1

I am trying to execute a subprocess, something done in my script a couple of times. But on the last one, it outputs an error I cannot find the solution to. The exact same command using the same files produced at the command line works just fine.

Line of code in question:

sfmove = subprocess.call(["dnssec-signzone","-e",strftime("%Y%m%d%H", gmtime())+"0000","-p","-t","-g","-","K"+name+".ksk.key","-o",name,name+".external","K"+name+".zsk.key"])

output of script

# python3.4 makekeys.py
Enter the domain to configure keys for? test123.com
Generating key pair....................................................................+++ ................................................................................+++
K
Generating key pair...........................................................+++ .................................................................................+++
K
dnssec-signzone: fatal: No self-signed KSK DNSKEY found.  Supply an active
key with the KSK flag set, or use '-P'.

signing works at command line:

dnssec-signzone -e20180330000000 -p -t -g -k Ktest123.com.ksk.key -o test123.com test123.com.external Ktest123.com.zsk.key
Verifying the zone using the following algorithms: RSASHA256.
Zone fully signed:
Algorithm: RSASHA256: KSKs: 1 active, 0 stand-by, 0 revoked
                      ZSKs: 1 active, 0 stand-by, 0 revoked
test123.com.external.signed
Signatures generated:                        9
Signatures retained:                         0
Signatures dropped:                          0
Signatures successfully verified:            0
Signatures unsuccessfully verified:          0
Signing time in seconds:                 0.010
Signatures per second:                 875.401
Runtime in seconds:                      0.013

How do I execute the dnssec-signzone correctly via Python?

url to complete code CODE

mine
  • 235
  • 2
  • 10
  • Add "echo" as the first element in the array given to the `subprocess.call()` so that it prints out the command that you're trying to execute (in this case, anyway), and compare it to the command you manually executed. Are they the same? (Hint: no) – Aleksi Torhamo Feb 19 '15 at 08:35
  • it looks like a simple typo: replace `"-g","-"` with `"-g","-k"`. I've not checked whether there are other differences. – jfs Feb 19 '15 at 15:21
  • @J.F.Sebastian I really thought that was going to be it. same error with -k -> sfmove = subprocess.call(["dnssec-signzone","-e"+strftime("%Y%m%d%H", gmtime())+"0000","-p","-t","-g","-k","K"+name+".ksk.key","-o",name,name+".external","K"+name+".zsk.key"]) – mine Feb 19 '15 at 15:55
  • try the working command (copy-paste from the shell and run: `check_call(shlex.split(cmd))` – jfs Feb 19 '15 at 16:27
  • @J.F.Sebastian I think you found the issue, but no clue how to fix it. It would appear as though my variables are being ignored and treated as strings. I looked for miscounted quotes and switched to single quotes. Same string issue https://bpaste.net/show/f2a1bfc7c860 – mine Feb 20 '15 at 22:04
  • mild update. I tried using different variables. same issue https://bpaste.net/show/37f728d4f307 – mine Feb 20 '15 at 23:14
  • It is not clear what is you issue.Does copy-pasting the working command help or not? [Create the shortest program (2-3lines -- import modules, run the literal command) that shows the issue](http://stackoverflow.com/help/mcve) – jfs Feb 21 '15 at 03:42
  • it was because I was trying to sign the key with the current time o.0 – mine Feb 21 '15 at 05:04

0 Answers0