Compare commits
1 Commits
v9.19.21
...
each-silen
| Author | SHA1 | Date | |
|---|---|---|---|
|
596850eb7f |
@@ -1338,7 +1338,7 @@ ret=0
|
||||
(
|
||||
cd signer/general || exit 1
|
||||
rm -f signed.zone
|
||||
$SIGNER -f signed.zone -o example.com. test1.zone > signer.out.$n
|
||||
$SIGNER -f signed.zone -o example.com. test1.zone > signer.out.$n 2>&1
|
||||
test -f signed.zone
|
||||
) || ret=1
|
||||
n=$((n+1))
|
||||
@@ -1350,7 +1350,7 @@ ret=0
|
||||
(
|
||||
cd signer/general || exit 1
|
||||
rm -f signed.zone
|
||||
$SIGNER -f signed.zone -o example.com. test2.zone > signer.out.$n
|
||||
$SIGNER -f signed.zone -o example.com. test2.zone > signer.out.$n 2>&1
|
||||
test -f signed.zone
|
||||
) && ret=1
|
||||
n=$((n+1))
|
||||
@@ -1362,7 +1362,7 @@ ret=0
|
||||
(
|
||||
cd signer/general || exit 1
|
||||
rm -f signed.zone
|
||||
$SIGNER -f signed.zone -o example.com. test3.zone > signer.out.$n
|
||||
$SIGNER -f signed.zone -o example.com. test3.zone > signer.out.$n 2>&1
|
||||
test -f signed.zone
|
||||
) && ret=1
|
||||
n=$((n+1))
|
||||
@@ -1374,7 +1374,7 @@ ret=0
|
||||
(
|
||||
cd signer/general || exit 1
|
||||
rm -f signed.zone
|
||||
$SIGNER -f signed.zone -o example.com. test4.zone > signer.out.$n
|
||||
$SIGNER -f signed.zone -o example.com. test4.zone > signer.out.$n 2>&1
|
||||
test -f signed.zone
|
||||
) || ret=1
|
||||
n=$((n+1))
|
||||
@@ -1386,7 +1386,7 @@ ret=0
|
||||
(
|
||||
cd signer/general || exit 1
|
||||
rm -f signed.zone
|
||||
$SIGNER -f signed.zone -o example.com. test5.zone > signer.out.$n
|
||||
$SIGNER -f signed.zone -o example.com. test5.zone > signer.out.$n 2>&1
|
||||
test -f signed.zone
|
||||
) || ret=1
|
||||
n=$((n+1))
|
||||
@@ -1398,7 +1398,7 @@ ret=0
|
||||
(
|
||||
cd signer/general || exit 1
|
||||
rm -f signed.zone
|
||||
$SIGNER -f signed.zone -o example.com. test6.zone > signer.out.$n
|
||||
$SIGNER -f signed.zone -o example.com. test6.zone > signer.out.$n 2>&1
|
||||
test -f signed.zone
|
||||
) || ret=1
|
||||
n=$((n+1))
|
||||
@@ -1410,7 +1410,7 @@ ret=0
|
||||
(
|
||||
cd signer/general || exit 1
|
||||
rm -f signed.zone
|
||||
$SIGNER -f signed.zone -o example.com. test7.zone > signer.out.$n
|
||||
$SIGNER -f signed.zone -o example.com. test7.zone > signer.out.$n 2>&1
|
||||
test -f signed.zone
|
||||
) && ret=1
|
||||
n=$((n+1))
|
||||
@@ -1422,7 +1422,7 @@ ret=0
|
||||
(
|
||||
cd signer/general || exit 1
|
||||
rm -f signed.zone
|
||||
$SIGNER -f signed.zone -o example.com. test8.zone > signer.out.$n
|
||||
$SIGNER -f signed.zone -o example.com. test8.zone > signer.out.$n 2>&1
|
||||
test -f signed.zone
|
||||
) && ret=1
|
||||
n=$((n+1))
|
||||
@@ -1493,7 +1493,7 @@ key2=$($KEYGEN -K signer -q -f KSK -a NSEC3RSASHA1 -b 1024 -n zone $zone)
