From b65b268fdee2dd2b0b48da597a8f809563fd009e Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Thu, 6 Jun 2019 12:50:47 +1000
Subject: [PATCH] capture named-checkconf output

(cherry picked from commit 36dd373ab41529a12266dedea6087827af133245)
---
 bin/tests/system/checkconf/tests.sh | 120 ++++++++++++++++------------
 1 file changed, 69 insertions(+), 51 deletions(-)

diff --git a/bin/tests/system/checkconf/tests.sh b/bin/tests/system/checkconf/tests.sh
index 8e8836b52c..8cac1083f9 100644
--- a/bin/tests/system/checkconf/tests.sh
+++ b/bin/tests/system/checkconf/tests.sh
@@ -16,7 +16,7 @@ n=0
 n=`expr $n + 1`
 echo_i "checking that named-checkconf handles a known good config ($n)"
 ret=0
-$CHECKCONF good.conf > /dev/null 2>&1 || ret=1
+$CHECKCONF good.conf > checkconf.out$n 2>&1 || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
@@ -25,7 +25,8 @@ echo_i "checking that named-checkconf prints a known good config ($n)"
 ret=0
 awk 'BEGIN { ok = 0; } /cut here/ { ok = 1; getline } ok == 1 { print }' good.conf > good.conf.in
 [ -s good.conf.in ] || ret=1
-$CHECKCONF -p good.conf.in | grep -v '^good.conf.in:' > good.conf.out 2>&1 || ret=1
+$CHECKCONF -p good.conf.in  > checkconf.out$n || ret=1
+grep -v '^good.conf.in:' < checkconf.out$n > good.conf.out 2>&1 || ret=1
 cmp good.conf.in good.conf.out || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
@@ -36,7 +37,8 @@ ret=0
 # ensure there is a secret and that it is not the check string.
 grep 'secret "' good.conf.in > /dev/null || ret=1
 grep 'secret "????????????????"' good.conf.in > /dev/null 2>&1 && ret=1
-$CHECKCONF -p -x good.conf.in | grep -v '^good.conf.in:' > good.conf.out 2>&1 || ret=1
+$CHECKCONF -p -x good.conf.in > checkconf.out$n || ret=1
+grep -v '^good.conf.in:' < checkconf.out$n > good.conf.out 2>&1 || ret=1
 grep 'secret "????????????????"' good.conf.out > /dev/null 2>&1 || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
@@ -46,21 +48,21 @@ do
     n=`expr $n + 1`
     echo_i "checking that named-checkconf detects error in $bad ($n)"
     ret=0
-    $CHECKCONF $bad > checkconf.out 2>&1
+    $CHECKCONF $bad > checkconf.out$n 2>&1
     if [ $? != 1 ]; then ret=1; fi
-    grep "^$bad:[0-9]*: " checkconf.out > /dev/null || ret=1
+    grep "^$bad:[0-9]*: " < checkconf.out$n > /dev/null || ret=1
     case $bad in
     bad-update-policy[123].conf)
 	pat="identity and name fields are not the same"
-	grep "$pat" checkconf.out > /dev/null || ret=1
+	grep "$pat" < checkconf.out$n > /dev/null || ret=1
 	;;
     bad-update-policy[4589].conf|bad-update-policy1[01].conf)
 	pat="name field not set to placeholder value"
-	grep "$pat" checkconf.out > /dev/null || ret=1
+	grep "$pat" < checkconf.out$n > /dev/null || ret=1
 	;;
     bad-update-policy[67].conf|bad-update-policy1[2345].conf)
 	pat="missing name field type '.*' found"
-	grep "$pat" checkconf.out > /dev/null || ret=1
+	grep "$pat" < checkconf.out$n > /dev/null || ret=1
 	;;
     esac
     if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -72,7 +74,7 @@ do
 	n=`expr $n + 1`
 	echo_i "checking that named-checkconf detects no error in $good ($n)"
 	ret=0
