Commit Graph

34863 Commits

Author SHA1 Message Date
Mark Andrews
8aa7601a42 named-checkzone -z ignored the check-wildcard option
Lookup and set the wildcard option according to the configuration
settings.  The default is on as per bin/named/config.c.

(cherry picked from commit dfc5c1e018)
2022-11-17 11:00:04 +11:00
Michal Nowak
4563357ab8 Merge tag 'v9_16_35' into v9_16
BIND 9.16.35
2022-11-16 16:20:31 +01:00
Michal Nowak
ff5f2a787d Merge branch 'mnowak/openbsd-7.2-v9_16' into 'v9_16'
[v9_16] Add OpenBSD 7.2

See merge request isc-projects/bind9!7083
2022-11-15 11:47:19 +00:00
Michal Nowak
27b0df2124 Add OpenBSD 7.2
(cherry picked from commit b239e6870d)
2022-11-15 10:44:04 +01:00
Michal Nowak
0f690eb8c8 Merge branch '2265-fix-and-check-bashisms-v9_16' into 'v9_16'
[v9_16] Fix and check bashisms in system test

See merge request isc-projects/bind9!7081
2022-11-15 07:00:49 +00:00
Michal Nowak
0b4be3a26c In POSIX sh, RANDOM variable is undefined
possible bashism in ./bin/tests/system/system-test-driver.sh line 77 ($RANDOM):
    ./run.sh -p "$(($RANDOM%32000+32000))" "$@" "$TEST_PROGRAM"

Also see: https://www.shellcheck.net/wiki/SC3028.
2022-11-14 23:13:04 +01:00
Michal Nowak
c40916dbf3 Hide sh-long-option checkbashism confusion
possible bashism in ./bin/tests/system/system-test-driver.sh line 30 (sh --long-option):
    OPTS=$(getopt --shell sh --name "$(basename "$0")" --options '' --longoptions test-name:,log-file:,trs-file:,color-tests:,expect-failure:,enable-hard-errors: -- "$@")
2022-11-14 23:13:04 +01:00
Michal Nowak
9cf52e51ab Add checkbashisms CI job
(cherry picked from commit 47a7c5123a)
2022-11-14 23:13:04 +01:00
Michal Nowak
8b9634c9ed Rename $HOSTNAME to $HOST_NAME to silence checkbashisms
checkbashisms warns about possible reliance on HOSTNAME environmental
variable which Bash sets to the name of the current host, and some
commands may leverage it:

    possible bashism in builtin/tests.sh line 199 ($HOST(TYPE|NAME)):
    grep "^\"$HOSTNAME\"$" dig.out.ns1.$n > /dev/null || ret=1
    possible bashism in builtin/tests.sh line 221 ($HOST(TYPE|NAME)):
    grep "^\"$HOSTNAME\"$" dig.out.ns2.$n > /dev/null || ret=1
    possible bashism in builtin/tests.sh line 228 ($HOST(TYPE|NAME)):
    grep "^; NSID: .* (\"$HOSTNAME\")$" dig.out.ns2.$n > /dev/null || ret=1

We don't use the variable this way but rename it to HOST_NAME to silence
the tool.

(cherry picked from commit ae33a8ddea)
2022-11-14 23:13:04 +01:00
Michal Nowak
0f2e25af52 Remove no-op assignment from kasp/tests.sh
"next_key_event_threshold" is assigned with
"next_key_event_threshold+i", but "i" is empty (never set, nor used
afterwards).

posh, the Policy-compliant Ordinary SHell, failed on this assignment
with:

    tests.sh:253: : unexpected `end of expression'

(cherry picked from commit 00c3b1e309)
2022-11-14 23:13:03 +01:00
Michal Nowak
9508a2ce46 Remove unused $@ array from cds/setup.sh
posh, the Policy-compliant Ordinary SHell, failed with:

    setup.sh:57: @: parameter not set

(cherry picked from commit 02a4a95395)
2022-11-14 23:13:03 +01:00
Michal Nowak
a1e697c8b3 Join two rndc lines not to confuse checkbashisms
checkbashisms gets confused by the rndc command being on two lines:

    possible bashism in bin/tests/system/nzd2nzf/tests.sh line 37 (type):
    rndccmd 10.53.0.1 addzone "added.example { type primary; file \"added.db\";