|
||||
(
|
||||
cd signer || exit 1
|
||||
cat example.db.in "$key1.key" "$key2.key" > example.db
|
||||
$SIGNER -o example -f example.db example.db > /dev/null
|
||||
$SIGNER -o example -f example.db example.db > /dev/null 2>&1
|
||||
) || ret=1
|
||||
n=$((n+1))
|
||||
test "$ret" -eq 0 || echo_i "failed"
|
||||
@@ -1507,7 +1507,7 @@ key2=$($KEYGEN -K signer -q -f KSK -a NSEC3RSASHA1 -b 1024 -n zone $zone)
|
||||
(
|
||||
cd signer || exit 1
|
||||
cat example.db.in "$key1.key" "$key2.key" > example.db
|
||||
$SIGNER -3 - -H 10 -o example -f example.db example.db > /dev/null
|
||||
$SIGNER -3 - -H 10 -o example -f example.db example.db > /dev/null 2>&1
|
||||
awk '/^IQF9LQTLK/ {
|
||||
printf("%s", $0);
|
||||
while (!index($0, ")")) {
|
||||
@@ -1533,7 +1533,7 @@ key2=$($KEYGEN -K signer -q -f KSK -a NSEC3RSASHA1 -b 1024 -n zone $zone)
|
||||
cd signer || exit 1
|
||||
cat example.db.in "$key1.key" "$key2.key" > example3.db
|
||||
echo "some.empty.nonterminal.nodes.example 60 IN NS ns.example.tld" >> example3.db
|
||||
$SIGNER -3 - -A -H 10 -o example -f example3.db example3.db > /dev/null
|
||||
$SIGNER -3 - -A -H 10 -o example -f example3.db example3.db > /dev/null 2>&1
|
||||
awk '/^IQF9LQTLK/ {
|
||||
printf("%s", $0);
|
||||
while (!index($0, ")")) {
|
||||
@@ -1558,9 +1558,9 @@ key2=$($KEYGEN -K signer -q -f KSK -a RSASHA1 -b 1024 -n zone $zone)
|
||||
(
|
||||
cd signer || exit 1
|
||||
cat example.db.in "$key1.key" "$key2.key" > example.db
|
||||
$SIGNER -o example -f example.db.before example.db > /dev/null
|
||||
$SIGNER -o example -f example.db.before example.db > /dev/null 2>&1
|
||||
sed 's/60.IN.SOA./50 IN SOA /' example.db.before > example.db.changed
|
||||
$SIGNER -o example -f example.db.after example.db.changed > /dev/null
|
||||
$SIGNER -o example -f example.db.after example.db.changed > /dev/null 2>&1
|
||||
)
|
||||
grep "SOA 5 1 50" signer/example.db.after > /dev/null || ret=1
|
||||
n=$((n+1))
|
||||
@@ -1578,12 +1578,12 @@ keyid3=$(keyfile_to_key_id "$key3")
|
||||
(
|
||||
cd signer || exit 1
|
||||
cat example.db.in "$key1.key" "$key2.key" > example.db
|
||||
$SIGNER -D -o example example.db > /dev/null
|
||||
$SIGNER -D -o example example.db > /dev/null 2>&1
|
||||
|
||||
# now switch out key2 for key3 and resign the zone
|
||||
cat example.db.in "$key1.key" "$key3.key" > example.db
|
||||
echo "\$INCLUDE \"example.db.signed\"" >> example.db
|
||||
$SIGNER -D -o example example.db > /dev/null
|
||||
$SIGNER -D -o example example.db > /dev/null 2>&1
|
||||
) || ret=1
|
||||
get_rsasha1_key_ids_from_sigs | grep "^$keyid2$" > /dev/null || ret=1
|
||||
get_rsasha1_key_ids_from_sigs | grep "^$keyid3$" > /dev/null || ret=1
|
||||
