1CLEANARCH(1)          User Contributed Perl Documentation         CLEANARCH(1)
2
3
4

NAME

6       cleanarch - Clean a DNSSEC-Tools key archive of old keys
7

SYNOPSIS

9         cleanarch [options] <keyrec-file ⎪ rollrec-file>
10

DESCRIPTION

12       cleanarch deletes old keys from a DNSSEC-Tools key archive.  Key "age"
13       and archives are determined by options and arguments.
14
15       Command line options and arguments allow selection of archives, keys to
16       delete, amount of output to provide.  The options are divided into
17       three groups:  archive selection, key selection, and output format.
18       Complete information on options is provided in the OPTIONS section.
19
20       cleanarch takes a single argument (as distinguished from an option.)
21       This argument may be either a keyrec file or a rollrec file.  If the
22       file is a keyrec file, the archive directory for its zone keyrecs are
23       added to the list of archives to clean.  If the file is a rollrec file,
24       keyrec files for its zones are searched for zone's the archive direc‐
25       tory, and those directories are added to the list of archives to clean.
26       If a zone does not have an archive directory explicitly defined, then
27       the DNSSEC-Tools default will be cleaned.  The archives specified by
28       this argument may be modified by archive-selection options.
29
30       The archive-selection options combine with the keyrec or rollrec file
31       to select a set of archive directories to clean.  (Some options can
32       take the place of the file argument.)
33
34       The key-selection options allow the set of keys to be deleted to con‐
35       tain an entire archive, a particular zone's keys, or all the keys prior
36       to a certain date.
37
38       The output-format options sets how much output will be given.  Without
39       any options selected, the names of keys will be printed as they are
40       deleted.  If the -verbose option is given, then the directories
41       selected for searching and the keys selected for deletion will be
42       printed.  If the -dirlist option is given, then the directories
43       selected for searching will be printed and no other action will be
44       taken.  If the -list option is given, then the keys selected for dele‐
45       tion will be printed and no other action will be taken.
46

OPTIONS

48       Archive-Selection Options
49
50       The following options allow the user to select the archives to be
51       cleaned.
52
53       -archive directory
54           This option specifies an archive directory to be cleaned.
55
56       -defarch
57           This option indicates that the default archive directory (named in
58           the DNSSEC-Tools configuration file) should be cleaned.
59
60       -zone zone
61           This option indicates that zone is the only zone whose archive will
62           be cleaned.  If the archive directory is shared by other zones then
63           their keys may also be deleted.
64
65       Key-Selection Options
66
67       The following options allow the user to select the keys to be deleted.
68
69       -all
70           Deletes all keys in the selected archives.  This option may not be
71           used with any other key-selection options.
72
73       -days days
74           Deletes all keys except those whose modification date is within the
75           days full days preceding the current day.
76
77       -onezone zone
78           Only keys with zone in the key's filename are deleted.  This is
79           intended for use in cleaning a multi-zone key archive.
80
81           This does not validate that zone is an actual zone.  Any string can
82           be used here.  For example, using "private" will select old private
83           key files for deletion and using "com" will select any filename
84           that contains "com".
85
86       Options for Output Control
87
88       The following options allow the user to control cleanarch's output.
89
90       -dirlist
91           This option lists the selected archive directories.  No other
92           action is taken.
93
94       -list
95           This option lists the selected keys.  No other action is taken.
96
97       -quiet
98           Display no output.
99
100       -verbose
101           Display verbose output.
102
103       -Version
104           Display the cleanarch and DNSSEC-Tools versions.
105
106       -help
107           Display a usage message and exit.
108

WARNINGS

110       The user is advised to invest a bit of time testing this tool prior to
111       putting it into production use.  Once a key is deleted, it is gone.
112       Some may find this to be detrimental to the health of their DNSSEC-
113       Tools installation.
114

COPYRIGHT

116       Copyright 2007 SPARTA, Inc.  All rights reserved.  See the COPYING file
117       included with the DNSSEC-Tools package for details.
118

AUTHOR

120       Wayne Morrison, tewok@users.sourceforge.net
121

SEE ALSO

123       cleankrf(8), lskrf(8), zonesigner(8)
124
125       Net::DNS::SEC::Tools::keyrec.pm(3), Net::DNS::SEC::Tools::rollrec.pm(3)
126
127       dnssec-tools.conf.pm(5), keyrec.pm(5), rollrec.pm(5)
128
129
130
131perl v5.8.8                       2007-09-14                      CLEANARCH(1)