.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.ie \nF \{\
.    de IX
.    tm Index:\\$1\t\\n%\t"\\$2"
..
.    nr % 0
.    rr F
.\}
.el \{\
.    de IX
..
.\}
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
.    \" fudge factors for nroff and troff
.if n \{\
.    ds #H 0
.    ds #V .8m
.    ds #F .3m
.    ds #[ \f1
.    ds #] \fP
.\}
.if t \{\
.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
.    ds #V .6m
.    ds #F 0
.    ds #[ \&
.    ds #] \&
.\}
.    \" simple accents for nroff and troff
.if n \{\
.    ds ' \&
.    ds ` \&
.    ds ^ \&
.    ds , \&
.    ds ~ ~
.    ds /
.\}
.if t \{\
.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
.    \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
.    \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
.    \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
.    ds : e
.    ds 8 ss
.    ds o a
.    ds d- d\h'-1'\(ga
.    ds D- D\h'-1'\(hy
.    ds th \o'bp'
.    ds Th \o'LP'
.    ds ae ae
.    ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "CLEANARCH 1p"
.TH CLEANARCH 1p "2012-06-21" "perl v5.14.2" "User Contributed Perl Documentation"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
cleanarch \- Clean a DNSSEC\-Tools key archive of old keys
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\&  cleanarch [options] <keyrec\-file | rollrec\-file>
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fBcleanarch\fR deletes old keys from a DNSSEC-Tools key archive.  Key \*(L"age\*(R" and
archives are determined by options and arguments.
.PP
Command line options and arguments allow selection of archives, keys to
delete, amount of output to provide.  The options are divided into three
groups:  archive selection, key selection, and output format.  Complete
information on options is provided in the \s-1OPTIONS\s0 section.
.PP
\&\fBcleanarch\fR takes a single argument (as distinguished from an option.)  This
argument may be either a \fIkeyrec\fR file or a \fIrollrec\fR file.  If the file is
a \fIkeyrec\fR file, the archive directory for its zone \fIkeyrec\fRs are added to
the list of archives to clean.  If the file is a \fIrollrec\fR file, \fIkeyrec\fR
files for its zones are searched for the zones' archive directory, and those
directories are added to the list of archives to clean.  If a zone does not
have an archive directory explicitly defined, then the DNSSEC-Tools default
will be cleaned.  The archives specified by this argument may be modified by
archive-selection options.
.PP
The archive-selection options combine with the \fIkeyrec\fR or \fIrollrec\fR file to
select a set of archive directories to clean.  (Some options can take the
place of the file argument.)
.PP
The key-selection options allow the set of keys to be deleted to contain an
entire archive, a particular zone's keys, or all the keys prior to a certain
date.
.PP
The output-format options sets how much output will be given.  Without any
options selected, the names of keys will be printed as they are deleted.  If
the \fB\-verbose\fR option is given, then the directories selected for searching
and the keys selected for deletion will be printed.  If the \fB\-dirlist\fR option
is given, then the directories selected for searching will be printed and no
other action will be taken.  If the \fB\-list\fR option is given, then the keys
selected for deletion will be printed and no other action will be taken.
.PP
\&\fBcleanarch\fR only cleans the archive directories; the \fIkeyrec\fR files are
left intact.  The \fBcleankrf\fR command should be used in conjunction with
\&\fBcleanarch\fR in order to have a consistent environment.
.SH "OPTIONS"
.IX Header "OPTIONS"
.SS "Archive-Selection Options"
.IX Subsection "Archive-Selection Options"
The following options allow the user to select the archives to be cleaned.
.IP "\fB\-archive directory\fR" 4
.IX Item "-archive directory"
This option specifies an archive directory to be cleaned.
.IP "\fB\-defarch\fR" 4
.IX Item "-defarch"
This option indicates that the default archive directory (named in the
DNSSEC-Tools configuration file) should be cleaned.
.IP "\fB\-zone zone\fR" 4
.IX Item "-zone zone"
This option indicates that \fIzone\fR is the only zone whose archive will be
cleaned.  If the archive directory is shared by other zones then their keys
may also be deleted.
.SS "Key-Selection Options"
.IX Subsection "Key-Selection Options"
The following options allow the user to select the keys to be deleted.
.IP "\fB\-all\fR" 4
.IX Item "-all"
Deletes all keys in the selected archives.
This option may not be used with any other key-selection options.
.IP "\fB\-days days\fR" 4
.IX Item "-days days"
Deletes all keys except those whose modification date is within the
\&\fIdays\fR full days preceding the current day.
.IP "\fB\-onezone zone\fR" 4
.IX Item "-onezone zone"
Only keys with \fIzone\fR in the key's filename are deleted.
This is intended for use in cleaning a multi-zone key archive.
.Sp
This does not validate that \fIzone\fR is an actual zone.  \fBAny\fR string can be
used here.  For example, using \*(L"private\*(R" will select old private key files
for deletion and using \*(L"com\*(R" will select any filename that contains \*(L"com\*(R".
.SS "Options for Output Control"
.IX Subsection "Options for Output Control"
The following options allow the user to control \fBcleanarch\fR's output.
.IP "\fB\-dirlist\fR" 4
.IX Item "-dirlist"
This option lists the selected archive directories.  No other action is taken.
.IP "\fB\-list\fR" 4
.IX Item "-list"
This option lists the selected keys.  No other action is taken.
.IP "\fB\-quiet\fR" 4
.IX Item "-quiet"
Display no output.
.IP "\fB\-verbose\fR" 4
.IX Item "-verbose"
Display verbose output.
.IP "\fB\-Version\fR" 4
.IX Item "-Version"
Displays the version information for \fBcleanarch\fR and the DNSSEC-Tools package.
.IP "\fB\-help\fR" 4
.IX Item "-help"
Display a usage message and exit.
.SH "WARNINGS"
.IX Header "WARNINGS"
The user is advised to invest a bit of time testing this tool \fBprior\fR
to putting it into production use.  Once a key is deleted, it is \fBgone\fR.
Some may find this to be detrimental to the health of their DNSSEC-Tools
installation.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2007\-2012 \s-1SPARTA\s0, Inc.  All rights reserved.
See the \s-1COPYING\s0 file included with the DNSSEC-Tools package for details.
.SH "AUTHOR"
.IX Header "AUTHOR"
Wayne Morrison, tewok@tislabs.com
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fB\f(BIcleankrf\fB\|(8)\fR,
\&\fB\f(BIlskrf\fB\|(8)\fR,
\&\fB\f(BIzonesigner\fB\|(8)\fR
.PP
\&\fB\f(BINet::DNS::SEC::Tools::keyrec.pm\fB\|(3)\fR,
\&\fB\f(BINet::DNS::SEC::Tools::rollrec.pm\fB\|(3)\fR
.PP
\&\fB\f(BIdnssec\-tools.conf\fB\|(5)\fR,
\&\fB\f(BIkeyrec.pm\fB\|(5)\fR,
\&\fB\f(BIrollrec.pm\fB\|(5)\fR