(cherry picked from commit 9eb2f6b0e8)
2022-11-14 23:13:03 +01:00
Michal Nowak
cf67657c71 Replace string comparisons with integer comparisons
checkbashisms reports Bash-style ("==") string comparisons inside test/[
command:

    possible bashism in bin/tests/system/checkconf/tests.sh line 105 (should be 'b = a'):
                    if [ $? == 0 ]; then echo_i "failed"; ret=1; fi
    possible bashism in bin/tests/system/keyfromlabel/tests.sh line 62 (should be 'b = a'):
                    test $ret == 0 || continue
    possible bashism in bin/tests/system/keyfromlabel/tests.sh line 79 (should be 'b = a'):
                    test $ret == 0 || continue

(cherry picked from commit 7640fc5b39)
2022-11-14 21:11:27 +01:00
Michal Nowak
be1379b6e4 Add shell interpreter line where missing
The checkbashisms script reports errors like this one:

    script util/check-line-length.sh does not appear to have a #! interpreter line;
    you may get strange results

(cherry picked from commit 9e68997cbb)
2022-11-14 21:09:42 +01:00
Mark Andrews
44c51cd320 Merge branch '3468-statistics-xml-rendering-does-not-seem-to-protect-against-concurrent-changes-v9_16' into 'v9_16'
Resolve "Statistics XML rendering does not seem to protect against concurrent changes" [v9_16]

See merge request isc-projects/bind9!7077
2022-11-11 16:40:54 +00:00
Mark Andrews
b70d4f5917 Add CHANGES note for [GL #3468]
(cherry picked from commit a4383c906c)
2022-11-11 16:13:55 +00:00
Mark Andrews
10083c2019 Have dns_zt_apply lock the zone table
There were a number of places where the zone table should have been
locked, but wasn't, when dns_zt_apply was called.

Added a isc_rwlocktype_t type parameter to dns_zt_apply and adjusted
all calls to using it.  Removed locks in callers.

(cherry picked from commit f053d5b414)
2022-11-11 16:13:55 +00:00
Petr Špaček
d0cca7ecc9 Merge branch '3669-update-policy-external-synchronous-doc-v9_16' into 'v9_16'
Document that update-policy external is synchronous [v9_16]

See merge request isc-projects/bind9!7074
2022-11-11 10:24:04 +00:00
Petr Špaček
62a0d10014 Document that update-policy external is synchronous
(cherry picked from commit 7d352741a0)
2022-11-11 11:15:54 +01:00
Mark Andrews
0fcec7a22c Merge branch '3630-nextpart-is-not-compatible-with-set-x-v9_16' into 'v9_16'
Resolve "'nextpart' is not compatible with 'set -x'" [v9_16]

See merge request isc-projects/bind9!7061
2022-11-08 17:50:26 +00:00
Mark Andrews
8cda49f604 Use file descriptor 3 to save file.prev
If 'set -x' is in effect file.prev gets populated with debugging output.
To prevent this open descriptor 3 and redirect stderr from the awk
command to descriptor 3. Debugging output will stay directed to stderr.

(cherry picked from commit 10f67938db)
2022-11-08 16:44:05 +00:00
Tom Krizek
f7ad072501 Merge branch 'tkrizek/danger-approve-v9_16' into 'v9_16'
ci: add danger checks - approve workflow & wip commits [v9_16]

See merge request isc-projects/bind9!7058
2022-11-08 13:41:55 +00:00
Tom Krizek
df30dffdd1 Check for cherry pick message in backport commits in danger CI
Using the -x option for cherry pick makes it easy to link commits across
branches and it is recommended to use for all backport commits (with
exceptions -- thus a warning level rather than failure).

