NLnetLabs · ximon18 · Nov 5, 2024 · Nov 5, 2024 · Nov 5, 2024 · Nov 5, 2024
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -10,13 +10,28 @@ jobs:
       matrix:
         os: [ubuntu-latest, windows-latest, macOS-latest]
         rust: [1.78.0, stable, beta, nightly]
+    env:
+      VCPKG_ROOT: "${{ github.workspace }}\\vcpkg"
+      VCPKGRS_TRIPLET: x64-windows-release
+      # Ensure that OpenSSL is dynamically linked.
+      VCPKGRS_DYNAMIC: 1    
     steps:
     - name: Checkout repository
       uses: actions/checkout@v1
     - name: Install Rust
       uses: hecrj/setup-rust-action@v2
       with:
         rust-version: ${{ matrix.rust }}
+    - if: matrix.os == 'ubuntu-latest'
+      run: sudo apt-get install -y libssl-dev
+    - if: matrix.os == 'windows-latest'
+      id: vcpkg
+      uses: johnwason/vcpkg-action@v6
+      with:
+        pkgs: openssl
+        triplet: ${{ env.VCPKGRS_TRIPLET }}
+        token: ${{ github.token }}
+        github-binarycache: true
     - if: matrix.rust == 'stable'
       run: rustup component add clippy
     - if: matrix.rust == 'stable'

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -9,8 +9,18 @@ name = "ldns"
 path = "src/bin/ldns.rs"
 
 [dependencies]
-clap = { version = "4.3.4", features = ["derive"] }
-domain = { version = "0.10.3", git = "https://github.com/NLnetLabs/domain.git", branch = "initial-nsec3-generation", features = ["unstable-validator", "zonefile"] }
+bytes  = { version = "1.1", default-features = false }
+clap = { version = "4.3.4", features = ["cargo", "derive"] }
+domain = { git = "https://github.com/NLnetLabs/domain", branch = "support-zonefile-fmt-with-padding", features = [
+    "bytes",
+    "openssl",
+    "ring",
+    "unstable-sign",
+    "unstable-validate",
+    "unstable-validator",
+    "unstable-zonetree",
+    "zonefile",
+] }
 lexopt = "0.3.0"
 
 [dev-dependencies]

diff --git a/src/args.rs b/src/args.rs
@@ -6,18 +6,21 @@ use super::error::Error;
 #[derive(Clone, Debug, clap::Parser)]
 #[command(version, disable_help_subcommand = true)]
 pub struct Args {
+    /// The command that was invoked.
     #[command(subcommand)]
     pub command: Command,
+
+    /// Whether the command was invoked as an LDNS alias or not.
+    #[clap(skip = false)]
+    is_ldns: bool,
 }
 
 impl Args {
-    pub fn execute(self, env: impl Env) -> Result<(), Error> {
-        self.command.execute(env)
+    pub fn new(command: Command, is_ldns: bool) -> Self {
+        Self { command, is_ldns }
     }
-}
 
-impl From<Command> for Args {
-    fn from(value: Command) -> Self {
-        Args { command: value }
+    pub fn execute(self, env: impl Env) -> Result<(), Error> {
+        self.command.execute(env, self.is_ldns)
     }
 }
diff --git a/src/commands/key2ds.rs b/src/commands/key2ds.rs
@@ -180,7 +180,7 @@ impl Key2ds {
             let rr = Record::new(owner, class, ttl, ds);
 
             if self.write_to_stdout {
-                writeln!(env.stdout(), "{}", rr.display_zonefile(false));
+                writeln!(env.stdout(), "{}", rr.display_zonefile(false, true));
             } else {
                 let owner = owner.fmt_with_dot();
                 let sec_alg = sec_alg.to_int();
@@ -210,7 +210,7 @@ impl Key2ds {
                 let mut out_file =
                     res.map_err(|e| format!("Could not create file \"{filename}\": {e}"))?;
 
-                writeln!(out_file, "{}", rr.display_zonefile(false))
+                writeln!(out_file, "{}", rr.display_zonefile(false, true))
                     .map_err(|e| format!("Could not write to file \"{filename}\": {e}"))?;
 
                 writeln!(env.stdout(), "{keyname}");
@@ -436,7 +436,7 @@ mod test {
         assert_eq!(res.stderr, "");
 
         let out = std::fs::read_to_string(dir.path().join("Kexample.test.+015+60136.ds")).unwrap();
-        assert_eq!(out, "example.test. 3600 IN DS 60136 15 2 52BD3BF40C8220BF1A3E2A3751C423BC4B69BCD7F328D38C4CD021A85DE65AD4\n");
+        assert_eq!(out, "example.test.\t3600\tIN\tDS\t60136\t15\t2\t52BD3BF40C8220BF1A3E2A3751C423BC4B69BCD7F328D38C4CD021A85DE65AD4\n");
     }
 
