resign zone if keys change

author: Joey Hess <joeyh@joeyh.name> 2015-01-04 13:13:06 -0400
committer: Joey Hess <joeyh@joeyh.name> 2015-01-04 13:13:06 -0400
commit: d6c8ddb955707cd73f66fcb662ea4616c5715d39 (patch)
tree: ef298b9111dbdfaf53180530f5ecf18ebb7fdf12 /src/Propellor/Property/DnsSec.hs
parent: 01d8ab0cfd5e65395afc242f8307a67c48ec8544 (diff)
1 files changed, 8 insertions, 5 deletions
diff --git a/src/Propellor/Property/DnsSec.hs b/src/Propellor/Property/DnsSec.hs
index 201cc003..ba9c2a1b 100644
--- a/src/Propellor/Property/DnsSec.hs
+++ b/src/Propellor/Property/DnsSec.hs
@@ -53,15 +53,18 @@ zoneSigned domain zonefile = RevertableProperty setup cleanup
 	dssetfile = dir </> "-" ++ domain ++ "."
 	dir = takeDirectory zonefile
 
-	-- Need to update the signed zone if the zone file
-	-- has a newer timestamp.
+	-- Need to update the signed zone file if the zone file or
+	-- any of the keys have a newer timestamp.
 	needupdate = do
 		v <- catchMaybeIO $ getModificationTime signedzonefile
 		case v of
 			Nothing -> return True
-			Just t1 -> do
-				t2 <- getModificationTime zonefile
-				return (t2 >= t1)
+			Just t1 -> anyM (newerthan t1) $
+				zonefile : map (keyFn domain) [minBound..maxBound]
+
+	newerthan t1 f = do
+		t2 <- getModificationTime f
+		return (t2 >= t1)
 
 forceZoneSigned :: Domain -> FilePath -> Property
 forceZoneSigned domain zonefile = property ("zone signed for " ++ domain) $ liftIO $ do
author	Joey Hess <joeyh@joeyh.name>	2015-01-04 13:13:06 -0400
committer	Joey Hess <joeyh@joeyh.name>	2015-01-04 13:13:06 -0400
commit	d6c8ddb955707cd73f66fcb662ea4616c5715d39 (patch)
tree	ef298b9111dbdfaf53180530f5ecf18ebb7fdf12 /src/Propellor/Property/DnsSec.hs
parent	01d8ab0cfd5e65395afc242f8307a67c48ec8544 (diff)