warn when changing mode on .private files

3347.	[bug]		dnssec-settime: Issue a warning when writing a new
			private key file would cause a change in the
			permissions of the existing file. [RT #27724]

bin/tests/system/metadata/tests.sh

@@ -134,7 +134,7 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`
 
-echo "I:checking update of an old-style key"
+echo "I:checking update of an old-style key ($n)"
 ret=0
 # printing metadata should not work with an old-style key
 $SETTIME -pall `cat oldstyle.key` > /dev/null 2>&1 && ret=1
@@ -145,5 +145,17 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`
 
+echo "I:checking warning about permissions change on key with dnssec-settime ($n)"
+ret=0
+# settime should print a warning about changing the permissions
+chmod 644 `cat oldstyle.key`.private
+$SETTIME -P none `cat oldstyle.key` > tmp.out 2>&1 || ret=1
+grep "warning" tmp.out > /dev/null 2>&1 || ret=1
+$SETTIME -P none `cat oldstyle.key` > tmp.out 2>&1 || ret=1
+grep "warning" tmp.out > /dev/null 2>&1 && ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
 echo "I:exit status: $status"
 exit $status