improve handling of trailing dots in dnssec-keymgr and dnssec-coverage

- mishandling of trailing dots caused bad behavior with the
  root zone or names like "example.com."
- fixing this exposed an error in dnssec-coverage caused the
  wrong return value if there were KSK errors but no ZSK errors
- incidentally silenced the dnssec-keygen output in the coverage
  system test

bin/tests/system/keymgr/clean.sh

@@ -9,10 +9,8 @@
 # See the COPYRIGHT file distributed with this work for additional
 # information regarding copyright ownership.
 
-rm -f */K*.key
-rm -f */K*.private
-rm -f Kexample.com.*.key
-rm -f Kexample.com.*.private
+rm -f K*.key */K*.key
+rm -f K*.private */K*.private
 rm -f coverage.* keymgr.* settime.*
 rm -f ns*/managed-keys.bind*
 rm -f policy.out

bin/tests/system/keymgr/tests.sh

@@ -104,6 +104,23 @@ for dir in [0-9][0-9]-*; do
         status=`expr $status + $ret`
 done
 
+echo_i "checking domains ending in . ($n)"
+ret=0
+$KEYMGR -g $KEYGEN -s $SETTIME . > keymgr.1.$n 2>&1
+nkeys=`grep dnssec-keygen keymgr.1.$n | wc -l`
+[ "$nkeys" -eq 2 ] || ret=1
+$KEYMGR -g $KEYGEN -s $SETTIME . > keymgr.2.$n 2>&1
+nkeys=`grep dnssec-keygen keymgr.2.$n | wc -l`
+[ "$nkeys" -eq 0 ] || ret=1
+$KEYMGR -g $KEYGEN -s $SETTIME example.com. > keymgr.3.$n 2>&1
+nkeys=`grep dnssec-keygen keymgr.3.$n | wc -l`
+[ "$nkeys" -eq 2 ] || ret=1
+$KEYMGR -g $KEYGEN -s $SETTIME example.com. > keymgr.4.$n 2>&1
+nkeys=`grep dnssec-keygen keymgr.4.$n | wc -l`
+[ "$nkeys" -eq 0 ] || ret=1
+status=`expr $status + $ret`
+n=`expr $n + 1`
+
 echo_i "checking policy.conf parser ($n)"
 ret=0
 ${PYTHON} testpolicy.py policy.sample > policy.out