-	$CHECKCONF $good > /dev/null 2>&1
+	$CHECKCONF $good > checkconf.out$n 2>&1
 	if [ $? != 0 ]; then echo_i "failed"; ret=1; fi
 	status=`expr $status + $ret`
 done
@@ -96,14 +98,15 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "checking that named-checkconf catches range errors ($n)"
 ret=0
-$CHECKCONF range.conf > /dev/null 2>&1 && ret=1
+$CHECKCONF range.conf > checkconf.out$n 2>&1 && ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 n=`expr $n + 1`
 echo_i "checking that named-checkconf warns of notify inconsistencies ($n)"
 ret=0
-warnings=`$CHECKCONF notify.conf 2>&1 | grep "'notify' is disabled" | wc -l`
+$CHECKCONF notify.conf > checkconf.out$n 2>&1
+warnings=`grep "'notify' is disabled" < checkconf.out$n | wc -l`
 [ $warnings -eq 3 ] || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
@@ -111,12 +114,17 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "checking named-checkconf dnssec warnings ($n)"
 ret=0
-$CHECKCONF dnssec.1 2>&1 | grep 'validation yes.*enable no' > /dev/null || ret=1
-$CHECKCONF dnssec.2 2>&1 | grep 'auto-dnssec may only be ' > /dev/null || ret=1
-$CHECKCONF dnssec.2 2>&1 | grep 'validation auto.*enable no' > /dev/null || ret=1
-$CHECKCONF dnssec.2 2>&1 | grep 'validation yes.*enable no' > /dev/null || ret=1
+$CHECKCONF dnssec.1 > checkconf.out$n.1 2>&1
+grep 'validation yes.*enable no' < checkconf.out$n.1 > /dev/null || ret=1
+$CHECKCONF dnssec.2 > checkconf.out$n.2 2>&1
+grep 'auto-dnssec may only be ' < checkconf.out$n.2 > /dev/null || ret=1
+$CHECKCONF dnssec.2 > checkconf.out$n.3 2>&1
+grep 'validation auto.*enable no' < checkconf.out$n.3 > /dev/null || ret=1
+$CHECKCONF dnssec.2 > checkconf.out$n.4 2>&1
+grep 'validation yes.*enable no' < checkconf.out$n.4 > /dev/null || ret=1
 # this one should have no warnings
-$CHECKCONF dnssec.3 2>&1 | grep '.*' && ret=1
+$CHECKCONF dnssec.3 > checkconf.out$n.5 2>&1
+grep '.*' < checkconf.out$n.5 && ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
@@ -129,14 +137,14 @@ options {
     $field 0;
 };
 EOF
-    $CHECKCONF badzero.conf > /dev/null 2>&1
+    $CHECKCONF badzero.conf > checkconf.out$n.1 2>&1
     [ $? -eq 1 ] || { echo_i "options $field failed" ; ret=1; }
     cat > badzero.conf << EOF
 view dummy {
     $field 0;
 };
 EOF
-    $CHECKCONF badzero.conf > /dev/null 2>&1
+    $CHECKCONF badzero.conf > checkconf.out$n.2 2>&1
     [ $? -eq 1 ] || { echo_i "view $field failed" ; ret=1; }
     cat > badzero.conf << EOF
 options {
@@ -145,7 +153,7 @@ options {
 view dummy {
 };
 EOF
-    $CHECKCONF badzero.conf > /dev/null 2>&1
+    $CHECKCONF badzero.conf > checkconf.out$n.3 2>&1
     [ $? -eq 1 ] || { echo_i "options + view $field failed" ; ret=1; }
     cat > badzero.conf << EOF
 zone dummy {
@@ -154,7 +162,7 @@ zone dummy {
     $field 0;
 };
 EOF
-    $CHECKCONF badzero.conf > /dev/null 2>&1
+    $CHECKCONF badzero.conf > checkconf.out$n.4 2>&1
     [ $? -eq 1 ] || { echo_i "zone $field failed" ; ret=1; }
 done
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -163,22 +171,28 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "checking options allowed in inline-signing slaves ($n)"
 ret=0