(cherry picked from commit 5ecb277090)
2022-11-08 14:40:14 +01:00
Tom Krizek
f8ed380890 Detect work-in-progress commits in danger CI
To avoid accidentally merging unfinished work, detect prohibited
keywords at the start of the subject line. If the first word is any of
the following, fail the check:
WIP, wip, DROP, drop, TODO, todo

The only slightly controversial is the lowercase "drop" which might have
a legitimate use - seems like four commits in the history used it as a
start of a sentence. However, since people commonly use "drop" to
indicate a commit should be dropped before merging, let's prohibit it as
well. In case of false-positive, "Drop" with a capitalized first letter
can always be used.

(cherry picked from commit 402b11431c)
2022-11-08 14:40:14 +01:00
Tom Krizek
3a6e014b20 Use approve button workflow in danger CI
Since the LGTM label was deprecated in favor of using the Approve button
in gitlab, adjust the detection in danger bot.

Unfortunately, danger-python seems no longer maintained since 2020 and
MR approvals aren't available in its Python API (even though they're
supported in its Ruby/JS APIs). Going forward, let's use the more
comprehensive python-gitlab API.

It still makes sense to utilize the danger-python, since it handles the
integration with gitlab which doesn't need to be reimplemented as long
as it works - same with the other checks.

(cherry picked from commit e901342dd9)
2022-11-08 14:40:08 +01:00
Michał Kępień
04e434f113 Merge branch 'michal/set-up-version-and-release-notes-for-bind-9.16.36' into 'v9_16'
Set up version and release notes for BIND 9.16.36

See merge request isc-projects/bind9!7055
2022-11-08 12:30:14 +00:00
Michał Kępień
cc71b0afb0 Set up release notes for BIND 9.16.36 2022-11-08 13:24:19 +01:00
Michał Kępień
74ff93af19 Update BIND version to 9.16.36-dev 2022-11-08 13:24:19 +01:00
Michał Kępień
4ce90d03a8 Merge branch 'prep-release' into v9_16_35-release v9.16.35 2022-11-07 23:12:59 +01:00
Michał Kępień
a87c400fa8 prep 9.16.35 2022-11-07 23:12:48 +01:00
Michał Kępień
42e0859163 Merge branch 'michal/prepare-documentation-for-bind-9.16.35' into 'v9_16_35-release'
Prepare documentation for BIND 9.16.35

See merge request isc-private/bind9!473
2022-11-07 22:09:29 +00:00
Michał Kępień
619cd8d80f Add release note for GL #3603 2022-11-07 23:05:01 +01:00
Michał Kępień
472598f7ed Add release note for GL #3247 2022-11-07 23:05:01 +01:00
Michał Kępień
b91a75098f Reorder release notes 2022-11-07 23:05:01 +01:00
Michał Kępień
aa24942237 Tweak and reword release notes 2022-11-07 23:05:01 +01:00
Michał Kępień
20275113f5 Prepare release notes for BIND 9.16.35 2022-11-07 23:05:01 +01:00
Michał Kępień
8d15ce5ff0 Merge branch 'pspacek/doc-known-issues-reshuffle-v9_16' into 'v9_16'
[v9_16] Repeat Known Issues at the top of Release Notes page

See merge request isc-projects/bind9!7044
2022-11-07 14:10:58 +00:00
Petr Špaček
04cd80c0f5 Repeat Known Issues at the top of Release Notes page
From now on all per-version notes link to the global list
of Known Issues. If there is a new note it should be listed twice:
In the per-version list, and in the global list.

(cherry picked from commit c58dd2790a)
2022-11-07 15:04:23 +01:00
Michał Kępień
9b22c414ce Merge branch '3652-reference-manual-update-policies-unmatched-parenthesis-v9_16' into 'v9_16'
[v9_16] Add missing closing ')' to update-policy documentation

See merge request isc-projects/bind9!7039
2022-11-07 12:49:55 +00:00
Mark Andrews
bf3a8c7de9 Add missing closing ')' to update-policy documentation
The opening '(' before local was not being matched by a closing
')' after the closing '};'.

