From 3af3ef53a0e5250c6a4f9142c19a7170fdb06387 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Wed, 19 Jun 2024 12:45:09 +1000
Subject: [PATCH] Disable post zone verification for manykeys

As the expiration time is now+1 the RRSIG records may expire before
the verification step happens.

(cherry picked from commit 0d69afd764f4fcd390d8c4ed7a7bf6ef1d8ae501)
---
 bin/tests/system/statschannel/ns2/sign.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/bin/tests/system/statschannel/ns2/sign.sh b/bin/tests/system/statschannel/ns2/sign.sh
index d2da0128fe..558215d0dc 100644
--- a/bin/tests/system/statschannel/ns2/sign.sh
+++ b/bin/tests/system/statschannel/ns2/sign.sh
@@ -36,7 +36,8 @@ zsk13=$("$KEYGEN" -q -a ECDSAP256SHA256 -L 3600 -b 256 "$zone")
 ksk14=$("$KEYGEN" -q -a ECDSAP384SHA384 -L 3600 -b 384 -f KSK "$zone")
 zsk14=$("$KEYGEN" -q -a ECDSAP384SHA384 -L 3600 -b 384 "$zone")
 # Sign deliberately with a very short expiration date.
-"$SIGNER" -S -x -O full -e "now"+1s -o "$zone" -f "$zonefile" "$infile" >"signzone.out.$zone" 2>&1
+# Disable zone verification (-P) as records may expire before signing is complete
+"$SIGNER" -P -S -x -O full -e "now"+1s -o "$zone" -f "$zonefile" "$infile" >"signzone.out.$zone" 2>&1
 keyfile_to_key_id "$ksk8" >manykeys.ksk8.id
 keyfile_to_key_id "$zsk8" >manykeys.zsk8.id
 keyfile_to_key_id "$ksk13" >manykeys.ksk13.id