@@ -1595,7 +1595,7 @@ echo_i "checking dnssec-signzone -R purges signatures from removed keys ($n)"
|
||||
ret=0
|
||||
(
|
||||
cd signer || exit 1
|
||||
$SIGNER -RD -o example example.db > /dev/null
|
||||
$SIGNER -RD -o example example.db > /dev/null 2>&1
|
||||
) || ret=1
|
||||
get_rsasha1_key_ids_from_sigs | grep "^$keyid2$" > /dev/null && ret=1
|
||||
get_rsasha1_key_ids_from_sigs | grep "^$keyid3$" > /dev/null || ret=1
|
||||
@@ -1609,11 +1609,11 @@ zone=example
|
||||
(
|
||||
cd signer || exit 1
|
||||
cp -f example.db.in example.db
|
||||
$SIGNER -SD -o example example.db > /dev/null
|
||||
$SIGNER -SD -o example example.db > /dev/null 2>&1
|
||||
echo "\$INCLUDE \"example.db.signed\"" >> example.db
|
||||
# now retire key2 and resign the zone
|
||||
$SETTIME -I now "$key2" > /dev/null 2>&1
|
||||
$SIGNER -SD -o example example.db > /dev/null
|
||||
$SIGNER -SD -o example example.db > /dev/null 2>&1
|
||||
) || ret=1
|
||||
get_rsasha1_key_ids_from_sigs | grep "^$keyid2$" > /dev/null || ret=1
|
||||
get_rsasha1_key_ids_from_sigs | grep "^$keyid3$" > /dev/null || ret=1
|
||||
@@ -1625,7 +1625,7 @@ echo_i "checking dnssec-signzone -Q purges signatures from inactive keys ($n)"
|
||||
ret=0
|
||||
(
|
||||
cd signer || exit 1
|
||||
$SIGNER -SDQ -o example example.db > /dev/null
|
||||
$SIGNER -SDQ -o example example.db > /dev/null 2>&1
|
||||
) || ret=1
|
||||
get_rsasha1_key_ids_from_sigs | grep "^$keyid2$" > /dev/null && ret=1
|
||||
get_rsasha1_key_ids_from_sigs | grep "^$keyid3$" > /dev/null || ret=1
|
||||
@@ -1637,8 +1637,8 @@ echo_i "checking dnssec-signzone retains unexpired signatures ($n)"
|
||||
ret=0
|
||||
(
|
||||
cd signer || exit 1
|
||||
$SIGNER -Sxt -o example example.db > signer.out.1
|
||||
$SIGNER -Sxt -o example -f example.db.signed example.db.signed > signer.out.2
|
||||
$SIGNER -Sxt -o example example.db > signer.out.1 2>&1
|
||||
$SIGNER -Sxt -o example -f example.db.signed example.db.signed > signer.out.2 2>&1
|
||||
) || ret=1
|
||||
gen1=$(awk '/generated/ {print $3}' signer/signer.out.1)
|
||||
retain1=$(awk '/retained/ {print $3}' signer/signer.out.1)
|
||||
@@ -1665,7 +1665,7 @@ ns.sub2.example. IN A 10.53.0.2
|
||||
EOF
|
||||
echo "\$INCLUDE \"example2.db.signed\"" >> example2.db
|
||||
touch example2.db.signed
|
||||
$SIGNER -DS -O full -f example2.db.signed -o example example2.db > /dev/null
|
||||
$SIGNER -DS -O full -f example2.db.signed -o example example2.db > /dev/null 2>&1
|
||||
) || ret=1
|
||||
grep "^sub1\\.example\\..*RRSIG[ ]A[ ]" signer/example2.db.signed > /dev/null 2>&1 || ret=1
|
||||
grep "^ns\\.sub2\\.example\\..*RRSIG[ ]A[ ]" signer/example2.db.signed > /dev/null 2>&1 || ret=1
|
||||
@@ -1679,7 +1679,7 @@ sub2.example. IN NS ns.sub2.example.