-l=`$CHECKCONF bad-dnssec.conf 2>&1 | grep "dnssec-dnskey-kskonly.*requires inline" | wc -l`
+$CHECKCONF bad-dnssec.conf > checkconf.out$n.1 2>&1
+l=`grep "dnssec-dnskey-kskonly.*requires inline" < checkconf.out$n.1 | wc -l`
 [ $l -eq 1 ] || ret=1
-l=`$CHECKCONF bad-dnssec.conf 2>&1 | grep "dnssec-loadkeys-interval.*requires inline" | wc -l`
+$CHECKCONF bad-dnssec.conf > checkconf.out$n.2 2>&1
+l=`grep "dnssec-loadkeys-interval.*requires inline" < checkconf.out$n.2 | wc -l`
 [ $l -eq 1 ] || ret=1
-l=`$CHECKCONF bad-dnssec.conf 2>&1 | grep "update-check-ksk.*requires inline" | wc -l`
+$CHECKCONF bad-dnssec.conf > checkconf.out$n.3 2>&1
+l=`grep "update-check-ksk.*requires inline" < checkconf.out$n.3 | wc -l`
 [ $l -eq 1 ] || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 n=`expr $n + 1`
 echo_i "check file + inline-signing for slave zones ($n)"
-l=`$CHECKCONF inline-no.conf 2>&1 | grep "missing 'file' entry" | wc -l`
+$CHECKCONF inline-no.conf > checkconf.out$n.1 2>&1
+l=`grep "missing 'file' entry" < checkconf.out$n.1 | wc -l`
 [ $l -eq 0 ] || ret=1
-l=`$CHECKCONF inline-good.conf 2>&1 | grep "missing 'file' entry" | wc -l`
+$CHECKCONF inline-good.conf > checkconf.out$n.2 2>&1
+l=`grep "missing 'file' entry" < checkconf.out$n.2 | wc -l`
 [ $l -eq 0 ] || ret=1
-l=`$CHECKCONF inline-bad.conf 2>&1 | grep "missing 'file' entry" | wc -l`
+$CHECKCONF inline-bad.conf > checkconf.out$n.3 2>&1
+l=`grep "missing 'file' entry" < checkconf.out$n.3 | wc -l`
 [ $l -eq 1 ] || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
@@ -186,7 +200,8 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "checking named-checkconf DLZ warnings ($n)"
 ret=0
-$CHECKCONF dlz-bad.conf 2>&1 | grep "'dlz' and 'database'" > /dev/null || ret=1
+$CHECKCONF dlz-bad.conf > checkconf.out$n 2>&1
+grep "'dlz' and 'database'" < checkconf.out$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
@@ -194,14 +209,17 @@ n=`expr $n + 1`
 echo_i "checking for missing key directory warning ($n)"
 ret=0
 rm -rf test.keydir
-l=`$CHECKCONF warn-keydir.conf 2>&1 | grep "'test.keydir' does not exist" | wc -l`
+$CHECKCONF warn-keydir.conf > checkconf.out$n.1 2>&1
+l=`grep "'test.keydir' does not exist" < checkconf.out$n.1 | wc -l`
 [ $l -eq 1 ] || ret=1
 touch test.keydir
-l=`$CHECKCONF warn-keydir.conf 2>&1 | grep "'test.keydir' is not a directory" | wc -l`
+$CHECKCONF warn-keydir.conf > checkconf.out$n.2 2>&1
+l=`grep "'test.keydir' is not a directory" < checkconf.out$n.2 | wc -l`
 [ $l -eq 1 ] || ret=1
 rm -f test.keydir
 mkdir test.keydir
-l=`$CHECKCONF warn-keydir.conf 2>&1 | grep "key-directory" | wc -l`
+$CHECKCONF warn-keydir.conf > checkconf.out$n.3 2>&1
+l=`grep "key-directory" < checkconf.out$n.3 | wc -l`
 [ $l -eq 0 ] || ret=1
 rm -rf test.keydir
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -229,49 +247,49 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "checking that named-checkconf -z catches invalid max-ttl ($n)"
 ret=0
-$CHECKCONF -z max-ttl-bad.conf > /dev/null 2>&1 && ret=1
+$CHECKCONF -z max-ttl-bad.conf > checkconf.out$n 2>&1 && ret=1
 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
 status=`expr $status + $ret`
 
