From f5660107177e1044f717f8bca6646bca9a7fc1ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= Date: Wed, 21 Nov 2018 12:09:29 +0100 Subject: [PATCH] sfcache system test: Remove RSAMD5 usage and make script shellcheck compliant --- bin/tests/system/sfcache/clean.sh | 20 +++--- bin/tests/system/sfcache/ns1/sign.sh | 14 ++--- bin/tests/system/sfcache/ns2/sign.sh | 12 ++-- .../system/sfcache/{prereq.sh => ns5/sign.sh} | 16 ++--- bin/tests/system/sfcache/ns5/trusted.conf.bad | 14 ----- bin/tests/system/sfcache/setup.sh | 10 ++- bin/tests/system/sfcache/tests.sh | 63 ++++++++++--------- util/copyrights | 3 +- 8 files changed, 69 insertions(+), 83 deletions(-) rename bin/tests/system/sfcache/{prereq.sh => ns5/sign.sh} (60%) delete mode 100644 bin/tests/system/sfcache/ns5/trusted.conf.bad diff --git a/bin/tests/system/sfcache/clean.sh b/bin/tests/system/sfcache/clean.sh index d1e0b5303c..0881d42c58 100644 --- a/bin/tests/system/sfcache/clean.sh +++ b/bin/tests/system/sfcache/clean.sh @@ -9,13 +9,13 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -rm -f */K*.key */K*.private */*.signed */*.db */dsset-* -rm -f */managed.conf */trusted.conf -rm -f */named.memstats -rm -f */named.conf -rm -f */named.run */named.run.prev -rm -f dig.* -rm -f sfcache.* -rm -f ns*/named.lock -rm -f ns5/named.run.part* -rm -f ns*/managed-keys.bind* +rm -f ./*/K*.key ./*/K*.private ./*/*.signed ./*/*.db ./*/dsset-* +rm -f ./*/managed.conf ./*/trusted.conf +rm -f ./*/named.memstats +rm -f ./*/named.conf +rm -f ./*/named.run ./*/named.run.prev +rm -f ./dig.* +rm -f ./sfcache.* +rm -f ./ns*/named.lock +rm -f ./ns5/named.run.part* +rm -f ./ns*/managed-keys.bind* diff --git a/bin/tests/system/sfcache/ns1/sign.sh b/bin/tests/system/sfcache/ns1/sign.sh index fbd594f1cc..59653ed063 100644 --- a/bin/tests/system/sfcache/ns1/sign.sh +++ b/bin/tests/system/sfcache/ns1/sign.sh @@ -9,8 +9,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -SYSTEMTESTTOP=../.. -. $SYSTEMTESTTOP/conf.sh +# shellcheck source=conf.sh +. "$SYSTEMTESTTOP/conf.sh" zone=. infile=root.db.in @@ -18,17 +18,17 @@ zonefile=root.db (cd ../ns2 && $SHELL sign.sh ) -cp ../ns2/dsset-example$TP . +cp "../ns2/dsset-example$TP" . -keyname=`$KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} -n zone $zone` +keyname=$($KEYGEN -q -a "${DEFAULT_ALGORITHM}" -b "${DEFAULT_BITS}" -n zone $zone) -cat $infile $keyname.key > $zonefile +cat "$infile" "$keyname.key" > "$zonefile" $SIGNER -P -g -o $zone $zonefile > /dev/null # Configure the resolving server with a trusted key. -keyfile_to_trusted_keys $keyname > trusted.conf +keyfile_to_trusted_keys "$keyname" > trusted.conf cp trusted.conf ../ns2/trusted.conf # ...or with a managed key. -keyfile_to_managed_keys $keyname > managed.conf +keyfile_to_managed_keys "$keyname" > managed.conf diff --git a/bin/tests/system/sfcache/ns2/sign.sh b/bin/tests/system/sfcache/ns2/sign.sh index 4fe8a6c08e..9ef7aaae2c 100644 --- a/bin/tests/system/sfcache/ns2/sign.sh +++ b/bin/tests/system/sfcache/ns2/sign.sh @@ -9,16 +9,16 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -SYSTEMTESTTOP=../.. -. $SYSTEMTESTTOP/conf.sh +# shellcheck source=conf.sh +. "$SYSTEMTESTTOP/conf.sh" zone=example. infile=example.db.in zonefile=example.db -keyname1=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone` -keyname2=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone` +keyname1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +keyname2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") -cat $infile $keyname1.key $keyname2.key >$zonefile +cat "$infile" "$keyname1.key" "$keyname2.key" > "$zonefile" -$SIGNER -P -g -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null +"$SIGNER" -P -g -o "$zone" -k "$keyname1" "$zonefile" "$keyname2" > /dev/null diff --git a/bin/tests/system/sfcache/prereq.sh b/bin/tests/system/sfcache/ns5/sign.sh similarity index 60% rename from bin/tests/system/sfcache/prereq.sh rename to bin/tests/system/sfcache/ns5/sign.sh index e205020e0e..04749e78be 100644 --- a/bin/tests/system/sfcache/prereq.sh +++ b/bin/tests/system/sfcache/ns5/sign.