54a682ea50
this adds functions in conf.sh.common to create DS-style trust anchor files. those functions are then used to create nearly all of the trust anchors in the system tests. there are a few exceptions: - some tests in dnssec and mkeys rely on detection of unsupported algorithms, which only works with key-style trust anchors, so those are used for those tests in particular. - the mirror test had a problem with the use of a CSK without a SEP bit, which still needs addressing in the future, some of these tests should be changed back to using traditional trust anchors, so that both types will be exercised going forward.
44 lines
1.1 KiB
Bash
44 lines
1.1 KiB
Bash
#!/bin/sh -e
|
|
#
|
|
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
#
|
|
# This Source Code Form is subject to the terms of the Mozilla Public
|
|
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
#
|
|
# See the COPYRIGHT file distributed with this work for additional
|
|
# information regarding copyright ownership.
|
|
|
|
# shellcheck source=conf.sh
|
|
. "$SYSTEMTESTTOP/conf.sh"
|
|
|
|
zone=example
|
|
infile=example.db.in
|
|
zonefile=example.db
|
|
|
|
keyname=$($KEYGEN -q -a RSASHA256 -b 2048 -n zone $zone)
|
|
cat "$infile" "$keyname.key" > "$zonefile"
|
|
|
|
$SIGNER -P -o $zone $zonefile > /dev/null
|
|
|
|
zone=dnamed
|
|
infile=dnamed.db.in
|
|
zonefile=dnamed.db
|
|
|
|
keyname=$($KEYGEN -q -a RSASHA256 -b 2048 -n zone $zone)
|
|
cat "$infile" "$keyname.key" > "$zonefile"
|
|
|
|
$SIGNER -P -o $zone $zonefile > /dev/null
|
|
|
|
zone=.
|
|
infile=root.db.in
|
|
zonefile=root.db
|
|
|
|
keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} -n zone $zone)
|
|
cat "$infile" "$keyname.key" > "$zonefile"
|
|
|
|
$SIGNER -P -g -o $zone $zonefile > /dev/null
|
|
|
|
# Configure the resolving server with a static key.
|
|
keyfile_to_static_ds "$keyname" > trusted.conf
|