Don't verify the zone when setting expire to "now+1s" as it can fail

as too much wall clock time may have elapsed. Also capture signzone output for forensic analysis
2020-07-08 13:18:31 +10:00
parent ef55dbf4fc
commit a0e8a11cc6
2 changed files with 14 additions and 13 deletions
--- a/bin/tests/system/statschannel/clean.sh
+++ b/bin/tests/system/statschannel/clean.sh
@@ -9,21 +9,22 @@
 # See the COPYRIGHT file distributed with this work for additional
 # information regarding copyright ownership.

-rm -f traffic traffic.out.* traffic.json.* traffic.xml.*
-rm -f zones zones.out.* zones.json.* zones.xml.* zones.expect.*
-rm -f dig.out*
-rm -f ns*/named.memstats
-rm -f ns*/named.conf
-rm -f ns*/named.run*
-rm -f ns*/named.lock
-rm -f ns*/named.stats
-rm -f xml.*stats json.*stats
-rm -f xml.*mem json.*mem
 rm -f compressed.headers regular.headers compressed.out regular.out
+rm -f dig.out*
 rm -f ns*/managed-keys.bind*
+rm -f ns*/named.conf
+rm -f ns*/named.lock
+rm -f ns*/named.memstats
+rm -f ns*/named.run*
+rm -f ns*/named.stats
+rm -f ns*/signzone.out.*
+rm -f ns2/*.db.signed* ns2/dsset-*. ns2/*.jbk
 rm -f ns2/Kdnssec* ns2/dnssec.*.id
 rm -f ns2/Kmanykeys* ns2/manykeys.*.id
-rm -f ns2/*.db.signed* ns2/dsset-*. ns2/*.jbk
 rm -f ns2/dnssec.db.signed* ns2/dsset-dnssec.
 rm -f ns3/*.db
+rm -f traffic traffic.out.* traffic.json.* traffic.xml.*
+rm -f xml.*mem json.*mem
+rm -f xml.*stats json.*stats
+rm -f zones zones.out.* zones.json.* zones.xml.* zones.expect.*
 rm -rf ./.cache ./__pycache__
--- a/bin/tests/system/statschannel/ns2/sign.sh
+++ b/bin/tests/system/statschannel/ns2/sign.sh
@@ -20,7 +20,7 @@ zonefile=dnssec.db.signed
 ksk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
 zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
 # Sign deliberately with a very short expiration date.
-"$SIGNER" -S -x -O full -e "now"+1s -o "$zone" -f "$zonefile" "$infile" > /dev/null 2>&1
+"$SIGNER" -P -S -x -O full -e "now"+1s -o "$zone" -f "$zonefile" "$infile" > "signzone.out.$zone" 2>&1
 keyfile_to_key_id "$ksk" > dnssec.ksk.id
 keyfile_to_key_id "$zsk" > dnssec.zsk.id

@@ -34,7 +34,7 @@ zsk13=$("$KEYGEN" -q -a ECDSAP256SHA256 -b 256 "$zone")
 ksk14=$("$KEYGEN" -q -a ECDSAP384SHA384 -b 384 -f KSK "$zone")
 zsk14=$("$KEYGEN" -q -a ECDSAP384SHA384 -b 384 "$zone")
 # Sign deliberately with a very short expiration date.
-"$SIGNER" -S -x -O full -e "now"+1s -o "$zone" -f "$zonefile" "$infile" > /dev/null 2>&1
+"$SIGNER" -S -x -O full -e "now"+1s -o "$zone" -f "$zonefile" "$infile" > "signzone.out.$zone" 2>&1
 keyfile_to_key_id "$ksk8" > manykeys.ksk8.id
 keyfile_to_key_id "$zsk8" > manykeys.zsk8.id
 keyfile_to_key_id "$ksk13" > manykeys.ksk13.id