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/sh -e # # Copyright (C) Internet Systems Consortium, Inc. ("ISC") # @@ -9,13 +9,9 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -SYSTEMTESTTOP=.. -. $SYSTEMTESTTOP/conf.sh +# shellcheck source=conf.sh +. "$SYSTEMTESTTOP/conf.sh" -if $KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} -n zone foo > /dev/null 2>&1 -then - rm -f Kfoo* -else - echo "I:This test requires that --with-openssl was used." >&2 - exit 255 -fi +keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone ".") + +keyfile_to_trusted_keys "$keyname" > trusted.conf diff --git a/bin/tests/system/sfcache/ns5/trusted.conf.bad b/bin/tests/system/sfcache/ns5/trusted.conf.bad deleted file mode 100644 index ed30460bda..0000000000 --- a/bin/tests/system/sfcache/ns5/trusted.conf.bad +++ /dev/null @@ -1,14 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -trusted-keys { - "." 256 3 1 "AQO6Cl+slAf+iuieDim9L3kujFHQD7s/IOj03ClMOpKYcTXtK4mRpuULVfvWxDi9Ew/gj0xLnnX7z9OJHIxLI+DSrAHd8Dm0XfBEAtVtJSn70GaPZgnLMw1rk5ap2DsEoWk="; -}; diff --git a/bin/tests/system/sfcache/setup.sh b/bin/tests/system/sfcache/setup.sh index 482c779cf7..b5adf28f36 100644 --- a/bin/tests/system/sfcache/setup.sh +++ b/bin/tests/system/sfcache/setup.sh @@ -9,8 +9,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -SYSTEMTESTTOP=.. -. $SYSTEMTESTTOP/conf.sh +# shellcheck source=conf.sh +. "$SYSTEMTESTTOP/conf.sh" $SHELL clean.sh @@ -18,7 +18,5 @@ copy_setports ns1/named.conf.in ns1/named.conf copy_setports ns2/named.conf.in ns2/named.conf copy_setports ns5/named.conf.in ns5/named.conf -cd ns1 && $SHELL sign.sh - -cd ../ns5 && cp -f trusted.conf.bad trusted.conf - +cd ns1 && $SHELL sign.sh && cd .. +cd ns5 && $SHELL sign.sh && cd .. diff --git a/bin/tests/system/sfcache/tests.sh b/bin/tests/system/sfcache/tests.sh index ac45cd537a..e20639c8b0 100644 --- a/bin/tests/system/sfcache/tests.sh +++ b/bin/tests/system/sfcache/tests.sh @@ -9,94 +9,101 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -SYSTEMTESTTOP=.. -. $SYSTEMTESTTOP/conf.sh +# shellcheck source=conf.sh +. "$SYSTEMTESTTOP/conf.sh" status=0 n=0 rm -f dig.out.* -DIGOPTS="+tcp +noadd +nosea +nostat +nocmd -p ${PORT}" -RNDCCMD="$RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p ${CONTROLPORT} -s" +dig_with_opts() { + "$DIG" +tcp +noadd +nosea +nostat +nocmd -p "$PORT" "$@" +} + +rndc_with_opts() { + "$RNDC" -c "$SYSTEMTESTTOP/common/rndc.conf" -p "$CONTROLPORT" -s "$@" +} echo_i "checking DNSSEC SERVFAIL is cached ($n)" ret=0 -$DIG $DIGOPTS +dnssec foo.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1 -$RNDCCMD 10.53.0.5 dumpdb -all 2>&1 | sed 's/^/I:ns5 /' +dig_with_opts +dnssec foo.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1 +rndc_with_opts 10.53.0.5 dumpdb -all 2>&1 | sed 's/^/I:ns5 /' +# shellcheck disable=SC2034 for i in 1 2 3 4 5 6 7 8 9 10; do awk '/Zone/{out=0} { if (out) print } /SERVFAIL/{out=1}' ns5/named_dump.db > sfcache.$n [ -s "sfcache.$n" ] && break sleep 1 done grep "^; foo.example/A" sfcache.$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n+1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status+ret)) echo_i "checking SERVFAIL is returned from cache ($n)" ret=0 -$DIG $DIGOPTS +dnssec foo.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1 +dig_with_opts +dnssec foo.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1 grep "SERVFAIL" dig.out.ns5.