As Python QA tools, BIND system test prerequisites, and documentation
building utilities are now all included in operating system images used
in GitLab CI, do not use pip for installing them in each CI job any
more.
(cherry picked from commit e3c217296d)
Add a system test that counts how many address fetches are made
for different numbers of NS records and checks that the number
are successfully limited.
If there are more that 5 NS record for a zone only perform a
maximum of 4 address lookups for all the name servers. This
limits the amount of remote lookup performed for server
addresses at each level for a given query.
as the update triggers by the rndc command to clear the signing records
may not have completed by the time the subsequent rndc command to test
that the records have been removed is commenced. Loop several times to
prevent false negative.
(cherry picked from commit 353018c0e5)
cppcheck 2.0 reports false positives about uninitialized variables in a
lot of places throughout BIND source code, e.g.:
bin/dnssec/dnssec-cds.c:282:6: error: Uninitialized variable: length [uninitvar]
if (isc_buffer_availablelength(&buf) <= len) {
^
Apparently cppcheck 2.0 has issues with processing (&var)->field syntax,
which is what the macros from lib/isc/include/isc/buffer.h are evaluated
to. This issue was reported upstream [1] and will hopefully be
addressed in a future cppcheck release.
In the meantime, to avoid modifying BIND source code in multiple places
just because of a static checker false positive, work around the issue
by adding intermediate variables to buffer macro definitions using a sed
invocation in the cppcheck job script.
[1] https://sourceforge.net/p/cppcheck/discussion/general/thread/122153e3c1/
(cherry picked from commit 481fa34e50)
Add whitespace to the regular expression used for extracting the GCC
version from "gcc --version" output so that it works properly with
multi-digit major version numbers.
(cherry picked from commit 3b48eec79f)
Commit 691c8f6828 broke the cppcheck job
in GitLab CI: when cppcheck fails, the script is immediately
interrupted, preventing cppcheck-htmlreport from being run. To ensure
the HTML report is generated when cppcheck fails, revert to invoking
cppcheck-htmlreport in the "after_script" part of the job.
(cherry picked from commit cb2037ee9d)
There a race between when the delta is logged and when the
server returns signed record. Retry the queries if the
lookups fail to meet expectations.
(cherry picked from commit 46c4e5d96f)
Although in util/api-checker.sh we create textual reports, we don't
preserve them in job artifacts, but we should.
We don't want to keep all HTML pages present in the project root, but
just those produced by ABI checker.
(cherry picked from commit b5ccf95b0a)
