We should also lock kasp when reading key files, because at the same
time the zone in another view may be updating the key file.
(cherry picked from commit 252a1ae0a1)
Also, add "set -e" to all shell scripts of the views test to exit when
any command fails or is unknown, e.g., this on OpenBSD:
tests.sh[174]: seq: not found
(cherry picked from commit a4b7eb7188)
The seq command is not defined in the POSIX standard and is missing on
OpenBSD. Given that the system test code is meant to be POSIX-compliant
replace it with a shell construct.
(cherry picked from commit a08487ec3d)
The isc-config.sh script was removed in 2019 [1], so the top-level
Makefile does not need to create ${bindir} and ${mandir}/man1 any more.
All named options creating files in the ${localstatedir}/run/named
directory are able to automatically create that directory (as well as
its containing directories), so there is no need for the top-level
Makefile to create ${localstatedir}/run.
Clean up the "installdirs" target in the top-level Makefile accordingly.
[1] see commit 4b44351e65
Add two tests to make sure named-checkconf catches key-directory issues
where a zone in multiple views uses the same directory but has
different dnssec-policies. One test sets the key-directory specifically,
the other inherits the default key-directory (NULL, aka the working
directory).
Also update the good.conf test to allow zones in different views
with the same key-directory if they use the same dnssec-policy.
Also allow zones in different views with different key-directories if
they use different dnssec-policies.
Also allow zones in different views with the same key-directories if
only one view uses a dnssec-policy (the other is set to "none").
Also allow zones in different views with the same key-directories if
no views uses a dnssec-policy (zone in both views has the dnssec-policy
set to "none").
(cherry picked from commit df1aecd5ff)
Don't allow the same zone with different dnssec-policies in separate
views have the same key-directory.
Track zones plus key-directory in a symtab and if there is a match,
check the offending zone's dnssec-policy name. If the name is "none"
(there is no kasp for the offending zone), or if the name is the same
(the zone shares keys), it is fine, otherwise it is an error (zones
in views using different policies cannot share the same key-directory).
(cherry picked from commit 494e8b2cbd)
This function has never been used since it was added to the source tree
by commit 686b27bfd3 back in 1999. As
the dns_zoneflg_t type is only defined in lib/dns/zone.c, no function
external to that file would be able to use dns_zone_setflag() properly
anyway - the DNS_ZONE_SETFLAG() and DNS_ZONE_CLRFLAG() macros should be
used instead. Zone options that can be set from outside zone.c are set
using dns_zone_setoption().
(cherry picked from commit 314b5362a8)
if dns_updatemethod_date is used do that the returned method is only
set to dns_updatemethod_increment if the new serial does not encode
the current day (YYYYMMDDXX).
(cherry picked from commit 5d21042ed8)
PyLint 2.8.2 reports the following suggestions for two Python scripts
used in the system test suite:
************* Module tests_rndc_deadlock
bin/tests/system/addzone/tests_rndc_deadlock.py:71:4: R1732: Consider using 'with' for resource-allocating operations (consider-using-with)
************* Module tests-shutdown
bin/tests/system/shutdown/tests-shutdown.py:68:4: R1732: Consider using 'with' for resource-allocating operations (consider-using-with)
bin/tests/system/shutdown/tests-shutdown.py:157:8: R1732: Consider using 'with' for resource-allocating operations (consider-using-with)
Implement the above suggestions by using
concurrent.futures.ThreadPoolExecutor() and subprocess.Popen() as
context managers.
(cherry picked from commit a8163551ed)
Add REQUIRE(type == dns_rdatatype_nsec3 || firstp != NULL); so
that dereferences of *firstp is not flagged as a NULL pointer
dereference.
(cherry picked from commit 683ad6e4bd)
FreeBSD 13.0 replaced GNU grep with BSD grep and removed support for
"redundant escapes for most ordinary characters" from regex(3) library,
therefore the matching sequence in digdelv/tests.sh needs to be
rewritten otherwise it fails with:
grep: trailing backslash (\)
Instead of using fixed quantum, this commit adds atomic counter for
number of items on each queue and uses the number of netievents
scheduled to run as the limit of maximum number of netievents for a
single process_queue() run.
This prevents the endless loops when the netievent would schedule more
netievents onto the same loop, but we don't have to pick "magic" number
for the quantum.
(cherry picked from commit 9e3cb396b2)
OpenBSD changed the name of the pytest script from py.test-3 in OpenBSD
6.8 to py.test in OpenBSD 6.9.
The py.test-3 name which was added in d5562a3e for the sake of OpenBSD
and CentOS is still required for CentOS.
(cherry picked from commit 510b4b70e9)
To ensure that a release with outdated copyright year is not produced at
the beginning of a year, set copyright year to the current year.
(cherry picked from commit 7eb44b05c5)
