include DNSKEY 20326 also in trusted-key.key (#1505476)
+- Build against mariadb-connector-c-devel (#1493615)
+- Include DNSKEY 20326 also in trusted-key.key (#1505476)
 - Fix dynamic symbols conflict with ldap (#1205168)
+- Use hmac-sha256 for new RNDC keys (#1508003)

 * Wed Aug 02 2017 Petr Menšík <pemensik@redhat.com> - 32:9.11.2-1
 - Update to 9.11.2
--- a/generate-rndc-key.sh
+++ b/generate-rndc-key.sh
@ -6,9 +6,10 @@

 if [ ! -s /etc/rndc.key -a ! -s /etc/rndc.conf ]; then
  echo -n $"Generating /etc/rndc.key:"
-  if /usr/sbin/rndc-confgen -a -r /dev/urandom > /dev/null 2>&1; then
+  if /usr/sbin/rndc-confgen -a -A hmac-sha256 -r /dev/urandom > /dev/null 2>&1
+  then
    chmod 640 /etc/rndc.key
-    chown root.named /etc/rndc.key
+    chown root:named /etc/rndc.key
    [ -x /sbin/restorecon ] && /sbin/restorecon /etc/rndc.key
    success $"/etc/rndc.key generation"
    echo