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n+1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status+ret)) echo_i "checking that +cd bypasses cache check ($n)" ret=0 -$DIG $DIGOPTS +dnssec +cd foo.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1 +dig_with_opts +dnssec +cd foo.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1 grep "SERVFAIL" dig.out.ns5.test$n > /dev/null && ret=1 -n=`expr $n + 1` +n=$((n+1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status+ret)) echo_i "disabling server to force non-dnssec SERVFAIL" -$PERL $SYSTEMTESTTOP/stop.pl --use-rndc --port ${CONTROLPORT} sfcache ns2 +"$PERL" "$SYSTEMTESTTOP/stop.pl" --use-rndc --port "${CONTROLPORT}" sfcache ns2 awk '/SERVFAIL/ { next; out=1 } /Zone/ { out=0 } { if (out) print }' ns5/named_dump.db echo_i "checking SERVFAIL is cached ($n)" ret=0 -$DIG $DIGOPTS bar.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1 -$RNDCCMD 10.53.0.5 dumpdb -all 2>&1 | sed 's/^/I:ns5 /' +dig_with_opts bar.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1 +rndc_with_opts 10.53.0.5 dumpdb -all 2>&1 | sed 's/^/I:ns5 /' +# shellcheck disable=SC2034 for i in 1 2 3 4 5 6 7 8 9 10; do awk '/Zone/{out=0} { if (out) print } /SERVFAIL/{out=1}' ns5/named_dump.db > sfcache.$n [ -s "sfcache.$n" ] && break sleep 1 done grep "^; bar.example/A" sfcache.$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n+1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status+ret)) echo_i "checking SERVFAIL is returned from cache ($n)" ret=0 nextpart ns5/named.run > /dev/null -$DIG $DIGOPTS bar.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1 +dig_with_opts bar.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1 grep "SERVFAIL" dig.out.ns5.test$n > /dev/null || ret=1 nextpart ns5/named.run > ns5/named.run.part$n grep 'servfail cache hit bar.example/A (CD=0)' ns5/named.run.part$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n+1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status+ret)) echo_i "checking cache is bypassed with +cd query ($n)" ret=0 -$DIG $DIGOPTS +cd bar.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1 +dig_with_opts +cd bar.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1 grep "SERVFAIL" dig.out.ns5.test$n > /dev/null || ret=1 nextpart ns5/named.run > ns5/named.run.part$n grep 'servfail cache hit' ns5/named.run.part$n > /dev/null && ret=1 -n=`expr $n + 1` +n=$((n+1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status+ret)) echo_i "checking cache is used for subsequent +cd query ($n)" ret=0 -$DIG $DIGOPTS +dnssec bar.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1 +dig_with_opts +dnssec bar.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1 grep "SERVFAIL" dig.out.ns5.test$n > /dev/null || ret=1 nextpart ns5/named.run > ns5/named.run.part$n grep 'servfail cache hit bar.example/A (CD=1)' ns5/named.run.part$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n+1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status+ret)) echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/util/copyrights b/util/copyrights index 480d939f41..0c17dd9a71 100644 --- a/util/copyrights +++ b/util/copyrights @@ -1008,8 +1008,7 @@ ./bin/tests/system/sfcache/clean.sh SH 2014,2015,2016,2017,2018 ./bin/tests/system/sfcache/ns1/sign.sh SH 2014,2016,2017,2018 ./bin/tests/system/sfcache/ns2/sign.sh SH 2014,2016,2018 -./bin/tests/system/sfcache/ns5/trusted.conf.bad X 2014,2016,2018 -./bin/tests/system/sfcache/prereq.sh SH 2014,2016,2017,2018 +./bin/tests/system/sfcache/ns5/sign.sh SH 2018 ./bin/tests/system/sfcache/setup.sh SH 2014,2016,2017,2018 ./bin/tests/system/sfcache/tests.sh SH 2014,2016,2017,2018 ./bin/tests/system/smartsign/clean.sh SH 2010,2012,2014,2016,2018