subprocess command fails

Brad s bcddd214 at gmail.com
Fri Feb 20 18:30:40 EST 2015 

# cat makekeys.py
#!/usr/bin/python3.4
import subprocess
import sys
import string
import os.path
import datetime
import shlex
from time import gmtime, strftime
from subprocess import Popen, PIPE, STDOUT

pretime = strftime("%Y%m%d%H", gmtime())
time = datetime.datetime.strptime(pretime,'%Y%m%d%H')
print (time)
plustime = datetime.timedelta(days=730)
timeadd = (time + plustime)
str(timeadd)
#ndate = datetime.strptime(timeadd, '%Y%m%d%H')
#timeadd = timeadd.replace(tzinfo=UTC())
print (timeadd)

dname = input("Enter the domain to configure keys for? ")
if os.path.exists(dname+".external.signed"):
        os.remove(dname+".external.signed")
        #os.remove(dname+".external")
        os.remove(dname+".ksk.key")
        os.remove(dname+".zsk.key")
        os.remove(dname+".ksk.private")
        os.remove(dname+".zsk.private")
fd = open( dname+".external", 'w')
fd.write("$TTL 86400\n")
fd.write("$ORIGIN "+dname+".\n")
fd.write("@  1D  IN SOA yoda.ex-mailer.com.  admin@"+dname+".(\n")
fd.write("                      "+strftime("%Y%m%d%H", gmtime())+"\n")
#fd.write("                     "+repr(timeadd)+"\n")
fd.write("                      3h\n")
fd.write("                      1h\n")
fd.write("                      1w\n")
fd.write("                      1h)\n")
fd.write("                      IN NS   yoda.ex-mailer.com.\n")
fd.write("                      IN NS   r2d2.ex-mailer.com.\n")
fd.write(dname+".               IN TXT  v=spf1 mx a:r2d2.ex-mailer.com -all\n")
fd.write(dname+".               MX 0    r2d2.ex-mailer.com.\n")
fd.write("mail."+dname+".       IN A    107.191.60.48\n")
fd.write("$include /usr/local/etc/namedb/K"+dname+".zsk.key ; ZSK\n")
fd.write("$include /usr/local/etc/namedb/K"+dname+".ksk.key ; KSK\n")
fd.close()


result = subprocess.check_output(["dnssec-keygen", "-f", "KSK", "-r", "/dev/urandom", "-a", "RSASHA256", "-b", "2048", "-n", "ZONE", dname])
result_utf8 = result.decode("utf-8").strip()
mylist = list(result_utf8)
print (mylist[0])
listlen= len(mylist)
array = list()
listlen -= 11
i = 0
while( i < listlen ):
        #if mylist != '\n' ^ mylist != '':
        array.insert(i, mylist[i])
        i = i + 1
combined = "".join(array)
print ('combined')
print (combined)
fmove = subprocess.call(["mv", result_utf8+".key",combined +".ksk.key"])
fmove = subprocess.call(["mv", result_utf8+".private",combined +".ksk.private"])

zresult = subprocess.check_output(["dnssec-keygen","-r","/dev/urandom","-a","RSASHA256","-b","2048","-n","ZONE", dname])
zresult_utf8 = zresult.decode("utf-8").strip()
myzlist = list(zresult_utf8)
print (myzlist[0])
zlistlen= len(myzlist)
zarray = list()
zlistlen -= 11
zi = 0
while( zi <zlistlen ):
        zarray.insert(zi, myzlist[zi])
        zi = zi + 1
zcombined = "".join(zarray)
zfmove = subprocess.call(["mv", zresult_utf8+".key",zcombined+".zsk.key"])
zfmove = subprocess.call(["mv", zresult_utf8+".private",zcombined+".zsk.private"])

sfmove = subprocess.call(['dnssec-signzone','-e',strftime('%Y%m%d%H', gmtime())+'0000','-p','-t','-g','-k',zcombined+'.ksk.key','-o',dname,dname+'.external',zcombined+'.zsk.key'])
#cmd = "dnssec-signzone','-e',strftime('%Y%m%d%H', gmtime())+'0000','-p','-t','-g','-k','K'+dname+'.ksk.key','-o',dname,dname+'.external','K"+dname+'.zsk.key'
#subprocess.check_call(shlex.split(cmd))






# python3.4 makekeys.py
2015-02-20 23:00:00
2017-02-19 23:00:00
Enter the domain to configure keys for? test123.com
Generating key pair.........+++ ...............+++
K
combined
Ktest123.com
Generating key pair...+++ .........................................................+++
K
dnssec-signzone: fatal: No self-signed KSK DNSKEY found.  Supply an active
key with the KSK flag set, or use '-P'.

I am trying to execute a subprocess, something done in my script a couple of times. But on the last one, it outputs an error I cannot find the solution to. The exact same command using the same files produced at the command line works just fine.



command works on the command line:

dnssec-signzone -e20180330000000 -p -t -g -k Ktest123.com.ksk.key -o test123.com test123.com.external Ktest123.com.zsk.key
Verifying the zone using the following algorithms: RSASHA256.
Zone fully signed:
Algorithm: RSASHA256: KSKs: 1 active, 0 stand-by, 0 revoked
                      ZSKs: 1 active, 0 stand-by, 0 revoked
test123.com.external.signed
Signatures generated:                        9
Signatures retained:                         0
Signatures dropped:                          0
Signatures successfully verified:            0
Signatures unsuccessfully verified:          0
Signing time in seconds:                 0.010
Signatures per second:                 875.401
Runtime in seconds:                      0.013

More information about the Python-list mailing list