 n=`expr $n + 1`
 echo_i "checking that named-checkconf -z skips zone check with alternate databases ($n)"
 ret=0
-$CHECKCONF -z altdb.conf > /dev/null 2>&1 || ret=1
+$CHECKCONF -z altdb.conf > checkconf.out$n 2>&1 || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
 status=`expr $status + $ret`
 
 n=`expr $n + 1`
 echo_i "checking that named-checkconf -z skips zone check with DLZ ($n)"
 ret=0
-$CHECKCONF -z altdlz.conf > /dev/null 2>&1 || ret=1
+$CHECKCONF -z altdlz.conf > checkconf.out$n 2>&1 || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
 status=`expr $status + $ret`
 
 n=`expr $n + 1`
 echo_i "checking that named-checkconf -z fails on view with ANY class ($n)"
 ret=0
-$CHECKCONF -z view-class-any1.conf > /dev/null 2>&1 && ret=1
+$CHECKCONF -z view-class-any1.conf > checkconf.out$n 2>&1 && ret=1
 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
 status=`expr $status + $ret`
 
 n=`expr $n + 1`
 echo_i "checking that named-checkconf -z fails on view with CLASS255 class ($n)"
 ret=0
-$CHECKCONF -z view-class-any2.conf > /dev/null 2>&1 && ret=1
+$CHECKCONF -z view-class-any2.conf > checkconf.out$n 2>&1 && ret=1
 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
 status=`expr $status + $ret`
 
 n=`expr $n + 1`
 echo_i "checking that named-checkconf -z passes on view with IN class ($n)"
 ret=0
-$CHECKCONF -z view-class-in1.conf > /dev/null 2>&1 || ret=1
+$CHECKCONF -z view-class-in1.conf > checkconf.out$n 2>&1 || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
 status=`expr $status + $ret`
 
 n=`expr $n + 1`
 echo_i "checking that named-checkconf -z passes on view with CLASS1 class ($n)"
 ret=0
-$CHECKCONF -z view-class-in2.conf > /dev/null 2>&1 || ret=1
+$CHECKCONF -z view-class-in2.conf > checkconf.out$n 2>&1 || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
 status=`expr $status + $ret`
 
@@ -279,7 +297,7 @@ n=`expr $n + 1`
 echo_i "check that check-names fails as configured ($n)"
 ret=0
 $CHECKCONF -z check-names-fail.conf > checkconf.out$n 2>&1 && ret=1
-grep "near '_underscore': bad name (check-names)" checkconf.out$n > /dev/null || ret=1
+grep "near '_underscore': bad name (check-names)" < checkconf.out$n > /dev/null || ret=1
 grep "zone check-names/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1
 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
 status=`expr $status + $ret`
@@ -288,7 +306,7 @@ n=`expr $n + 1`
 echo_i "check that check-mx fails as configured ($n)"
 ret=0
 $CHECKCONF -z check-mx-fail.conf > checkconf.out$n 2>&1 && ret=1
-grep "near '10.0.0.1': MX is an address" checkconf.out$n > /dev/null || ret=1
+grep "near '10.0.0.1': MX is an address" < checkconf.out$n > /dev/null || ret=1
 grep "zone check-mx/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1
 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
 status=`expr $status + $ret`
@@ -297,7 +315,7 @@ n=`expr $n + 1`
 echo_i "check that check-dup-records fails as configured ($n)"
 ret=0
 $CHECKCONF -z check-dup-records-fail.conf > checkconf.out$n 2>&1 && ret=1
-grep "has semantically identical records" checkconf.out$n > /dev/null || ret=1
+grep "has semantically identical records" < checkconf.out$n > /dev/null || ret=1
 grep "zone check-dup-records/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1
 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
 status=`expr $status + $ret`
@@ -306,7 +324,7 @@ n=`expr $n + 1`
 echo_i "check that check-mx fails as configured ($n)"
 ret=0
 $CHECKCONF -z check-mx-fail.conf > checkconf.out$n 2>&1 && ret=1
-grep "failed: MX is an address" checkconf.out$n > /dev/null || ret=1
+grep "failed: MX is an address" < checkconf.out$n > /dev/null || ret=1
 grep "zone check-mx/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1
 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
 status=`expr $status + $ret`
@@ -315,7 +333,7 @@ n=`expr $n + 1`
 echo_i "check that check-mx-cname fails as configured ($n)"
 ret=0
 $CHECKCONF -z check-mx-cname-fail.conf > checkconf.out$n 2>&1 && ret=1
-grep "MX.* is a CNAME (illegal)" checkconf.out$n > /dev/null || ret=1
+grep "MX.* is a CNAME (illegal)" < checkconf.out$n > /dev/null || ret=1
 grep "zone check-mx-cname/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1
 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
 status=`expr $status + $ret`
@@ -324,7 +342,7 @@ n=`expr $n + 1`
 echo_i "check that check-srv-cname fails as configured ($n)"
 ret=0
 $CHECKCONF -z check-srv-cname-fail.conf > checkconf.out$n 2>&1 && ret=1
-grep "SRV.* is a CNAME (illegal)" checkconf.out$n > /dev/null || ret=1
+grep "SRV.* is a CNAME (illegal)" < checkconf.out$n > /dev/null || ret=1
 grep "zone check-mx-cname/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1
 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
 status=`expr $status + $ret`
@@ -333,7 +351,7 @@ n=`expr $n + 1`
 echo_i "check that named-checkconf -p properly print a port range ($n)"
 ret=0
 $CHECKCONF -p portrange-good.conf > checkconf.out$n 2>&1 || ret=1
-grep "range 8610 8614;" checkconf.out$n > /dev/null || ret=1
+grep "range 8610 8614;" < checkconf.out$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
 status=`expr $status + $ret`
 