|
||||
ns.sub2.example. IN A 10.53.0.2
|
||||
EOF
|
||||
echo "\$INCLUDE \"example2.db.signed\"" >> example2.db
|
||||
$SIGNER -DS -O full -f example2.db.signed -o example example2.db > /dev/null
|
||||
$SIGNER -DS -O full -f example2.db.signed -o example example2.db > /dev/null 2>&1
|
||||
) || ret=1
|
||||
grep "^sub1\\.example\\..*RRSIG[ ]A[ ]" signer/example2.db.signed > /dev/null 2>&1 && ret=1
|
||||
grep "^ns\\.sub2\\.example\\..*RRSIG[ ]A[ ]" signer/example2.db.signed > /dev/null 2>&1 && ret=1
|
||||
@@ -1699,7 +1699,7 @@ ns.sub2.example. IN A 10.53.0.2
|
||||
EOF
|
||||
echo "\$INCLUDE \"example2.db.signed\"" >> example2.db
|
||||
touch example2.db.signed
|
||||
$SIGNER -DS -3 feedabee -O full -f example2.db.signed -o example example2.db > /dev/null
|
||||
$SIGNER -DS -3 feedabee -O full -f example2.db.signed -o example example2.db > /dev/null 2>&1
|
||||
) || ret=1
|
||||
grep "^sub1\\.example\\..*RRSIG[ ]A[ ]" signer/example2.db.signed > /dev/null 2>&1 || ret=1
|
||||
grep "^ns\\.sub2\\.example\\..*RRSIG[ ]A[ ]" signer/example2.db.signed > /dev/null 2>&1 || ret=1
|
||||
@@ -1713,7 +1713,7 @@ sub2.example. IN NS ns.sub2.example.
|
||||
ns.sub2.example. IN A 10.53.0.2
|
||||
EOF
|
||||
echo "\$INCLUDE \"example2.db.signed\"" >> example2.db
|
||||
$SIGNER -DS -3 feedabee -O full -f example2.db.signed -o example example2.db > /dev/null
|
||||
$SIGNER -DS -3 feedabee -O full -f example2.db.signed -o example example2.db > /dev/null 2>&1
|
||||
) || ret=1
|
||||
grep "^sub1\\.example\\..*RRSIG[ ]A[ ]" signer/example2.db.signed > /dev/null 2>&1 && ret=1
|
||||
grep "^ns\\.sub2\\.example\\..*RRSIG[ ]A[ ]" signer/example2.db.signed > /dev/null 2>&1 && ret=1
|
||||
@@ -1727,8 +1727,8 @@ ret=0
|
||||
cd signer || exit 1
|
||||
$SIGNER -O full -f - -Sxt -o example example.db > signer.out.3 2> /dev/null
|
||||
$SIGNER -O text -f - -Sxt -o example example.db > signer.out.4 2> /dev/null
|
||||
$SIGNER -O raw -f signer.out.5 -Sxt -o example example.db > /dev/null
|
||||
$SIGNER -O raw=0 -f signer.out.6 -Sxt -o example example.db > /dev/null
|
||||
$SIGNER -O raw -f signer.out.5 -Sxt -o example example.db > /dev/null 2>&1
|
||||
$SIGNER -O raw=0 -f signer.out.6 -Sxt -o example example.db > /dev/null 2>&1
|
||||
$SIGNER -O raw -f - -Sxt -o example example.db > signer.out.7 2> /dev/null
|
||||
) || ret=1
|
||||
awk '/IN *SOA/ {if (NF != 11) exit(1)}' signer/signer.out.3 || ret=1
|
||||
@@ -1744,7 +1744,7 @@ echo_i "checking TTLs are capped by dnssec-signzone -M ($n)"
|
||||
ret=0
|
||||
(
|
||||
cd signer || exit 1
|
||||
$SIGNER -O full -f signer.out.8 -S -M 30 -o example example.db > /dev/null
|
||||
$SIGNER -O full -f signer.out.8 -S -M 30 -o example example.db > /dev/null 2>&1
|
||||
) || ret=1
|
||||
awk '/^;/ { next; } $2 > 30 { exit 1; }' signer/signer.out.8 || ret=1
|
||||
n=$((n+1))
|
||||
@@ -1755,7 +1755,7 @@ echo_i "checking dnssec-signzone -N date ($n)"
|
||||
ret=0
|
||||
(
|
||||
cd signer || exit 1
|
||||
TZ=UTC $SIGNER -O full -f signer.out.9 -S -N date -o example example2.db > /dev/null
|
||||
TZ=UTC $SIGNER -O full -f signer.out.9 -S -N date -o example example2.db > /dev/null 2>&1
