xenial (1) cleanarch.1p.gz

Provided by: dnssec-tools_2.2-2_all bug

NAME

       cleanarch - Clean a DNSSEC-Tools key archive of old keys

SYNOPSIS

         cleanarch [options] <keyrec-file | rollrec-file>

DESCRIPTION

       cleanarch deletes old keys from a DNSSEC-Tools key archive.  Key "age" and archives are determined by
       options and arguments.

       Command line options and arguments allow selection of archives, keys to delete, amount of output to
       provide.  The options are divided into three groups:  archive selection, key selection, and output
       format.  Complete information on options is provided in the OPTIONS section.

       cleanarch takes a single argument (as distinguished from an option.)  This argument may be either a
       keyrec file or a rollrec file.  If the file is a keyrec file, the archive directory for its zone keyrecs
       are added to the list of archives to clean.  If the file is a rollrec file, keyrec files for its zones
       are searched for the zones' archive directory, and those directories are added to the list of archives to
       clean.  If a zone does not have an archive directory explicitly defined, then the DNSSEC-Tools default
       will be cleaned.  The archives specified by this argument may be modified by archive-selection options.

       The archive-selection options combine with the keyrec or rollrec file to select a set of archive
       directories to clean.  (Some options can take the place of the file argument.)

       The key-selection options allow the set of keys to be deleted to contain an entire archive, a particular
       zone's keys, or all the keys prior to a certain date.

       The output-format options sets how much output will be given.  Without any options selected, the names of
       keys will be printed as they are deleted.  If the -verbose option is given, then the directories selected
       for searching and the keys selected for deletion will be printed.  If the -dirlist option is given, then
       the directories selected for searching will be printed and no other action will be taken.  If the -list
       option is given, then the keys selected for deletion will be printed and no other action will be taken.

       cleanarch only cleans the archive directories; the keyrec files are left intact.  The cleankrf command
       should be used in conjunction with cleanarch in order to have a consistent environment.

OPTIONS

   Archive-Selection Options
       The following options allow the user to select the archives to be cleaned.

       -archive directory
           This option specifies an archive directory to be cleaned.

       -defarch
           This option indicates that the default archive directory (named in the DNSSEC-Tools configuration
           file) should be cleaned.

       -zone zone
           This option indicates that zone is the only zone whose archive will be cleaned.  If the archive
           directory is shared by other zones then their keys may also be deleted.

   Key-Selection Options
       The following options allow the user to select the keys to be deleted.

       -all
           Deletes all keys in the selected archives.  This option may not be used with any other key-selection
           options.

       -days days
           Deletes all keys except those whose modification date is within the days full days preceding the
           current day.

       -onezone zone
           Only keys with zone in the key's filename are deleted.  This is intended for use in cleaning a multi-
           zone key archive.

           This does not validate that zone is an actual zone.  Any string can be used here.  For example, using
           "private" will select old private key files for deletion and using "com" will select any filename
           that contains "com".

   Options for Output Control
       The following options allow the user to control cleanarch's output.

       -dirlist
           This option lists the selected archive directories.  No other action is taken.

       -list
           This option lists the selected keys.  No other action is taken.

       -quiet
           Display no output.

       -verbose
           Display verbose output.

       -Version
           Displays the version information for cleanarch and the DNSSEC-Tools package.

       -help
           Display a usage message and exit.

WARNINGS

       The user is advised to invest a bit of time testing this tool prior to putting it into production use.
       Once a key is deleted, it is gone.  Some may find this to be detrimental to the health of their DNSSEC-
       Tools installation.

       Copyright 2007-2014 SPARTA, Inc.  All rights reserved.  See the COPYING file included with the DNSSEC-
       Tools package for details.

AUTHOR

       Wayne Morrison, tewok@tislabs.com

SEE ALSO

       cleankrf(8), lskrf(8), zonesigner(8)

       Net::DNS::SEC::Tools::keyrec.pm(3), Net::DNS::SEC::Tools::rollrec.pm(3)

       dnssec-tools.conf(5), keyrec.pm(5), rollrec.pm(5)