@@ -349,7 +367,7 @@ n=`expr $n + 1`
 echo_i "check that named-checkconf prints max-cache-size <percentage> correctly ($n)"
 ret=0
 $CHECKCONF -p max-cache-size-good.conf > checkconf.out$n 2>&1 || ret=1
-grep "max-cache-size 60%;" checkconf.out$n > /dev/null || ret=1
+grep "max-cache-size 60%;" < checkconf.out$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
 status=`expr $status + $ret`
 
@@ -360,7 +378,7 @@ $CHECKCONF -l good.conf |
 grep -v "is not implemented" |
 grep -v "no longer exists" |
 grep -v "is obsolete" > checkconf.out$n || ret=1
-diff good.zonelist checkconf.out$n  > diff.out$n || ret=1
+diff good.zonelist checkconf.out$n > diff.out$n || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
 status=`expr $status + $ret`
 
@@ -368,7 +386,7 @@ n=`expr $n + 1`
 echo_i "check that 'dnssec-lookaside auto;' generates a warning ($n)"
 ret=0
 $CHECKCONF warn-dlv-auto.conf > checkconf.out$n 2>/dev/null || ret=1
-grep "dnssec-lookaside 'auto' is no longer supported" checkconf.out$n > /dev/null || ret=1
+grep "dnssec-lookaside 'auto' is no longer supported" < checkconf.out$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
 status=`expr $status + $ret`
 
@@ -376,7 +394,7 @@ n=`expr $n + 1`
 echo_i "check that 'dnssec-lookaside . trust-anchor dlv.isc.org;' generates a warning ($n)"
 ret=0
 $CHECKCONF warn-dlv-dlv.isc.org.conf > checkconf.out$n 2>/dev/null || ret=1
-grep "dlv.isc.org has been shut down" checkconf.out$n > /dev/null || ret=1
+grep "dlv.isc.org has been shut down" < checkconf.out$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
 status=`expr $status + $ret`
 
@@ -393,7 +411,7 @@ echo_i "check that the 2010 ICANN ROOT KSK without the 2017 ICANN ROOT KSK gener
 ret=0
 $CHECKCONF check-root-ksk-2010.conf > checkconf.out$n 2>/dev/null || ret=1
 [ -s checkconf.out$n ] || ret=1
-grep "trusted-key for root from 2010 without updated" checkconf.out$n > /dev/null || ret=1
+grep "trusted-key for root from 2010 without updated" < checkconf.out$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
 status=`expr $status + $ret`
 
@@ -416,7 +434,7 @@ echo_i "check that the dlv.isc.org KSK generates a warning ($n)"
 ret=0
 $CHECKCONF check-dlv-ksk-key.conf > checkconf.out$n 2>/dev/null || ret=1
 [ -s checkconf.out$n ] || ret=1
-grep "trusted-key for dlv.isc.org still present" checkconf.out$n > /dev/null || ret=1
+grep "trusted-key for dlv.isc.org still present" < checkconf.out$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
 status=`expr $status + $ret`
 
@@ -424,7 +442,7 @@ echo_i "check that 'geoip-use-ecs no' generates a warning ($n)"
 ret=0
 $CHECKCONF warn-geoip-use-ecs.conf > checkconf.out$n 2>/dev/null || ret=1
 [ -s checkconf.out$n ] || ret=1
-grep "'geoip-use-ecs' is obsolete" checkconf.out$n > /dev/null || ret=1
+grep "'geoip-use-ecs' is obsolete" < checkconf.out$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
 status=`expr $status + $ret`