     #[test]
@@ -450,10 +450,10 @@ mod test {
         assert_eq!(res.stderr, "");
 
         let out = std::fs::read_to_string(dir.path().join("Kone.test.+015+38429.ds")).unwrap();
-        assert_eq!(out, "one.test. 3600 IN DS 38429 15 2 B85F7D27C48A7B84D633C7A41C3022EA0F7FC80896227B61AE7BFC59BF5F0256\n");
+        assert_eq!(out, "one.test.\t3600\tIN\tDS\t38429\t15\t2\tB85F7D27C48A7B84D633C7A41C3022EA0F7FC80896227B61AE7BFC59BF5F0256\n");
 
         let out = std::fs::read_to_string(dir.path().join("Ktwo.test.+015+00425.ds")).unwrap();
-        assert_eq!(out, "two.test. 3600 IN DS 425 15 2 AA2030287A7C5C56CB3C0E9C64BE55616729C0C78DE2B83613D03B10C0F1EA93\n");
+        assert_eq!(out, "two.test.\t3600\tIN\tDS\t425\t15\t2\tAA2030287A7C5C56CB3C0E9C64BE55616729C0C78DE2B83613D03B10C0F1EA93\n");
     }
 
     #[test]
@@ -467,7 +467,7 @@ mod test {
         assert_eq!(res.exit_code, 0);
         assert_eq!(
             res.stdout,
-            "example.test. 3600 IN DS 60136 15 2 52BD3BF40C8220BF1A3E2A3751C423BC4B69BCD7F328D38C4CD021A85DE65AD4\n"
+            "example.test.\t3600\tIN\tDS\t60136\t15\t2\t52BD3BF40C8220BF1A3E2A3751C423BC4B69BCD7F328D38C4CD021A85DE65AD4\n"
         );
         assert_eq!(res.stderr, "");
     }

diff --git a/src/commands/mod.rs b/src/commands/mod.rs
@@ -2,12 +2,14 @@
 pub mod help;
 pub mod key2ds;
 pub mod nsec3hash;
+pub mod signzone;
 
 use std::ffi::{OsStr, OsString};
 use std::str::FromStr;
 
 use key2ds::Key2ds;
 use nsec3hash::Nsec3Hash;
+use signzone::SignZone;
 
 use crate::env::Env;
 use crate::Args;
@@ -20,6 +22,10 @@ pub enum Command {
     #[command(name = "nsec3-hash")]
     Nsec3Hash(self::nsec3hash::Nsec3Hash),
 
+    /// Sign the zone with the given key(s)
+    #[command(name = "signzone")]
+    SignZone(self::signzone::SignZone),
+
     /// Generate a DS RR from the DNSKEYS in keyfile
     ///
     /// The following file will be created for each key:
@@ -33,10 +39,11 @@ pub enum Command {
 }
 
 impl Command {
-    pub fn execute(self, env: impl Env) -> Result<(), Error> {
+    pub fn execute(self, env: impl Env, is_ldns: bool) -> Result<(), Error> {
         match self {
-            Self::Nsec3Hash(nsec3hash) => nsec3hash.execute(env),
             Self::Key2ds(key2ds) => key2ds.execute(env),
+            Self::Nsec3Hash(nsec3hash) => nsec3hash.execute(env),
+            Self::SignZone(signzone) => signzone.execute(env, is_ldns),
             Self::Help(help) => help.execute(),
         }
     }
@@ -57,21 +64,27 @@ pub trait LdnsCommand: Into<Command> {
 
     fn parse_ldns_args<I: IntoIterator<Item = OsString>>(args: I) -> Result<Args, Error> {
         match Self::parse_ldns(args) {
-            Ok(c) => Ok(Args::from(c.into())),
+            Ok(c) => Ok(Args::new(c.into(), true)),
             Err(e) => Err(format!("Error: {e}\n\n{}", Self::HELP).into()),
         }
     }
 }
 
+impl From<Key2ds> for Command {
+    fn from(val: Key2ds) -> Self {
+        Command::Key2ds(val)
+    }
+}
+
 impl From<Nsec3Hash> for Command {
     fn from(val: Nsec3Hash) -> Self {
         Command::Nsec3Hash(val)
     }
 }
 
-impl From<Key2ds> for Command {
-    fn from(val: Key2ds) -> Self {
-        Command::Key2ds(val)
+impl From<SignZone> for Command {
+    fn from(val: SignZone) -> Self {
+        Command::SignZone(val)
     }
 }