(cherry picked from commit 044c3b2bb8)
2022-11-07 13:08:20 +01:00
Michał Kępień
a9f5cbb4da Merge branch 'each-dupsigs-test-v9_16' into 'v9_16'
make dupsigs test less timing-sensitive [v9_16]

See merge request isc-projects/bind9!7037
2022-11-07 10:56:01 +00:00
Evan Hunt
4840d6f9c9 make dupsigs test less timing-sensitive
the dupsigs test is prone to failing on slow CI machines
because the first test can occur before the zone is fully
signed.

instead of just waiting ten seconds arbitrarily, we now
check every second, and allow up to 30 seconds before giving
up.

(cherry picked from commit d9b85cbaae)
2022-11-07 10:29:00 +01:00
Tom Krizek
149bda2764 Merge branch 'tkrizek/revert-random-algorithm-randomization' into 'v9_16'
Revert "Merge branch '3503-random-default-algorithm-in-tests-v9_16' into 'v9_16'"

See merge request isc-projects/bind9!7019
2022-11-04 09:32:02 +00:00
Tom Krizek
a1fd85ac70 Revert "Merge branch '3503-random-default-algorithm-in-tests-v9_16' into 'v9_16'"
This reverts commit a7ac1e0105, reversing
changes made to d690c55ed7.
2022-11-04 10:08:51 +01:00
Ondřej Surý
4e326b23fb Merge branch '3643-dont-use-dns_zone_attach-in-zone_refreshkeys-v9_16' into 'v9_16'
Don't use dns_zone_attach() in zone_refreshkeys() [9.16]

See merge request isc-projects/bind9!7026
2022-11-03 15:10:06 +00:00
Ondřej Surý
a6e3fc20d0 Don't use dns_zone_attach() in zone_refreshkeys()
The zone_refreshkeys() could run before the zone_shutdown(), but after
the last .erefs has been "detached" causing assertion failure when doing
dns_zone_attach().  Remove the use of .erefs (dns_zone_attach/detach)
and replace it with using the .irefs and additional checks whether the
zone is exiting in the callbacks.

(cherry picked from commit 80e66fbd2d)
2022-11-03 15:35:58 +01:00
Matthijs Mekking
aee91a01b4 Merge branch '3591-nsec3-crash-dynamic-to-inline-signing-v9_16' into 'v9_16'
[v9_16] Fix crash where dnssec-policy zone with NSEC3 crashes when inline-signing is turned on

See merge request isc-projects/bind9!7021
2022-11-03 14:31:24 +00:00
Matthijs Mekking
23f87f5ca7 Add release note and change for GL #3591
Breaking news.

(cherry picked from commit 1cf2f6fe68)
2022-11-03 14:45:12 +01:00
Matthijs Mekking
e4808e1f5f If a zone is not reusable, trigger full sign
If after a reconfig a zone is not reusable because inline-signing
was turned on/off, trigger a full resign. This is necessary because
otherwise the zone maintenance may decide to only apply the changes
in the journal, leaving the zone in an inconsistent DNSSEC state.

(cherry picked from commit 4d143f2cc4)
2022-11-03 14:44:41 +01:00
Matthijs Mekking
949768b252 Don't allow DNSSEC records in the raw zone
There was an exception for dnssec-policy that allowed DNSSEC in the
unsigned version of the zone. This however causes a crash if the
zone switches from dynamic to inline-signing in the case of NSEC3,
because we are now trying to add an NSEC3 record to a non-NSEC3 node.
This is because BIND expects none of the records in the unsigned
version of the zone to be NSEC3.

Remove the exception for dnssec-policy when copying non DNSSEC
records, but do allow for DNSKEY as this may be a published DNSKEY
from a different provider.

(cherry picked from commit 332b98ae49)
2022-11-03 14:44:35 +01:00