|
||||
) || ret=1
|
||||
# shellcheck disable=SC2016
|
||||
now=$(TZ=UTC $PERL -e '@lt=localtime(); printf "%.4d%0.2d%0.2d00\n",$lt[5]+1900,$lt[4]+1,$lt[3];')
|
||||
@@ -2806,7 +2806,7 @@ status=$((status+ret))
|
||||
# includes it anyway to avoid confusion (RT #21731)
|
||||
echo_i "check dnssec-dsfromkey error message when keyfile is not found ($n)"
|
||||
ret=0
|
||||
key=$($KEYGEN -a RSASHA1 -q example.) || ret=1
|
||||
key=$($KEYGEN -a RSASHA1 -q example. 2> /dev/null) || ret=1
|
||||
mv "$key.key" "$key"
|
||||
$DSFROMKEY "$key" > dsfromkey.out.$n 2>&1 && ret=1
|
||||
grep "$key.key: file not found" dsfromkey.out.$n > /dev/null || ret=1
|
||||
@@ -2893,7 +2893,7 @@ cd ns3 || exit 1
|
||||
for file in K*.moved; do
|
||||
mv "$file" "$(basename "$file" .moved)"
|
||||
done
|
||||
$SIGNER -S -N increment -e now+1mi -o expiring.example expiring.example.db > /dev/null
|
||||
$SIGNER -S -N increment -e now+1mi -o expiring.example expiring.example.db > /dev/null 2>&1
|
||||
) || ret=1
|
||||
rndc_reload ns3 10.53.0.3 expiring.example
|
||||
|
||||
@@ -3629,7 +3629,7 @@ cd signer || exit 1
|
||||
$KEYGEN -q -a RSASHA1 -3 -fK remove > /dev/null
|
||||
$KEYGEN -q -a RSASHA1 -33 remove > /dev/null
|
||||
echo > remove.db.signed
|
||||
$SIGNER -S -o remove -D -f remove.db.signed remove.db.in > signer.out.1.$n
|
||||
$SIGNER -S -o remove -D -f remove.db.signed remove.db.in > signer.out.1.$n 2>&1
|
||||
)
|
||||
grep "RRSIG MX" signer/remove.db.signed > /dev/null || {
|
||||
ret=1 ; cp signer/remove.db.signed signer/remove.db.signed.pre$n;
|
||||
@@ -3637,7 +3637,7 @@ grep "RRSIG MX" signer/remove.db.signed > /dev/null || {
|
||||
# re-generate signed zone without MX and AAAA records at apex.
|
||||
(
|
||||
cd signer || exit 1
|
||||
$SIGNER -S -o remove -D -f remove.db.signed remove2.db.in > signer.out.2.$n
|
||||
$SIGNER -S -o remove -D -f remove.db.signed remove2.db.in > signer.out.2.$n 2>&1
|
||||
)
|
||||
grep "RRSIG MX" signer/remove.db.signed > /dev/null && {
|
||||
ret=1 ; cp signer/remove.db.signed signer/remove.db.signed.post$n;
|
||||
@@ -3652,7 +3652,7 @@ ret=0
|
||||
(
|
||||
cd signer || exit 1
|
||||
echo > remove.db.signed
|
||||
$SIGNER -3 - -S -o remove -D -f remove.db.signed remove.db.in > signer.out.1.$n
|
||||
$SIGNER -3 - -S -o remove -D -f remove.db.signed remove.db.in > signer.out.1.$n 2>&1
|
||||
)
|
||||
grep "RRSIG MX" signer/remove.db.signed > /dev/null || {
|
||||
ret=1 ; cp signer/remove.db.signed signer/remove.db.signed.pre$n;
|
||||
@@ -3660,7 +3660,7 @@ grep "RRSIG MX" signer/remove.db.signed > /dev/null || {
|
||||
# re-generate signed zone without MX and AAAA records at apex.
|
||||
(
|
||||
cd signer || exit 1
|
||||
$SIGNER -3 - -S -o remove -D -f remove.db.signed remove2.db.in > signer.out.2.$n
|
||||
$SIGNER -3 - -S -o remove -D -f remove.db.signed remove2.db.in > signer.out.2.$n 2>&1
|
||||
)
|
||||
grep "RRSIG MX" signer/remove.db.signed > /dev/null && {
|
||||
ret=1 ; cp signer/remove.db.signed signer/remove.db.signed.post$n;
|
||||
|
||||
Reference in New Issue
Block a user